From fd8723f904a302133f0e49a1d880516b9a13904f Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 18:22:27 +0000 Subject: [PATCH 001/222] Publish GHSA-pm44-x5x7-24c4 --- .../2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json b/advisories/github-reviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json index 8c5e98ce1e6a9..ea3ae3579b5d2 100644 --- a/advisories/github-reviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json +++ b/advisories/github-reviewed/2026/02/GHSA-pm44-x5x7-24c4/GHSA-pm44-x5x7-24c4.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-pm44-x5x7-24c4", - "modified": "2026-02-11T21:40:07Z", + "modified": "2026-02-13T18:20:21Z", "published": "2026-02-09T12:30:22Z", "aliases": [ "CVE-2026-22922" @@ -28,7 +28,7 @@ "introduced": "3.1.0" }, { - "fixed": "3.17.0" + "fixed": "3.1.7" } ] } From 90f44678b6bbbed510aa44dc4c3d036d7d0cb276 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 18:32:38 +0000 Subject: [PATCH 002/222] Advisory Database Sync --- .../GHSA-23wj-fq4f-57vr.json | 6 ++- .../GHSA-54jh-gr2j-w5jp.json | 13 ++++- .../GHSA-9cr4-jvh8-pr25.json | 6 ++- .../GHSA-c6wh-345m-mrfm.json | 6 ++- .../GHSA-g4fr-g4v5-cfmc.json | 6 ++- .../GHSA-jgcm-pqcv-h934.json | 6 ++- .../GHSA-f6p2-2572-4pjp.json | 6 ++- .../GHSA-m77w-6vjw-wh2f.json | 6 ++- .../GHSA-2g3f-rmh8-cj3f.json | 6 ++- .../GHSA-x34v-6wh4-m93r.json | 6 ++- .../GHSA-5mqf-9q34-g8c2.json | 6 ++- .../GHSA-9w8w-fgjg-w972.json | 6 ++- .../GHSA-6v67-599p-fprc.json | 6 ++- .../GHSA-9x7h-v87g-j6jw.json | 11 +++-- .../GHSA-rr66-qxh8-8qwq.json | 11 +++-- .../GHSA-45gw-fx24-h4pv.json | 15 ++++-- .../GHSA-75wh-ww84-2q6c.json | 11 +++-- .../GHSA-4vjp-phjj-3f57.json | 6 ++- .../GHSA-x2jm-xff2-34w4.json | 4 +- .../GHSA-2886-9536-rhhj.json | 6 ++- .../GHSA-rfj8-8392-mfcm.json | 6 ++- .../GHSA-v6c5-9mp4-mwq4.json | 6 ++- .../GHSA-5wfc-7v23-c2vf.json | 6 ++- .../GHSA-5mc7-p6pj-r3f5.json | 6 ++- .../GHSA-jh94-8q48-f3m3.json | 6 ++- .../GHSA-qg84-jfh7-8hpx.json | 3 +- .../GHSA-224f-wm46-5p4r.json | 33 +++++++++++++ .../GHSA-26vr-h5vf-58cq.json | 4 +- .../GHSA-3669-8ww5-g35f.json | 44 +++++++++++++++++ .../GHSA-3q2x-q945-c5mm.json | 6 ++- .../GHSA-4gg4-26q8-wv28.json | 37 ++++++++++++++ .../GHSA-5wr5-vxhh-x7gm.json | 44 +++++++++++++++++ .../GHSA-7v9f-f4qv-fcxh.json | 36 ++++++++++++++ .../GHSA-8xrx-9wj4-6775.json | 4 +- .../GHSA-c5gm-v7v7-vjx9.json | 4 +- .../GHSA-cgmm-x5ww-q5cr.json | 48 +++++++++++++++++++ .../GHSA-cm39-88fp-pv6j.json | 15 ++++-- .../GHSA-fq6p-4h82-858f.json | 29 +++++++++++ .../GHSA-fqf2-x743-9564.json | 4 +- .../GHSA-h6jx-x5f4-qmj9.json | 15 ++++-- .../GHSA-h892-rh45-x8jp.json | 11 +++-- .../GHSA-j98c-62jj-x3h3.json | 29 +++++++++++ .../GHSA-jhq4-533p-8p4c.json | 15 ++++-- .../GHSA-m7rx-q9f3-3p96.json | 3 +- .../GHSA-p47v-wp9g-8362.json | 15 ++++-- .../GHSA-p5cr-gq3j-93c4.json | 15 ++++-- .../GHSA-p5wr-5p37-2wm6.json | 6 ++- .../GHSA-qqhc-37jx-7gh5.json | 40 ++++++++++++++++ .../GHSA-r3p8-h9vv-9cqc.json | 37 ++++++++++++++ .../GHSA-vwfj-gc28-j2fg.json | 40 ++++++++++++++++ .../GHSA-w7w9-2vjv-7r67.json | 40 ++++++++++++++++ .../GHSA-x3j4-874w-h7pv.json | 29 +++++++++++ .../GHSA-xrqq-m9vv-pq36.json | 15 ++++-- 53 files changed, 730 insertions(+), 70 deletions(-) create mode 100644 advisories/unreviewed/2026/02/GHSA-224f-wm46-5p4r/GHSA-224f-wm46-5p4r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3669-8ww5-g35f/GHSA-3669-8ww5-g35f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4gg4-26q8-wv28/GHSA-4gg4-26q8-wv28.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5wr5-vxhh-x7gm/GHSA-5wr5-vxhh-x7gm.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7v9f-f4qv-fcxh/GHSA-7v9f-f4qv-fcxh.