Skip to content

Commit 9163ad9

Browse files
Advisory Database Sync
1 parent 0990336 commit 9163ad9

56 files changed

Lines changed: 2297 additions & 1 deletion

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2827-2mxx-j8pv",
4+
"modified": "2026-06-09T06:31:57Z",
5+
"published": "2026-06-09T06:31:57Z",
6+
"aliases": [
7+
"CVE-2026-41710"
8+
],
9+
"details": "An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to fail.\n\nAffected versions:\nSpring Retry 2.0.0 through 2.0.12; 1.3.0 through 1.3.4.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41710"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://spring.io/security/cve-2026-41710"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-770"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-09T05:16:35Z"
35+
}
36+
}
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2pp9-mf4r-4wpf",
4+
"modified": "2026-06-09T06:31:58Z",
5+
"published": "2026-06-09T06:31:58Z",
6+
"aliases": [
7+
"CVE-2026-41980"
8+
],
9+
"details": "Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41980"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://consumer.huawei.com/en/support/bulletin/2026/6"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/6"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/6"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-200"
38+
],
39+
"severity": "MODERATE",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-06-09T05:16:38Z"
43+
}
44+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3chg-m5w7-qfv5",
4+
"modified": "2026-06-09T06:31:57Z",
5+
"published": "2026-06-09T06:31:57Z",
6+
"aliases": [
7+
"CVE-2026-41845"
8+
],
9+
"details": "Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41845"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://spring.io/security/cve-2026-41845"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-09T05:16:36Z"
35+
}
36+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3vwc-x4cp-8232",
4+
"modified": "2026-06-09T06:31:59Z",
5+
"published": "2026-06-09T06:31:59Z",
6+
"aliases": [
7+
"CVE-2026-8977"
8+
],
9+
"details": "The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls() function, combined with insufficient input sanitization on the gdprConfig values and missing output escaping in the generateCSS() function which echoes stored configuration values directly into a <style> block rendered on wp_head. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8977"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/wp-gdpr-cookie-consent/trunk/Classes/GdprHandler.php#L169"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/wp-gdpr-cookie-consent/trunk/Classes/GdprHandler.php#L7"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/wp-gdpr-cookie-consent/trunk/Classes/GdprHandler.php#L86"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/wp-gdpr-cookie-consent/trunk/wp-gdpr-cookie-consent.php#L35"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95c7f999-3676-4b91-9ee0-f55a27bcd93c?source=cve"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-79"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-06-09T05:16:41Z"
51+
}
52+
}
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3wxc-x4qv-3xxg",
4+
"modified": "2026-06-09T06:31:59Z",
5+
"published": "2026-06-09T06:31:59Z",
6+
"aliases": [
7+
"CVE-2026-8910"
8+
],
9+
"details": "The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8910"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/wp-emoticon-rating/trunk/admin/wp-emo-admin.php#L101"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/wp-emoticon-rating/trunk/admin/wp-emo-admin.php#L107"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/wp-emoticon-rating/trunk/admin/wp-emo-admin.php#L130"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/wp-emoticon-rating/trunk/admin/wp-emo-admin.php#L136"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://plugins.trac.wordpress.org/browser/wp-emoticon-rating/trunk/admin/wp-emo-admin.php#L18"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://plugins.trac.wordpress.org/browser/wp-emoticon-rating/trunk/admin/wp-emo-admin.php#L76"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2a0b560-3f5a-4d09-9cc1-e22b2a19dfe6?source=cve"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-352"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-06-09T05:16:40Z"
59+
}
60+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3xrw-mxp7-2r3j",
4+
"modified": "2026-06-09T06:31:59Z",
5+
"published": "2026-06-09T06:31:59Z",
6+
"aliases": [
7+
"CVE-2026-8883"
8+
],
9+
"details": "The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the GBMI_Calc_Widget::widget() function. Shortcode attributes are extracted directly into local variables via @extract($args) and then echoed unescaped into an HTML style attribute (height/width) and HTML body context (title), allowing attribute-breakout payloads. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8883"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/global-body-mass-index-calculator/tags/1.2/gbmicalc.php#L134"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/global-body-mass-index-calculator/tags/1.2/gbmicalc.php#L335"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/global-body-mass-index-calculator/tags/1.2/gbmicalc.php#L345"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/global-body-mass-index-calculator/tags/1.2/gbmicalc.php#L476"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06804bed-17c5-413c-a31b-f6f039015e26?source=cve"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-79"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-06-09T05:16:39Z"
51+
}
52+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-439x-6767-44cv",
4+
"modified": "2026-06-09T06:31:57Z",
5+
"published": "2026-06-09T06:31:57Z",
6+
"aliases": [
7+
"CVE-2026-41007"
8+
],
9+
"details": "Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings.\n\nAffected versions:\nSpring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41007"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://spring.io/security/cve-2026-41007"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-770"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-09T05:16:35Z"
35+
}
36+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-46cx-5vwq-g5q3",
4+
"modified": "2026-06-09T06:31:56Z",
5+
"published": "2026-06-09T06:31:56Z",
6+
"aliases": [
7+
"CVE-2026-10738"
8+
],
9+
"details": "The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The attribute-breakout payload (e.g., a double-quote followed by an event handler) contains no angle brackets and therefore bypasses WordPress core's wp_kses_post() filtering, which only strips disallowed HTML tags rather than sanitizing attribute contexts.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10738"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/jquery-hover-footnotes/trunk/jqFootnotes.php#L213"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/jquery-hover-footnotes/trunk/jqFootnotes.php#L222"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/jquery-hover-footnotes/trunk/jqFootnotes.php#L235"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/jquery-hover-footnotes/trunk/jqFootnotes.php#L246"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b02bdf2a-1d99-4cc3-8f75-822ff0792e44?source=cve"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-79"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-06-09T05:16:29Z"
51+
}
52+
}

0 commit comments

Comments
 (0)