Skip to content

File tree

advisories/unreviewed/2026/04/GHSA-2274-3hgr-wxv6/GHSA-2274-3hgr-wxv6.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2274-3hgr-wxv6",
4-
"modified": "2026-05-07T09:31:26Z",
4+
"modified": "2026-05-08T03:30:23Z",
55
"published": "2026-04-22T09:31:32Z",
66
"aliases": [
77
"CVE-2026-31431"
@@ -335,6 +335,10 @@
335335
"type": "WEB",
336336
"url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
337337
},
338+
{
339+
"type": "WEB",
340+
"url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
341+
},
338342
{
339343
"type": "WEB",
340344
"url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7rvc-3rgf-7589",
4+
"modified": "2026-05-08T03:30:24Z",
5+
"published": "2026-05-08T03:30:24Z",
6+
"aliases": [
7+
"CVE-2026-8127"
8+
],
9+
"details": "A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8127"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/elunez/eladmin/issues/897"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/808771"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/361917"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/361917/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-266"
46+
],
47+
"severity": "LOW",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-05-08T03:16:25Z"
51+
}
52+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-93h2-p56q-h6jc",
4+
"modified": "2026-05-08T03:30:24Z",
5+
"published": "2026-05-08T03:30:24Z",
6+
"aliases": [
7+
"CVE-2026-8128"
8+
],
9+
"details": "A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8128"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/redshadowword-cell/CVE/issues/9"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/808772"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/361918"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/361918/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.sourcecodester.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-08T03:16:25Z"
55+
}
56+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-fxh4-4qxc-cq82",
4+
"modified": "2026-05-08T03:30:23Z",
5+
"published": "2026-05-08T03:30:23Z",
6+
"aliases": [
7+
"CVE-2026-8123"
8+
],
9+
"details": "A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8123"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/open5gs/open5gs/issues/4436"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/open5gs/open5gs"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/808426"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/361910"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/361910/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-404"
50+
],
51+
"severity": "LOW",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-08T02:16:07Z"
55+
}
56+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-ghx3-pgmg-h9fc",
4+
"modified": "2026-05-08T03:30:23Z",
5+
"published": "2026-05-08T03:30:23Z",
6+
"aliases": [
7+
"CVE-2026-8122"
8+
],
9+
"details": "A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation results in denial of service. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8122"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/open5gs/open5gs/issues/4435"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/open5gs/open5gs"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/808425"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/361909"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/361909/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-404"
50+
],
51+
"severity": "LOW",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-08T01:16:10Z"
55+
}
56+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-m3gg-rqf2-7qcj",
4+
"modified": "2026-05-08T03:30:24Z",
5+
"published": "2026-05-08T03:30:24Z",
6+
"aliases": [
7+
"CVE-2026-3508"
8+
],
9+
"details": "An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the '\nSecurity Update for MyASUS ' section on the ASUS Security Advisory for more information.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3508"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.asus.com/security-advisory"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-125"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-05-08T03:16:24Z"
35+
}
36+
}
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-m782-cq9r-w5vf",
4+
"modified": "2026-05-08T03:30:23Z",
5+
"published": "2026-05-08T03:30:23Z",
6+
"aliases": [
7+
"CVE-2026-8121"
8+
],
9+
"details": "A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8121"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/open5gs/open5gs/issues/4433"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/open5gs/open5gs"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/808422"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/submit/808424"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/361908"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/vuln/361908/cti"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-404"
54+
],
55+
"severity": "LOW",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-05-08T01:16:09Z"
59+
}
60+
}

0 commit comments

Comments
 (0)