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fq6p-4h82-858f/GHSA-fq6p-4h82-858f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-j98c-62jj-x3h3/GHSA-j98c-62jj-x3h3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json create mode 100644 advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json diff --git a/advisories/unreviewed/2022/05/GHSA-23wj-fq4f-57vr/GHSA-23wj-fq4f-57vr.json b/advisories/unreviewed/2022/05/GHSA-23wj-fq4f-57vr/GHSA-23wj-fq4f-57vr.json index 19f7f39ffbc3a..ed8de91296818 100644 --- a/advisories/unreviewed/2022/05/GHSA-23wj-fq4f-57vr/GHSA-23wj-fq4f-57vr.json +++ b/advisories/unreviewed/2022/05/GHSA-23wj-fq4f-57vr/GHSA-23wj-fq4f-57vr.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-23wj-fq4f-57vr", - "modified": "2022-05-14T02:03:36Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-14T02:03:36Z", "aliases": [ "CVE-2018-15899" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://github.com/bg5sbk/MiniCMS/issues/21" + }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2018-15899.md" } ], "database_specific": { diff --git a/advisories/unreviewed/2022/05/GHSA-54jh-gr2j-w5jp/GHSA-54jh-gr2j-w5jp.json b/advisories/unreviewed/2022/05/GHSA-54jh-gr2j-w5jp/GHSA-54jh-gr2j-w5jp.json index 16b452f6c8fef..20d62a664e145 100644 --- a/advisories/unreviewed/2022/05/GHSA-54jh-gr2j-w5jp/GHSA-54jh-gr2j-w5jp.json +++ b/advisories/unreviewed/2022/05/GHSA-54jh-gr2j-w5jp/GHSA-54jh-gr2j-w5jp.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-54jh-gr2j-w5jp", - "modified": "2022-05-24T19:05:59Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-24T19:05:59Z", "aliases": [ "CVE-2021-35438" ], "details": "phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -17,6 +22,10 @@ { "type": "WEB", "url": "https://github.com/phpipam/phpipam/issues/3351" + }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2021-35438.md" } ], "database_specific": { diff --git a/advisories/unreviewed/2022/05/GHSA-9cr4-jvh8-pr25/GHSA-9cr4-jvh8-pr25.json b/advisories/unreviewed/2022/05/GHSA-9cr4-jvh8-pr25/GHSA-9cr4-jvh8-pr25.json index 6c04751d31c4c..7f08fef4180f2 100644 --- a/advisories/unreviewed/2022/05/GHSA-9cr4-jvh8-pr25/GHSA-9cr4-jvh8-pr25.json +++ b/advisories/unreviewed/2022/05/GHSA-9cr4-jvh8-pr25/GHSA-9cr4-jvh8-pr25.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-9cr4-jvh8-pr25", - "modified": "2022-05-17T02:54:58Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-17T02:54:58Z", "aliases": [ "CVE-2017-6537" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://github.com/WPO-Foundation/webpagetest/issues/837" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-6537.md" + }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/96935" diff --git a/advisories/unreviewed/2022/05/GHSA-c6wh-345m-mrfm/GHSA-c6wh-345m-mrfm.json b/advisories/unreviewed/2022/05/GHSA-c6wh-345m-mrfm/GHSA-c6wh-345m-mrfm.json index 2a3a2d6ac3379..cb6e77cd91868 100644 --- a/advisories/unreviewed/2022/05/GHSA-c6wh-345m-mrfm/GHSA-c6wh-345m-mrfm.json +++ b/advisories/unreviewed/2022/05/GHSA-c6wh-345m-mrfm/GHSA-c6wh-345m-mrfm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-c6wh-345m-mrfm", - "modified": "2022-05-17T02:56:29Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-17T02:56:29Z", "aliases": [ "CVE-2017-6396" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://github.com/WPO-Foundation/webpagetest/issues/820" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-6396.md" + }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/96553" diff --git a/advisories/unreviewed/2022/05/GHSA-g4fr-g4v5-cfmc/GHSA-g4fr-g4v5-cfmc.json b/advisories/unreviewed/2022/05/GHSA-g4fr-g4v5-cfmc/GHSA-g4fr-g4v5-cfmc.json index 2a156c1666c14..c1793f772b5f7 100644 --- a/advisories/unreviewed/2022/05/GHSA-g4fr-g4v5-cfmc/GHSA-g4fr-g4v5-cfmc.json +++ b/advisories/unreviewed/2022/05/GHSA-g4fr-g4v5-cfmc/GHSA-g4fr-g4v5-cfmc.