Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-3v2r-86vj-q55q/GHSA-3v2r-86vj-q55q.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3v2r-86vj-q55q",
-  "modified": "2022-05-24T17:14:28Z",
+  "modified": "2026-02-13T00:32:50Z",
   "published": "2022-05-24T17:14:28Z",
   "aliases": [
     "CVE-2020-0919"
   ],
   "details": "An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2026/02/GHSA-238q-xh37-pmhj/GHSA-238q-xh37-pmhj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-238q-xh37-pmhj",
-  "modified": "2026-02-11T21:30:40Z",
+  "modified": "2026-02-13T00:32:51Z",
   "published": "2026-02-11T21:30:40Z",
   "aliases": [
     "CVE-2024-26477"
   ],
   "details": "An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-11T20:16:05Z"

advisories/unreviewed/2026/02/GHSA-2fcc-cgw7-6rrw/GHSA-2fcc-cgw7-6rrw.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2fcc-cgw7-6rrw",
+  "modified": "2026-02-13T00:32:51Z",
+  "published": "2026-02-13T00:32:51Z",
+  "aliases": [
+    "CVE-2026-25828"
+  ],
+  "details": "grub-btrfs through 2026-01-31 (on Arch Linux and derivative distributions) allows initramfs OS command injection because it does not sanitize the $root parameter to resolve_device().",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25828"
+    },
+    {
+      "type": "WEB",
+      "url": "https://archlinux.org/packages/extra/any/grub-btrfs"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Antynea/grub-btrfs/tree/master"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cardosource/CVE-2026-25828"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-12T22:16:05Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-2qgw-p96m-xw4g/GHSA-2qgw-p96m-xw4g.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2qgw-p96m-xw4g",
+  "modified": "2026-02-13T00:32:52Z",
+  "published": "2026-02-13T00:32:52Z",
+  "aliases": [
+    "CVE-2019-25335"
+  ],
+  "details": "PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25335"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/47758"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/pro-haz%C4%B1r-profesyonel-web-sitesi-authentication-by"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.websitem.biz/hazir-site/pro-7070-hazir-mobil-tablet-uyumlu-web-sitesi"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-12T23:16:06Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-2qq2-jxgg-2w76/GHSA-2qq2-jxgg-2w76.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2qq2-jxgg-2w76",
+  "modified": "2026-02-13T00:32:52Z",
+  "published": "2026-02-13T00:32:52Z",
+  "aliases": [
+    "CVE-2024-21961"
+  ],
+  "details": "Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21961"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-13T00:16:02Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-3frw-32pg-5m86/GHSA-3frw-32pg-5m86.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3frw-32pg-5m86",
-  "modified": "2026-02-12T00:31:04Z",
+  "modified": "2026-02-13T00:32:51Z",
   "published": "2026-02-12T00:31:03Z",
   "aliases": [
     "CVE-2026-20611"
   ],
   "details": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-11T23:16:04Z"

advisories/unreviewed/2026/02/GHSA-44j4-34hp-pwwr/GHSA-44j4-34hp-pwwr.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-44j4-34hp-pwwr",
-  "modified": "2026-02-11T21:30:40Z",
+  "modified": "2026-02-13T00:32:51Z",
   "published": "2026-02-11T21:30:40Z",
   "aliases": [
     "CVE-2024-26479"
   ],
   "details": "An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-11T20:16:06Z"

advisories/unreviewed/2026/02/GHSA-4mqf-r24p-f3vh/GHSA-4mqf-r24p-f3vh.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4mqf-r24p-f3vh",
+  "modified": "2026-02-13T00:32:52Z",
+  "published": "2026-02-13T00:32:52Z",
+  "aliases": [
+    "CVE-2019-25322"
+  ],
+  "details": "Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25322"
+    },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20190724160628/https://www.heatmiser.com/en"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/47823"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/heatmiser-netmonitor-hardcoded-credentials"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-798"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-12T23:16:03Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-52hp-7f37-p36r/GHSA-52hp-7f37-p36r.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-52hp-7f37-p36r",
+  "modified": "2026-02-13T00:32:52Z",
+  "published": "2026-02-13T00:32:52Z",
+  "aliases": [
+    "CVE-2019-25330"
+  ],
+  "details": "SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25330"
+    },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20190717003929/http://www.bimesoft.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/47795"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.softpedia.com/get/Internet/Offline-Browsers/SurfOffline.shtml"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/surfoffline-professional-project-name-denial-of-se"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-12T23:16:05Z"
+  }
+}