Skip to content

Commit db83810

Browse files
Advisory Database Sync
1 parent 3812fdb commit db83810

25 files changed

Lines changed: 1003 additions & 0 deletions

File tree

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2887-f3v6-6rjf",
4+
"modified": "2026-05-08T06:32:37Z",
5+
"published": "2026-05-08T06:32:37Z",
6+
"aliases": [
7+
"CVE-2023-42345"
8+
],
9+
"details": "A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42345"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-05-08T05:16:09Z"
28+
}
29+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3h5f-583p-w5vj",
4+
"modified": "2026-05-08T06:32:37Z",
5+
"published": "2026-05-08T06:32:37Z",
6+
"aliases": [
7+
"CVE-2026-8136"
8+
],
9+
"details": "A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8136"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/timeflies123/cve/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/808839"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/361925"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/361925/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.sourcecodester.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-79"
50+
],
51+
"severity": "LOW",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-08T04:16:26Z"
55+
}
56+
}
Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6f3j-w8c5-257p",
4+
"modified": "2026-05-08T06:32:37Z",
5+
"published": "2026-05-08T06:32:37Z",
6+
"aliases": [
7+
"CVE-2022-45899"
8+
],
9+
"details": "Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45899"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://nokia.com"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://www.exploit-db.com/exploits/51896"
24+
}
25+
],
26+
"database_specific": {
27+
"cwe_ids": [],
28+
"severity": null,
29+
"github_reviewed": false,
30+
"github_reviewed_at": null,
31+
"nvd_published_at": "2026-05-08T05:16:09Z"
32+
}
33+
}
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7g7m-x38c-mrrv",
4+
"modified": "2026-05-08T06:32:38Z",
5+
"published": "2026-05-08T06:32:38Z",
6+
"aliases": [
7+
"CVE-2024-33724"
8+
],
9+
"details": "SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33724"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://github.com/fuzzlove/soplanning-1.52-exploits"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-05-08T06:16:09Z"
28+
}
29+
}
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7pgf-mjr6-8r53",
4+
"modified": "2026-05-08T06:32:38Z",
5+
"published": "2026-05-08T06:32:38Z",
6+
"aliases": [
7+
"CVE-2024-30167"
8+
],
9+
"details": "/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30167"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285733"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-05-08T06:16:09Z"
28+
}
29+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8cxw-g3j3-5xpx",
4+
"modified": "2026-05-08T06:32:38Z",
5+
"published": "2026-05-08T06:32:38Z",
6+
"aliases": [
7+
"CVE-2026-8137"
8+
],
9+
"details": "A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8137"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Kiciot/cve/issues/4"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/808863"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/361926"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/361926/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.totolink.net"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-08T05:16:11Z"
55+
}
56+
}
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8gpv-c454-3hfc",
4+
"modified": "2026-05-08T06:32:37Z",
5+
"published": "2026-05-08T06:32:37Z",
6+
"aliases": [
7+
"CVE-2023-42343"
8+
],
9+
"details": "A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42343"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-05-08T05:16:09Z"
28+
}
29+
}
Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-94g3-j7xc-qpwj",
4+
"modified": "2026-05-08T06:32:38Z",
5+
"published": "2026-05-08T06:32:38Z",
6+
"aliases": [
7+
"CVE-2024-45257"
8+
],
9+
"details": "A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45257"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://github.com/malwaredllc/byob"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/byob_unauth_rce.rb"
28+
}
29+
],
30+
"database_specific": {
31+
"cwe_ids": [],
32+
"severity": null,
33+
"github_reviewed": false,
34+
"github_reviewed_at": null,
35+
"nvd_published_at": "2026-05-08T06:16:09Z"
36+
}
37+
}
Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9r2v-r8jf-9prp",
4+
"modified": "2026-05-08T06:32:38Z",
5+
"published": "2026-05-08T06:32:38Z",
6+
"aliases": [
7+
"CVE-2026-8148"
8+
],
9+
"details": "NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\\SYSTEM via registry manipulation due to improper privilege checks.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8148"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://cve.naver.com/detail/cve-2026-8148.html"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [
24+
"CWE-266"
25+
],
26+
"severity": null,
27+
"github_reviewed": false,
28+
"github_reviewed_at": null,
29+
"nvd_published_at": "2026-05-08T05:16:12Z"
30+
}
31+
}

0 commit comments

Comments
 (0)