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-g4fr-g4v5-cfmc", - "modified": "2022-05-13T01:12:12Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-13T01:12:12Z", "aliases": [ "CVE-2017-6478" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/15" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-6478.md" + }, { "type": "WEB", "url": "https://github.com/paintballrefjosh/MaNGOSWebV4/releases/tag/4.0.8" diff --git a/advisories/unreviewed/2022/05/GHSA-jgcm-pqcv-h934/GHSA-jgcm-pqcv-h934.json b/advisories/unreviewed/2022/05/GHSA-jgcm-pqcv-h934/GHSA-jgcm-pqcv-h934.json index f56a19299b36b..2abd99ac4d2f4 100644 --- a/advisories/unreviewed/2022/05/GHSA-jgcm-pqcv-h934/GHSA-jgcm-pqcv-h934.json +++ b/advisories/unreviewed/2022/05/GHSA-jgcm-pqcv-h934/GHSA-jgcm-pqcv-h934.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-jgcm-pqcv-h934", - "modified": "2022-05-17T02:54:55Z", + "modified": "2026-02-13T18:31:21Z", "published": "2022-05-17T02:54:55Z", "aliases": [ "CVE-2017-6541" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://github.com/WPO-Foundation/webpagetest/issues/834" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-6541.md" + }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/96935" diff --git a/advisories/unreviewed/2023/02/GHSA-f6p2-2572-4pjp/GHSA-f6p2-2572-4pjp.json b/advisories/unreviewed/2023/02/GHSA-f6p2-2572-4pjp/GHSA-f6p2-2572-4pjp.json index f819db96889f0..2ff58806de1a0 100644 --- a/advisories/unreviewed/2023/02/GHSA-f6p2-2572-4pjp/GHSA-f6p2-2572-4pjp.json +++ b/advisories/unreviewed/2023/02/GHSA-f6p2-2572-4pjp/GHSA-f6p2-2572-4pjp.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-f6p2-2572-4pjp", - "modified": "2023-02-12T06:30:27Z", + "modified": "2026-02-13T18:31:21Z", "published": "2023-02-04T15:30:32Z", "aliases": [ "CVE-2023-0676" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://github.com/phpipam/phpipam/commit/94ec73ff1d33926b75b811ded6f0b4a46088a7ec" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-0676.md" + }, { "type": "WEB", "url": "https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b" diff --git a/advisories/unreviewed/2023/10/GHSA-m77w-6vjw-wh2f/GHSA-m77w-6vjw-wh2f.json b/advisories/unreviewed/2023/10/GHSA-m77w-6vjw-wh2f/GHSA-m77w-6vjw-wh2f.json index ec1169bfc8af9..810870c8729ed 100644 --- a/advisories/unreviewed/2023/10/GHSA-m77w-6vjw-wh2f/GHSA-m77w-6vjw-wh2f.json +++ b/advisories/unreviewed/2023/10/GHSA-m77w-6vjw-wh2f/GHSA-m77w-6vjw-wh2f.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-m77w-6vjw-wh2f", - "modified": "2025-10-22T00:32:51Z", + "modified": "2026-02-13T18:31:21Z", "published": "2023-10-03T18:30:23Z", "aliases": [ "CVE-2023-4911" @@ -27,6 +27,10 @@ "type": "WEB", "url": "https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt" }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/52479" + }, { "type": "WEB", "url": "https://www.debian.org/security/2023/dsa-5514" diff --git a/advisories/unreviewed/2024/07/GHSA-2g3f-rmh8-cj3f/GHSA-2g3f-rmh8-cj3f.json b/advisories/unreviewed/2024/07/GHSA-2g3f-rmh8-cj3f/GHSA-2g3f-rmh8-cj3f.json index 894979a1e4a75..8da2aba8e0444 100644 --- a/advisories/unreviewed/2024/07/GHSA-2g3f-rmh8-cj3f/GHSA-2g3f-rmh8-cj3f.json +++ b/advisories/unreviewed/2024/07/GHSA-2g3f-rmh8-cj3f/GHSA-2g3f-rmh8-cj3f.