Skip to content

Commit 13543b5

Browse files
Advisory Database Sync
1 parent fd41651 commit 13543b5

62 files changed

Lines changed: 1428 additions & 63 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

advisories/unreviewed/2022/05/GHSA-2wjw-pc5m-j29q/GHSA-2wjw-pc5m-j29q.json

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2wjw-pc5m-j29q",
4-
"modified": "2022-05-24T19:02:58Z",
4+
"modified": "2026-06-08T15:32:40Z",
55
"published": "2022-05-24T19:02:58Z",
66
"aliases": [
77
"CVE-2021-32032"
88
],
99
"details": "In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{

advisories/unreviewed/2026/03/GHSA-2p4q-qchf-h9q6/GHSA-2p4q-qchf-h9q6.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2p4q-qchf-h9q6",
4-
"modified": "2026-03-13T21:31:51Z",
4+
"modified": "2026-06-08T15:32:40Z",
55
"published": "2026-03-13T21:31:51Z",
66
"aliases": [
77
"CVE-2026-3999"
88
],
99
"details": "A broken access control may allow an authenticated user to perform a \nhorizontal privilege escalation. The vulnerability only impacts specific\n configurations.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/05/GHSA-2vr8-wh6w-3q8m/GHSA-2vr8-wh6w-3q8m.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2vr8-wh6w-3q8m",
4-
"modified": "2026-05-29T09:31:05Z",
4+
"modified": "2026-06-08T15:32:41Z",
55
"published": "2026-05-29T09:31:05Z",
66
"aliases": [
77
"CVE-2026-49195"
88
],
99
"details": "Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/05/GHSA-59rx-q76w-hqrw/GHSA-59rx-q76w-hqrw.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-59rx-q76w-hqrw",
4-
"modified": "2026-06-04T00:30:24Z",
4+
"modified": "2026-06-08T15:32:40Z",
55
"published": "2026-05-27T12:31:22Z",
66
"aliases": [
77
"CVE-2026-3012"

advisories/unreviewed/2026/05/GHSA-5xrr-7q3m-rh98/GHSA-5xrr-7q3m-rh98.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-5xrr-7q3m-rh98",
4-
"modified": "2026-05-29T12:31:25Z",
4+
"modified": "2026-06-08T15:32:41Z",
55
"published": "2026-05-29T12:31:25Z",
66
"aliases": [
77
"CVE-2026-49201"
88
],
99
"details": "The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/05/GHSA-68jv-x4hh-mmjq/GHSA-68jv-x4hh-mmjq.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-68jv-x4hh-mmjq",
4-
"modified": "2026-05-29T09:31:05Z",
4+
"modified": "2026-06-08T15:32:41Z",
55
"published": "2026-05-29T09:31:05Z",
66
"aliases": [
77
"CVE-2026-49196"
88
],
99
"details": "The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/05/GHSA-6pmc-5frg-fmg6/GHSA-6pmc-5frg-fmg6.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6pmc-5frg-fmg6",
4-
"modified": "2026-05-29T09:31:06Z",
4+
"modified": "2026-06-08T15:32:41Z",
55
"published": "2026-05-29T09:31:06Z",
66
"aliases": [
77
"CVE-2026-49197"
88
],
99
"details": "Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/05/GHSA-jwxj-jjcm-8p4w/GHSA-jwxj-jjcm-8p4w.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-jwxj-jjcm-8p4w",
4-
"modified": "2026-05-29T09:31:06Z",
4+
"modified": "2026-06-08T15:32:41Z",
55
"published": "2026-05-29T09:31:06Z",
66
"aliases": [
77
"CVE-2026-49198"
88
],
99
"details": "Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/06/GHSA-243v-5f97-vfq3/GHSA-243v-5f97-vfq3.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-243v-5f97-vfq3",
4-
"modified": "2026-06-04T15:30:40Z",
4+
"modified": "2026-06-08T15:32:42Z",
55
"published": "2026-06-04T15:30:40Z",
66
"aliases": [
77
"CVE-2026-10855"
88
],
99
"details": "An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the existing template. As a result, an authenticated user with access to the template import functionality could forcibly overwrite an event template owned by another organization.\n\n\n\nSuccessful exploitation could allow unauthorized modification of another organization’s event template, potentially altering template structure, attributes, or metadata used for subsequent event creation or sharing workflows. Site administrators are not affected by this restriction, as they are explicitly allowed to overwrite templates across organizations.\n\n\n\nThe issue was fixed by enforcing an ownership check before overwrite: non-site-admin users may only overwrite templates owned by their own organization.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2493-92j5-5vh6",
4+
"modified": "2026-06-08T15:32:58Z",
5+
"published": "2026-06-08T15:32:58Z",
6+
"aliases": [
7+
"CVE-2026-11514"
8+
],
9+
"details": "A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11514"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/ltranquility/vuln_submit/issues/15"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://itsourcecode.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/cve/CVE-2026-11514"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/submit/836163"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/369134"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/vuln/369134/cti"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-74"
54+
],
55+
"severity": "LOW",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-06-08T13:16:32Z"
59+
}
60+
}

0 commit comments

Comments
 (0)