Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/07/GHSA-cgmh-xxmq-hp46/GHSA-cgmh-xxmq-hp46.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cgmh-xxmq-hp46",
-  "modified": "2025-07-03T21:31:24Z",
+  "modified": "2026-03-12T18:30:29Z",
   "published": "2025-07-03T21:31:24Z",
   "aliases": [
     "CVE-2025-45809"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/shadia0/Patienc/blob/main/litellm/SQL_injection.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/3e6e4d40-b06a-4f54-a3ed-cc93584b12f3"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-pm8w-jq9r-x5rp/GHSA-pm8w-jq9r-x5rp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pm8w-jq9r-x5rp",
-  "modified": "2026-03-11T09:31:53Z",
+  "modified": "2026-03-12T18:30:29Z",
   "published": "2026-02-09T15:30:31Z",
   "aliases": [
     "CVE-2025-14831"
@@ -34,6 +34,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.com/gnutls/gnutls/-/issues/1773"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-28wh-pr48-2cq7/GHSA-28wh-pr48-2cq7.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-28wh-pr48-2cq7",
+  "modified": "2026-03-12T18:30:30Z",
+  "published": "2026-03-12T18:30:30Z",
+  "aliases": [
+    "CVE-2019-25481"
+  ],
+  "details": "iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitive database information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25481"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46640"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/iscripts-reservelogic-lastest-sql-injection-via-search-endpoint"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T16:16:02Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2vg9-h2gj-ch2h/GHSA-2vg9-h2gj-ch2h.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vg9-h2gj-ch2h",
+  "modified": "2026-03-12T18:30:30Z",
+  "published": "2026-03-12T18:30:30Z",
+  "aliases": [
+    "CVE-2019-25514"
+  ],
+  "details": "Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25514"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46599"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/jettweb-php-hazir-haber-sitesi-scripti-v3-sql-injection-3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T16:16:03Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-385g-f3h5-22xh/GHSA-385g-f3h5-22xh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-385g-f3h5-22xh",
-  "modified": "2026-03-12T00:31:17Z",
+  "modified": "2026-03-12T18:30:30Z",
   "published": "2026-03-12T00:31:17Z",
   "aliases": [
     "CVE-2026-3936"
   ],
   "details": "Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-416"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-11T22:16:36Z"

advisories/unreviewed/2026/03/GHSA-3m48-x3q6-rhjc/GHSA-3m48-x3q6-rhjc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3m48-x3q6-rhjc",
-  "modified": "2026-03-03T15:31:40Z",
+  "modified": "2026-03-12T18:30:29Z",
   "published": "2026-03-03T15:31:40Z",
   "aliases": [
     "CVE-2025-57622"
   ],
   "details": "An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-502"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-03T15:16:15Z"

advisories/unreviewed/2026/03/GHSA-3qxv-6xq9-fg2r/GHSA-3qxv-6xq9-fg2r.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3qxv-6xq9-fg2r",
+  "modified": "2026-03-12T18:30:31Z",
+  "published": "2026-03-12T18:30:31Z",
+  "aliases": [
+    "CVE-2019-25541"
+  ],
+  "details": "Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25541"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46562"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/netartmedia-php-mall-multiple-sql-injection-2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T16:16:09Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3r3w-q9qr-72v3/GHSA-3r3w-q9qr-72v3.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3r3w-q9qr-72v3",
+  "modified": "2026-03-12T18:30:30Z",
+  "published": "2026-03-12T18:30:30Z",
+  "aliases": [
+    "CVE-2019-25488"
+  ],
+  "details": "Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25488"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46614"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/jettweb-hazir-rent-a-car-scripti-v4-sql-injection-via-admin"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T16:16:02Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-445w-9cr4-95h8/GHSA-445w-9cr4-95h8.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-445w-9cr4-95h8",
+  "modified": "2026-03-12T18:30:30Z",
+  "published": "2026-03-12T18:30:30Z",
+  "aliases": [
+    "CVE-2019-25473"
+  ],
+  "details": "Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly_expense_overview endpoint with crafted month values using boolean-based blind, time-based blind, or error-based SQL injection techniques to extract sensitive database information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25473"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46642"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/clinic-pro-sql-injection-via-monthly-expense-overview-month-parameter"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T16:16:01Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-47gw-jfvv-frp8/GHSA-47gw-jfvv-frp8.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-47gw-jfvv-frp8",
+  "modified": "2026-03-12T18:30:30Z",
+  "published": "2026-03-12T18:30:30Z",
+  "aliases": [
+    "CVE-2019-25529"
+  ],
+  "details": "Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25529"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sourceforge.net/projects/placeto"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sourceforge.net/projects/placeto/files/alpha-rv.4/placeto.zip"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46588"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/placeto-cms-alpha-rv-4-sql-injection-via-page-parameter"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T16:16:06Z"
+  }
+}