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-2g3f-rmh8-cj3f", - "modified": "2024-08-01T15:32:11Z", + "modified": "2026-02-13T18:31:21Z", "published": "2024-07-26T18:30:36Z", "aliases": [ "CVE-2024-41355" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://github.com/phpipam/phpipam/issues/4151" + }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2024-41355.md" } ], "database_specific": { diff --git a/advisories/unreviewed/2024/08/GHSA-x34v-6wh4-m93r/GHSA-x34v-6wh4-m93r.json b/advisories/unreviewed/2024/08/GHSA-x34v-6wh4-m93r/GHSA-x34v-6wh4-m93r.json index b0fd64a9bed9d..1b1ea338bedd4 100644 --- a/advisories/unreviewed/2024/08/GHSA-x34v-6wh4-m93r/GHSA-x34v-6wh4-m93r.json +++ b/advisories/unreviewed/2024/08/GHSA-x34v-6wh4-m93r/GHSA-x34v-6wh4-m93r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-x34v-6wh4-m93r", - "modified": "2024-08-28T18:31:54Z", + "modified": "2026-02-13T18:31:21Z", "published": "2024-08-23T21:30:42Z", "aliases": [ "CVE-2024-42845" @@ -30,6 +30,10 @@ { "type": "WEB", "url": "https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845" + }, + { + "type": "WEB", + "url": "https://www.partywave.site/show/research/tic-tac-beware-of-your-scan" } ], "database_specific": { diff --git a/advisories/unreviewed/2024/09/GHSA-5mqf-9q34-g8c2/GHSA-5mqf-9q34-g8c2.json b/advisories/unreviewed/2024/09/GHSA-5mqf-9q34-g8c2/GHSA-5mqf-9q34-g8c2.json index 52ec270b94cbf..a31409f884714 100644 --- a/advisories/unreviewed/2024/09/GHSA-5mqf-9q34-g8c2/GHSA-5mqf-9q34-g8c2.json +++ b/advisories/unreviewed/2024/09/GHSA-5mqf-9q34-g8c2/GHSA-5mqf-9q34-g8c2.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-5mqf-9q34-g8c2", - "modified": "2024-09-26T18:31:43Z", + "modified": "2026-02-13T18:31:21Z", "published": "2024-09-25T18:31:20Z", "aliases": [ "CVE-2024-44825" @@ -26,6 +26,10 @@ { "type": "WEB", "url": "https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-44825" + }, + { + "type": "WEB", + "url": "https://www.partywave.site/show/research/cve-2024-44825-invesalius-arbitrary-file-write-and-directory-traversal" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/01/GHSA-9w8w-fgjg-w972/GHSA-9w8w-fgjg-w972.json b/advisories/unreviewed/2025/01/GHSA-9w8w-fgjg-w972/GHSA-9w8w-fgjg-w972.json index 28cfa25dc6b48..4e6d01952c490 100644 --- a/advisories/unreviewed/2025/01/GHSA-9w8w-fgjg-w972/GHSA-9w8w-fgjg-w972.json +++ b/advisories/unreviewed/2025/01/GHSA-9w8w-fgjg-w972/GHSA-9w8w-fgjg-w972.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-9w8w-fgjg-w972", - "modified": "2025-01-08T15:31:10Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-01-07T21:30:55Z", "aliases": [ "CVE-2024-54819" @@ -26,6 +26,10 @@ { "type": "WEB", "url": "https://github.com/partywavesec/CVE-2024-55557" + }, + { + "type": "WEB", + "url": "https://www.partywave.site/show/research/cve-2024-54819-i-librarian-server-side-request-forgery" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json b/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json index 0aa516242b13f..78e4b4b3a2e37 100644 --- a/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json +++ b/advisories/unreviewed/2025/03/GHSA-6v67-599p-fprc/GHSA-6v67-599p-fprc.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-6v67-599p-fprc", - "modified": "2026-02-04T21:30:24Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-03-11T18:32:17Z", "aliases": [ "CVE-2025-24054" @@ -31,6 +31,10 @@ "type": "WEB", "url": "https://www.exploit-db.com/exploits/52478" }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/52480" + }, { "type": "WEB", "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24054-spoofing-vulnerability-in-windows-ntlm-by-microsoft-detection-script" diff --git a/advisories/unreviewed/2025/04/GHSA-9x7h-v87g-j6jw/GHSA-9x7h-v87g-j6jw.json b/advisories/unreviewed/2025/04/GHSA-9x7h-v87g-j6jw/GHSA-9x7h-v87g-j6jw.json index a606c1457cf8f..c1250f1d77225 100644 --- a/advisories/unreviewed/2025/04/GHSA-9x7h-v87g-j6jw/GHSA-9x7h-v87g-j6jw.json +++ b/advisories/unreviewed/2025/04/GHSA-9x7h-v87g-j6jw/GHSA-9x7h-v87g-j6jw.