Skip to content

Commit c83a770

Browse files

File tree

advisories/unreviewed/2026/03/GHSA-j666-j6hj-fpc7/GHSA-j666-j6hj-fpc7.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-j666-j6hj-fpc7",
4-
"modified": "2026-06-03T09:30:28Z",
4+
"modified": "2026-06-03T12:30:26Z",
55
"published": "2026-03-30T09:31:28Z",
66
"aliases": [
77
"CVE-2026-5119"
@@ -63,6 +63,10 @@
6363
"type": "WEB",
6464
"url": "https://access.redhat.com/errata/RHSA-2026:22710"
6565
},
66+
{
67+
"type": "WEB",
68+
"url": "https://access.redhat.com/errata/RHSA-2026:22716"
69+
},
6670
{
6771
"type": "WEB",
6872
"url": "https://access.redhat.com/security/cve/CVE-2026-5119"
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-287w-267v-h5rm",
4+
"modified": "2026-06-03T12:30:26Z",
5+
"published": "2026-06-03T12:30:26Z",
6+
"aliases": [
7+
"CVE-2025-14771"
8+
],
9+
"details": "Files or directories accessible to external parties vulnerability in ABB T-MAC Plus.\n\nThis issue affects T-MAC Plus: 4.0-24.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14771"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A7840&LanguageCode=en&DocumentPartId=&Action=Launch"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-552"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-03T11:16:17Z"
39+
}
40+
}

advisories/unreviewed/2026/06/GHSA-32gp-2g42-v9vc/GHSA-32gp-2g42-v9vc.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-32gp-2g42-v9vc",
4-
"modified": "2026-06-03T03:30:24Z",
4+
"modified": "2026-06-03T12:30:26Z",
55
"published": "2026-06-03T03:30:24Z",
66
"aliases": [
77
"CVE-2026-9516"
@@ -21,6 +21,10 @@
2121
{
2222
"type": "WEB",
2323
"url": "https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.41/changes"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "http://www.openwall.com/lists/oss-security/2026/06/03/5"
2428
}
2529
],
2630
"database_specific": {
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-45c8-xxm2-wjfx",
4+
"modified": "2026-06-03T12:30:26Z",
5+
"published": "2026-06-03T12:30:26Z",
6+
"aliases": [
7+
"CVE-2025-15656"
8+
],
9+
"details": "Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation.\n\nThis issue affects School Management: from n/a through 93.2.0.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15656"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://patchstack.com/database/wordpress/plugin/school-management/vulnerability/wordpress-school-management-plugin-93-2-0-privilege-escalation-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-266"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-03T11:16:19Z"
35+
}
36+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5hqw-c68q-v3hh",
4+
"modified": "2026-06-03T12:30:26Z",
5+
"published": "2026-06-03T12:30:26Z",
6+
"aliases": [
7+
"CVE-2026-41032"
8+
],
9+
"details": "It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41032"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://certvde.com/de/advisories/VDE-2026-060"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-060.json"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-200"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-03T11:16:19Z"
39+
}
40+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-ch6v-382r-q8r4",
4+
"modified": "2026-06-03T12:30:26Z",
5+
"published": "2026-06-03T12:30:26Z",
6+
"aliases": [
7+
"CVE-2025-14773"
8+
],
9+
"details": "Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus.\n\nThis issue affects T-MAC Plus: 4.0-24.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14773"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A7840&LanguageCode=en&DocumentPartId=&Action=Launch"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-79"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-03T11:16:18Z"
39+
}
40+
}

advisories/unreviewed/2026/06/GHSA-qfqj-xxqv-cxfw/GHSA-qfqj-xxqv-cxfw.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-qfqj-xxqv-cxfw",
4-
"modified": "2026-06-03T03:30:24Z",
4+
"modified": "2026-06-03T12:30:26Z",
55
"published": "2026-06-03T03:30:24Z",
66
"aliases": [
77
"CVE-2026-9334"
@@ -21,6 +21,10 @@
2121
{
2222
"type": "WEB",
2323
"url": "https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.41/changes"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "http://www.openwall.com/lists/oss-security/2026/06/03/4"
2428
}
2529
],
2630
"database_specific": {
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-rpj2-8q6r-rm58",
4+
"modified": "2026-06-03T12:30:26Z",
5+
"published": "2026-06-03T12:30:26Z",
6+
"aliases": [
7+
"CVE-2025-14774"
8+
],
9+
"details": "Incorrect Authorization vulnerability in ABB T-MAC Plus.\n\nThis issue affects T-MAC Plus: 4.0-24.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14774"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A7840&LanguageCode=en&DocumentPartId=&Action=Launch"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-863"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-03T11:16:19Z"
39+
}
40+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-v3pr-hxpr-mfm8",
4+
"modified": "2026-06-03T12:30:26Z",
5+
"published": "2026-06-03T12:30:26Z",
6+
"aliases": [
7+
"CVE-2026-47065"
8+
],
9+
"details": "ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy\n\n\nAssessment: Fully addressed.\n\n\nWhen the serialised stream contains a TC_PROXYCLASSDESC (the marker \nfor a java.lang.reflect.Proxy ), JDK’s ObjectInputStream.readProxyDesc()\n is\ndispatched. JDK then calls the default \nObjectInputStream.resolveProxyClass(interfaces) implementation, which \nperforms Class.forName(intf, false, latestUserDefinedLoader()) for EACH \ninterface name and constructs the proxy class — bypassing the accepted\n classes list .\n\n\nZDRES-233: Class.forName(name, initialize=true, classLoader) in \nreadClassDescriptor Triggers Static Initialiser of Allow-Listed Classes\n\n\nAssessment: Fully addressed.\n\n\nFor ANY class on the allow-list, deserialising a stream that names it triggers the class’s \n (static initialiser) BEFORE any instance is constructed. This means an \nattacker who supplies a class name on the allow-list (e.g., the \ndeveloper wrote accept(“com.myapp.*\") , attacker supplies \ncom.myapp.SomeClass ) causes <clinit> of SomeClass — and many \nreal-world classes have side-effecting static initialisers\n\n\nBoth issues have been fixed.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47065"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-502"
30+
],
31+
"severity": "CRITICAL",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-03T11:16:19Z"
35+
}
36+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-v724-gm7g-f37c",
4+
"modified": "2026-06-03T12:30:26Z",
5+
"published": "2026-06-03T12:30:26Z",
6+
"aliases": [
7+
"CVE-2025-15655"
8+
],
9+
"details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection.\n\nThis issue affects School Management: from n/a through 93.2.0.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15655"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://patchstack.com/database/wordpress/plugin/school-management/vulnerability/wordpress-school-management-plugin-plugin-93-2-0-sql-injection-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-89"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-03T11:16:19Z"
35+
}
36+
}

0 commit comments

Comments
 (0)