Skip to content

Commit eac466d

Browse files
Advisory Database Sync
1 parent 1141b37 commit eac466d

33 files changed

Lines changed: 1265 additions & 15 deletions

File tree

advisories/unreviewed/2026/04/GHSA-5mqr-3465-c7p6/GHSA-5mqr-3465-c7p6.json

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-5mqr-3465-c7p6",
4-
"modified": "2026-06-03T00:30:24Z",
4+
"modified": "2026-06-04T12:30:25Z",
55
"published": "2026-04-23T18:33:03Z",
66
"aliases": [
77
"CVE-2026-34003"
@@ -21,7 +21,7 @@
2121
},
2222
{
2323
"type": "WEB",
24-
"url": "https://access.redhat.com/errata/RHSA-2026:20562"
24+
"url": "https://access.redhat.com/errata/RHSA-2026:10739"
2525
},
2626
{
2727
"type": "WEB",
@@ -77,15 +77,15 @@
7777
},
7878
{
7979
"type": "WEB",
80-
"url": "https://access.redhat.com/security/cve/CVE-2026-34003"
80+
"url": "https://access.redhat.com/errata/RHSA-2026:23254"
8181
},
8282
{
8383
"type": "WEB",
84-
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451113"
84+
"url": "https://access.redhat.com/security/cve/CVE-2026-34003"
8585
},
8686
{
8787
"type": "WEB",
88-
"url": "https://access.redhat.com/errata/RHSA-2026:10739"
88+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451113"
8989
},
9090
{
9191
"type": "WEB",
@@ -150,6 +150,10 @@
150150
{
151151
"type": "WEB",
152152
"url": "https://access.redhat.com/errata/RHSA-2026:20561"
153+
},
154+
{
155+
"type": "WEB",
156+
"url": "https://access.redhat.com/errata/RHSA-2026:20562"
153157
}
154158
],
155159
"database_specific": {

advisories/unreviewed/2026/04/GHSA-cjgm-66pw-5r9r/GHSA-cjgm-66pw-5r9r.json

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-cjgm-66pw-5r9r",
4-
"modified": "2026-06-03T00:30:24Z",
4+
"modified": "2026-06-04T12:30:25Z",
55
"published": "2026-04-23T18:33:03Z",
66
"aliases": [
77
"CVE-2026-34001"
@@ -21,7 +21,7 @@
2121
},
2222
{
2323
"type": "WEB",
24-
"url": "https://access.redhat.com/errata/RHSA-2026:20562"
24+
"url": "https://access.redhat.com/errata/RHSA-2026:10739"
2525
},
2626
{
2727
"type": "WEB",
@@ -77,15 +77,15 @@
7777
},
7878
{
7979
"type": "WEB",
80-
"url": "https://access.redhat.com/security/cve/CVE-2026-34001"
80+
"url": "https://access.redhat.com/errata/RHSA-2026:23254"
8181
},
8282
{
8383
"type": "WEB",
84-
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451109"
84+
"url": "https://access.redhat.com/security/cve/CVE-2026-34001"
8585
},
8686
{
8787
"type": "WEB",
88-
"url": "https://access.redhat.com/errata/RHSA-2026:10739"
88+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451109"
8989
},
9090
{
9191
"type": "WEB",
@@ -150,6 +150,10 @@
150150
{
151151
"type": "WEB",
152152
"url": "https://access.redhat.com/errata/RHSA-2026:20561"
153+
},
154+
{
155+
"type": "WEB",
156+
"url": "https://access.redhat.com/errata/RHSA-2026:20562"
153157
}
154158
],
155159
"database_specific": {

