Skip to content

Commit 9ab3c4c

Browse files
Advisory Database Sync
1 parent c92ea51 commit 9ab3c4c

76 files changed

Lines changed: 2924 additions & 16 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

advisories/unreviewed/2026/06/GHSA-2455-m68h-qwxv/GHSA-2455-m68h-qwxv.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2455-m68h-qwxv",
4-
"modified": "2026-06-19T15:33:16Z",
4+
"modified": "2026-06-19T18:32:31Z",
55
"published": "2026-06-19T15:33:16Z",
66
"aliases": [
77
"CVE-2026-47339"
@@ -22,6 +22,10 @@
2222
{
2323
"type": "WEB",
2424
"url": "https://lists.apache.org/thread/lk4q5o855cocc7zq5wh1zlctfmcq6f76"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "http://www.openwall.com/lists/oss-security/2026/06/19/9"
2529
}
2630
],
2731
"database_specific": {

advisories/unreviewed/2026/06/GHSA-2pmh-ppc3-5j39/GHSA-2pmh-ppc3-5j39.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2pmh-ppc3-5j39",
4-
"modified": "2026-06-19T15:33:16Z",
4+
"modified": "2026-06-19T18:32:31Z",
55
"published": "2026-06-19T15:33:16Z",
66
"aliases": [
77
"CVE-2026-44915"
@@ -22,6 +22,10 @@
2222
{
2323
"type": "WEB",
2424
"url": "https://lists.apache.org/thread/2syk2kkzjnpzrdh98plbzj8os7wn521c"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "http://www.openwall.com/lists/oss-security/2026/06/19/8"
2529
}
2630
],
2731
"database_specific": {
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2rwc-gxjj-fh85",
4+
"modified": "2026-06-19T18:32:32Z",
5+
"published": "2026-06-19T18:32:32Z",
6+
"aliases": [
7+
"CVE-2017-20267"
8+
],
9+
"details": "Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id parameter to extract sensitive database information.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20267"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://extensions.joomla.org/extensions/extension/calendars-a-events/events/calendar-planner"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.exploit-db.com/exploits/42501"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.vulncheck.com/advisories/joomla-component-calendar-planner-sql-injection"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "http://joomlathat.com"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-89"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-06-19T16:16:16Z"
51+
}
52+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2vm9-r326-x68c",
4+
"modified": "2026-06-19T18:32:35Z",
5+
"published": "2026-06-19T18:32:35Z",
6+
"aliases": [
7+
"CVE-2019-25761"
8+
],
9+
"details": "Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter. Attackers can send GET requests to index.php with option=com_joomcrm&view=contacts and inject SQL code in the deal_id parameter to extract sensitive database information including table names and schemas.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25761"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://extensions.joomla.org/extensions/extension/marketing/crm/joomcrm"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.exploit-db.com/exploits/46122"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.vulncheck.com/advisories/joomla-component-joomcrm-sql-injection-via-deal-id"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "http://joomboost.com"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-89"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-06-19T18:16:19Z"
51+
}
52+
}
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2xg7-x64v-q25q",
4+
"modified": "2026-06-19T18:32:31Z",
5+
"published": "2026-06-19T18:32:31Z",
6+
"aliases": [
7+
"CVE-2017-20252"
8+
],
9+
"details": "Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=com_nge&view=config and inject malicious SQL code in the plname parameter to extract sensitive database information.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20252"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://extensions.joomla.org/extension/nextgen-editor"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.exploit-db.com/exploits/43365"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.vulncheck.com/advisories/joomla-nextgen-editor-sql-injection-via-plname-parameter"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-89"
42+
],
43+
"severity": "HIGH",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2026-06-19T16:16:13Z"
47+
}
48+
}

advisories/unreviewed/2026/06/GHSA-3cm7-pvjf-2x7q/GHSA-3cm7-pvjf-2x7q.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3cm7-pvjf-2x7q",
4-
"modified": "2026-06-19T15:33:17Z",
4+
"modified": "2026-06-19T18:32:31Z",
55
"published": "2026-06-19T15:33:17Z",
66
"aliases": [
77
"CVE-2026-49231"
@@ -22,6 +22,10 @@
2222
{
2323
"type": "WEB",
2424
"url": "https://lists.apache.org/thread/s1jd1vxm59p6ghx47xhmpjdk1cobo4hn"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "http://www.openwall.com/lists/oss-security/2026/06/19/13"
2529
}
2630
],
2731
"database_specific": {

advisories/unreviewed/2026/06/GHSA-3mg6-56vq-7899/GHSA-3mg6-56vq-7899.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3mg6-56vq-7899",
4-
"modified": "2026-06-19T15:33:17Z",
4+
"modified": "2026-06-19T18:32:31Z",
55
"published": "2026-06-19T15:33:17Z",
66
"aliases": [
77
"CVE-2026-49230"
@@ -22,6 +22,10 @@
2222
{
2323
"type": "WEB",
2424
"url": "https://lists.apache.org/thread/n0blgkpvz38ghh5rrh6wtl476919xj1b"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "http://www.openwall.com/lists/oss-security/2026/06/19/12"
2529
}
2630
],
2731
"database_specific": {
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3r7g-gjfg-fgpr",
4+
"modified": "2026-06-19T18:32:32Z",
5+
"published": "2026-06-19T18:32:32Z",
6+
"aliases": [
7+
"CVE-2017-20261"
8+
],
9+
"details": "Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice views to extract sensitive database information.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20261"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/42552"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/joomla-component-bargain-product-vm3-sql-injection"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.weborange.eu"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.weborange.eu/extensions/index.php/extensions-vm3/bargain-product-vm3-detail"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-89"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-06-19T16:16:15Z"
51+
}
52+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4766-4px9-j9m3",
4+
"modified": "2026-06-19T18:32:32Z",
5+
"published": "2026-06-19T18:32:32Z",
6+
"aliases": [
7+
"CVE-2026-12620"
8+
],
9+
"details": "The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints.\n\nThis issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12620"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/gridtime-3000-gnss-time-server-access-token-exposure"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-200"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-19T16:16:17Z"
35+
}
36+
}

advisories/unreviewed/2026/06/GHSA-4v22-j8v6-qgvh/GHSA-4v22-j8v6-qgvh.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-4v22-j8v6-qgvh",
4-
"modified": "2026-06-19T15:33:16Z",
4+
"modified": "2026-06-19T18:32:31Z",
55
"published": "2026-06-19T15:33:16Z",
66
"aliases": [
77
"CVE-2026-44087"
@@ -22,6 +22,10 @@
2222
{
2323
"type": "WEB",
2424
"url": "https://lists.apache.org/thread/72ryrgdssk6s2x9d6xn14bxyyl878xfm"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "http://www.openwall.com/lists/oss-security/2026/06/19/7"
2529
}
2630
],
2731
"database_specific": {

0 commit comments

Comments
 (0)