Skip to content

Commit 4b3f331

Browse files
1 parent 3e994c0 commit 4b3f331

4 files changed

Lines changed: 220 additions & 0 deletions

File tree

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5fc4-7q74-93x4",
4+
"modified": "2026-05-31T00:31:24Z",
5+
"published": "2026-05-31T00:31:24Z",
6+
"aliases": [
7+
"CVE-2026-10156"
8+
],
9+
"details": "A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nf_info_pool can lead to resource consumption. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The issue report is flagged as already-fixed.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10156"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/open5gs/open5gs/issues/4480"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/open5gs/open5gs"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/818598"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/367409"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367409/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-400"
50+
],
51+
"severity": "LOW",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-31T00:16:33Z"
55+
}
56+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5pc3-3f4w-j85m",
4+
"modified": "2026-05-31T00:31:24Z",
5+
"published": "2026-05-31T00:31:24Z",
6+
"aliases": [
7+
"CVE-2026-10154"
8+
],
9+
"details": "A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is sufficient to fix this issue. The name of the patch is 119b3606c7a701747a57a1f18b1a9e7666f678e2. It is suggested to upgrade the affected component.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10154"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/dolibarr/dolibarr/commit/119b3606c7a701747a57a1f18b1a9e7666f678e2"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/Dolibarr/dolibarr/releases/tag/23.0.3"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/818838"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/367407"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367407/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-285"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-31T00:16:33Z"
55+
}
56+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-rmw9-rp4m-38c7",
4+
"modified": "2026-05-31T00:31:24Z",
5+
"published": "2026-05-31T00:31:24Z",
6+
"aliases": [
7+
"CVE-2026-10153"
8+
],
9+
"details": "A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10153"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://gitee.com/westboy/CicadasCMS"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://gitee.com/westboy/CicadasCMS/issues/IJKWOH"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/818792"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/367406"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367406/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-79"
50+
],
51+
"severity": "LOW",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-30T22:16:14Z"
55+
}
56+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-xg25-5g7j-67pp",
4+
"modified": "2026-05-31T00:31:24Z",
5+
"published": "2026-05-31T00:31:24Z",
6+
"aliases": [
7+
"CVE-2026-10155"
8+
],
9+
"details": "A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts_report_search of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDate results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10155"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/kevin57545/CVE/blob/main/README.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/818863"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/367408"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/367408/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-74"
46+
],
47+
"severity": "LOW",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-05-31T00:16:33Z"
51+
}
52+
}

0 commit comments

Comments
 (0)