advisories/unreviewed/2026/04/GHSA-g562-3mh5-27v6/GHSA-g562-3mh5-27v6.json

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-g562-3mh5-27v6",
4-
"modified": "2026-06-03T00:30:23Z",
4+
"modified": "2026-06-04T12:30:25Z",
55
"published": "2026-04-23T18:33:03Z",
66
"aliases": [
77
"CVE-2026-33999"
@@ -21,7 +21,7 @@
2121
},
2222
{
2323
"type": "WEB",
24-
"url": "https://access.redhat.com/errata/RHSA-2026:20562"
24+
"url": "https://access.redhat.com/errata/RHSA-2026:10739"
2525
},
2626
{
2727
"type": "WEB",
@@ -77,15 +77,15 @@
7777
},
7878
{
7979
"type": "WEB",
80-
"url": "https://access.redhat.com/security/cve/CVE-2026-33999"
80+
"url": "https://access.redhat.com/errata/RHSA-2026:23254"
8181
},
8282
{
8383
"type": "WEB",
84-
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451106"
84+
"url": "https://access.redhat.com/security/cve/CVE-2026-33999"
8585
},
8686
{
8787
"type": "WEB",
88-
"url": "https://access.redhat.com/errata/RHSA-2026:10739"
88+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451106"
8989
},
9090
{
9191
"type": "WEB",
@@ -150,6 +150,10 @@
150150
{
151151
"type": "WEB",
152152
"url": "https://access.redhat.com/errata/RHSA-2026:20561"
153+
},
154+
{
155+
"type": "WEB",
156+
"url": "https://access.redhat.com/errata/RHSA-2026:20562"
153157
}
154158
],
155159
"database_specific": {
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2v7w-jm74-g6m3",
4+
"modified": "2026-06-04T12:30:26Z",
5+
"published": "2026-06-04T12:30:26Z",
6+
"aliases": [
7+
"CVE-2025-52609"
8+
],
9+
"details": "HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52609"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131041"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-693"
30+
],
31+
"severity": "LOW",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-04T12:16:23Z"
35+
}
36+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-35w7-q98m-gqgx",
4+
"modified": "2026-06-04T12:30:26Z",
5+
"published": "2026-06-04T12:30:26Z",
6+
"aliases": [
7+
"CVE-2026-10840"
8+
],
9+
"details": "A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10840"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://access.redhat.com/security/cve/CVE-2026-10840"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484720"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-732"
34+
],
35+
"severity": "CRITICAL",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-04T12:16:24Z"
39+
}
40+
}
Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-45jq-c8xm-jfw9",
4+
"modified": "2026-06-04T12:30:26Z",
5+
"published": "2026-06-04T12:30:26Z",
6+
"aliases": [
7+
"CVE-2026-10802"
8+
],
9+
"details": "A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attack remotely. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10802"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/keystonejs/keystone/issues/9789"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/keystonejs/keystone/pull/9831"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://gist.github.com/nedlir/0431275665076772844ebfe5167e54f6"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/keystonejs/keystone"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/cve/CVE-2026-10802"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/submit/831461"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/vuln/368251"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://vuldb.com/vuln/368251/cti"
57+
}
58+
],
59+
"database_specific": {
60+
"cwe_ids": [
61+
"CWE-400"
62+
],
63+
"severity": "LOW",
64+
"github_reviewed": false,
65+
"github_reviewed_at": null,
66+
"nvd_published_at": "2026-06-04T12:16:24Z"
67+
}
68+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4jr5-8v5x-7499",
4+
"modified": "2026-06-04T12:30:26Z",
5+
"published": "2026-06-04T12:30:26Z",
6+
"aliases": [
7+
"CVE-2026-45432"
8+
],
9+
"details": "This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45432"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0288"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-319"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-04T12:16:26Z"
35+
}
36+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4rgr-wmhw-58fg",
4+
"modified": "2026-06-04T12:30:25Z",
5+
"published": "2026-06-04T12:30:25Z",
6+
"aliases": [
7+
"CVE-2026-49077"
8+
],
9+
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data.\n\nThis issue affects WP eMember: from n/a through v10.2.2.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49077"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://patchstack.com/database/wordpress/plugin/wp-emember/vulnerability/wordpress-wp-emember-plugin-v10-2-2-sensitive-data-exposure-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-497"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-04T11:16:27Z"
35+
}
36+
}

0 commit comments

Comments
 (0)