Publish Advisories

GHSA-6jrq-hjxp-2x5r
GHSA-7f6p-98mw-r63r
GHSA-97q5-qf47-hvrw
GHSA-mqx2-c63m-7p93
GHSA-pccm-93c8-h8qm
GHSA-v758-4p42-wqcm
GHSA-whhc-f8fh-m5cr
GHSA-xh63-cv27-942f

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-6jrq-hjxp-2x5r/GHSA-6jrq-hjxp-2x5r.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6jrq-hjxp-2x5r",
-  "modified": "2026-04-02T21:32:52Z",
+  "modified": "2026-04-21T12:30:24Z",
   "published": "2026-03-31T15:31:56Z",
   "aliases": [
     "CVE-2026-3308"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://github.com/ArtifexSoftware/mupdf"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00020.html"
+    },
     {
       "type": "WEB",
       "url": "https://www.kb.cert.org/vuls/id/951662"

advisories/unreviewed/2026/04/GHSA-7f6p-98mw-r63r/GHSA-7f6p-98mw-r63r.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7f6p-98mw-r63r",
+  "modified": "2026-04-21T12:30:24Z",
+  "published": "2026-04-21T12:30:24Z",
+  "aliases": [
+    "CVE-2026-41036"
+  ],
+  "details": "This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41036"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-21T10:16:30Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-97q5-qf47-hvrw/GHSA-97q5-qf47-hvrw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-97q5-qf47-hvrw",
-  "modified": "2026-04-16T18:31:22Z",
+  "modified": "2026-04-21T12:30:24Z",
   "published": "2026-04-16T18:31:22Z",
   "aliases": [
     "CVE-2026-41082"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/ocaml/opam/releases/tag/2.5.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00021.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/04/GHSA-mqx2-c63m-7p93/GHSA-mqx2-c63m-7p93.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mqx2-c63m-7p93",
+  "modified": "2026-04-21T12:30:24Z",
+  "published": "2026-04-21T12:30:24Z",
+  "aliases": [
+    "CVE-2026-41038"
+  ],
+  "details": "This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading to unauthorized access to the targeted device.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41038"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-521"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-21T11:16:20Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-pccm-93c8-h8qm/GHSA-pccm-93c8-h8qm.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pccm-93c8-h8qm",
+  "modified": "2026-04-21T12:30:24Z",
+  "published": "2026-04-21T12:30:24Z",
+  "aliases": [
+    "CVE-2026-39467"
+  ],
+  "details": "Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39467"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/wordpress/plugin/ml-slider/vulnerability/wordpress-responsive-slider-by-metaslider-plugin-3-106-0-php-object-injection-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-502"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-21T10:16:29Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-v758-4p42-wqcm/GHSA-v758-4p42-wqcm.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-v758-4p42-wqcm",
+  "modified": "2026-04-21T12:30:24Z",
+  "published": "2026-04-21T12:30:24Z",
+  "aliases": [
+    "CVE-2026-41039"
+  ],
+  "details": "This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to access sensitive information, including internal endpoints, scripts and directories on the targeted device.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41039"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-21T11:16:20Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-whhc-f8fh-m5cr/GHSA-whhc-f8fh-m5cr.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-whhc-f8fh-m5cr",
+  "modified": "2026-04-21T12:30:24Z",
+  "published": "2026-04-21T12:30:24Z",
+  "aliases": [
+    "CVE-2026-41037"
+  ],
+  "details": "This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41037"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-307"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-21T10:16:30Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-xh63-cv27-942f/GHSA-xh63-cv27-942f.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xh63-cv27-942f",
+  "modified": "2026-04-21T12:30:24Z",
+  "published": "2026-04-21T12:30:24Z",
+  "aliases": [
+    "CVE-2026-3317"
+  ],
+  "details": "Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker to execute JavaScript code in the victim's browser.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3317"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-navigate-cms-application"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-21T10:16:30Z"
+  }
+}