Skip to content

Commit ff380a1

Browse files
advisory-database[bot]advisory-database[bot]
committed
Advisory Database Sync
1 parent ff210b0 commit ff380a1

File tree

42 files changed

+1195
-47
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

42 files changed

+1195
-47
lines changed

advisories/unreviewed/2025/10/GHSA-j3cp-7wh4-9f6c/GHSA-j3cp-7wh4-9f6c.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-j3cp-7wh4-9f6c",
4-
"modified": "2026-03-27T21:31:32Z",
4+
"modified": "2026-03-31T18:31:25Z",
55
"published": "2025-10-15T15:30:28Z",
66
"aliases": [
77
"CVE-2025-53521"
@@ -34,6 +34,7 @@
3434
],
3535
"database_specific": {
3636
"cwe_ids": [
37+
"CWE-121",
3738
"CWE-770"
3839
],
3940
"severity": "HIGH",

advisories/unreviewed/2026/02/GHSA-q4hc-vp2m-fr47/GHSA-q4hc-vp2m-fr47.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-q4hc-vp2m-fr47",
4-
"modified": "2026-03-31T06:31:43Z",
4+
"modified": "2026-03-31T18:31:25Z",
55
"published": "2026-02-23T18:32:02Z",
66
"aliases": [
77
"CVE-2025-14905"
@@ -27,6 +27,10 @@
2727
"type": "WEB",
2828
"url": "https://access.redhat.com/security/cve/CVE-2025-14905"
2929
},
30+
{
31+
"type": "WEB",
32+
"url": "https://access.redhat.com/errata/RHSA-2026:6268"
33+
},
3034
{
3135
"type": "WEB",
3236
"url": "https://access.redhat.com/errata/RHSA-2026:6220"

advisories/unreviewed/2026/03/GHSA-22w6-c8h9-6mx7/GHSA-22w6-c8h9-6mx7.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-22w6-c8h9-6mx7",
4+
"modified": "2026-03-31T18:31:31Z",
5+
"published": "2026-03-31T18:31:31Z",
6+
"aliases": [
7+
"CVE-2026-24153"
8+
],
9+
"details": "NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24153"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5797"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24153"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-501"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-03-31T17:16:30Z"
39+
}
40+
}

advisories/unreviewed/2026/03/GHSA-252j-9pr7-f8p5/GHSA-252j-9pr7-f8p5.json

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-252j-9pr7-f8p5",
4+
"modified": "2026-03-31T18:31:32Z",
5+
"published": "2026-03-31T18:31:31Z",
6+
"aliases": [
7+
"CVE-2026-30277"
8+
],
9+
"details": "An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30277"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/24"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://secsys.fudan.edu.cn"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://www.triumph-adler.com/ta-de-de/software/mobile-und-cloud/mobile-print"
28+
},
29+
{
30+
"type": "WEB",
31+
"url": "http://pdf.com"
32+
}
33+
],
34+
"database_specific": {
35+
"cwe_ids": [],
36+
"severity": null,
37+
"github_reviewed": false,
38+
"github_reviewed_at": null,
39+
"nvd_published_at": "2026-03-31T18:16:46Z"
40+
}
41+
}

advisories/unreviewed/2026/03/GHSA-3c2p-6j48-gmm4/GHSA-3c2p-6j48-gmm4.json

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3c2p-6j48-gmm4",
4+
"modified": "2026-03-31T18:31:31Z",
5+
"published": "2026-03-31T18:31:31Z",
6+
"aliases": [
7+
"CVE-2026-22561"
8+
],
9+
"details": "Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling arbitrary code execution if a malicious DLL is planted alongside the installer.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22561"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://trust.anthropic.com/resources?s=1cvig6ldp3zvuj1yffzr11&name=cve-2026-22561-dll-search-order-hijacking-in-claude-for-windows-installer"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [],
29+
"severity": "MODERATE",
30+
"github_reviewed": false,
31+
"github_reviewed_at": null,
32+
"nvd_published_at": "2026-03-31T16:16:28Z"
33+
}
34+
}

advisories/unreviewed/2026/03/GHSA-4368-7mjc-5763/GHSA-4368-7mjc-5763.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,9 @@
2525
}
2626
],
2727
"database_specific": {
28-
"cwe_ids": [],
28+
"cwe_ids": [
29+
"CWE-400"
30+
],
2931
"severity": "MODERATE",
3032
"github_reviewed": false,
3133
"github_reviewed_at": null,

advisories/unreviewed/2026/03/GHSA-4cq8-w5ch-hhg7/GHSA-4cq8-w5ch-hhg7.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-4cq8-w5ch-hhg7",
4-
"modified": "2026-03-30T18:31:17Z",
4+
"modified": "2026-03-31T18:31:29Z",
55
"published": "2026-03-30T18:31:17Z",
66
"aliases": [
77
"CVE-2026-30556"
88
],
99
"details": "A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the \"msg\" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -20,8 +25,10 @@
2025
}
2126
],
2227
"database_specific": {
23-
"cwe_ids": [],
24-
"severity": null,
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "MODERATE",
2532
"github_reviewed": false,
2633
"github_reviewed_at": null,
2734
"nvd_published_at": "2026-03-30T16:16:05Z"

advisories/unreviewed/2026/03/GHSA-53cw-7xjx-6838/GHSA-53cw-7xjx-6838.json

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-53cw-7xjx-6838",
4+
"modified": "2026-03-31T18:31:31Z",
5+
"published": "2026-03-31T18:31:31Z",
6+
"aliases": [
7+
"CVE-2026-30281"
8+
],
9+
"details": "An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30281"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/21"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://maru.xyz"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://play.google.com/store/apps/details?id=neo.maru"
28+
},
29+
{
30+
"type": "WEB",
31+
"url": "https://secsys.fudan.edu.cn"
32+
}
33+
],
34+
"database_specific": {
35+
"cwe_ids": [],
36+
"severity": null,
37+
"github_reviewed": false,
38+
"github_reviewed_at": null,
39+
"nvd_published_at": "2026-03-31T16:16:29Z"
40+
}
41+
}

advisories/unreviewed/2026/03/GHSA-5mwg-54j5-6ch5/GHSA-5mwg-54j5-6ch5.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5mwg-54j5-6ch5",
4+
"modified": "2026-03-31T18:31:32Z",
5+
"published": "2026-03-31T18:31:31Z",
6+
"aliases": [
7+
"CVE-2026-2123"
8+
],
9+
"details": "A security audit identified a privilege escalation\nvulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of\nOneconsult AG for reporting this vulnerability",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2123"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://portal.microfocus.com/s/article/KM000046068"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-280"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-03-31T18:16:46Z"
35+
}
36+
}

advisories/unreviewed/2026/03/GHSA-5qj8-jcmc-3p6q/GHSA-5qj8-jcmc-3p6q.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5qj8-jcmc-3p6q",
4+
"modified": "2026-03-31T18:31:31Z",
5+
"published": "2026-03-31T18:31:31Z",
6+
"aliases": [
7+
"CVE-2026-5204"
8+
],
9+
"details": "A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5204"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_49/README.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/780209"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/354332"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/354332/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-31T16:16:35Z"
55+
}
56+
}

0 commit comments

Comments
 (0)