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-9x7h-v87g-j6jw", - "modified": "2025-11-03T21:33:35Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-04-16T15:34:40Z", "aliases": [ "CVE-2025-22042" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add bounds check for create lease context\n\nAdd missing bounds check for create lease context.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -45,7 +50,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-04-16T15:15:57Z" diff --git a/advisories/unreviewed/2025/04/GHSA-rr66-qxh8-8qwq/GHSA-rr66-qxh8-8qwq.json b/advisories/unreviewed/2025/04/GHSA-rr66-qxh8-8qwq/GHSA-rr66-qxh8-8qwq.json index 2d8112bee4640..b4113fb52372a 100644 --- a/advisories/unreviewed/2025/04/GHSA-rr66-qxh8-8qwq/GHSA-rr66-qxh8-8qwq.json +++ b/advisories/unreviewed/2025/04/GHSA-rr66-qxh8-8qwq/GHSA-rr66-qxh8-8qwq.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-rr66-qxh8-8qwq", - "modified": "2025-11-03T21:33:41Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-04-18T15:31:38Z", "aliases": [ "CVE-2025-38575" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: use aead_request_free to match aead_request_alloc\n\nUse aead_request_free() instead of kfree() to properly free memory\nallocated by aead_request_alloc(). This ensures sensitive crypto data\nis zeroed before being freed.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -49,7 +54,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-04-18T07:15:43Z" diff --git a/advisories/unreviewed/2025/05/GHSA-45gw-fx24-h4pv/GHSA-45gw-fx24-h4pv.json b/advisories/unreviewed/2025/05/GHSA-45gw-fx24-h4pv/GHSA-45gw-fx24-h4pv.json index 9c547ebccacdd..73b8e02f6ca39 100644 --- a/advisories/unreviewed/2025/05/GHSA-45gw-fx24-h4pv/GHSA-45gw-fx24-h4pv.json +++ b/advisories/unreviewed/2025/05/GHSA-45gw-fx24-h4pv/GHSA-45gw-fx24-h4pv.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-45gw-fx24-h4pv", - "modified": "2025-11-03T21:33:45Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-05-01T15:31:44Z", "aliases": [ "CVE-2025-37778" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix dangling pointer in krb_authenticate\n\nkrb_authenticate frees sess->user and does not set the pointer\nto NULL. It calls ksmbd_krb5_authenticate to reinitialise\nsess->user but that function may return without doing so. If\nthat happens then smb2_sess_setup, which calls krb_authenticate,\nwill be accessing free'd memory when it later uses sess->user.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -40,8 +45,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-05-01T14:15:41Z" diff --git a/advisories/unreviewed/2025/05/GHSA-75wh-ww84-2q6c/GHSA-75wh-ww84-2q6c.json b/advisories/unreviewed/2025/05/GHSA-75wh-ww84-2q6c/GHSA-75wh-ww84-2q6c.json index cd01d81fe78dc..ba3496731c0c4 100644 --- a/advisories/unreviewed/2025/05/GHSA-75wh-ww84-2q6c/GHSA-75wh-ww84-2q6c.json +++ b/advisories/unreviewed/2025/05/GHSA-75wh-ww84-2q6c/GHSA-75wh-ww84-2q6c.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-75wh-ww84-2q6c", - "modified": "2025-11-03T21:33:45Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-05-01T15:31:44Z", "aliases": [ "CVE-2025-37775" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix the warning from __kernel_write_iter\n\n[ 2110.972290] ------------[ cut here ]------------\n[ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280\n\nThis patch doesn't allow writing to directory.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -41,7 +46,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-05-01T14:15:41Z" diff --git a/advisories/unreviewed/2025/08/GHSA-4vjp-phjj-3f57/GHSA-4vjp-phjj-3f57.json b/advisories/unreviewed/2025/08/GHSA-4vjp-phjj-3f57/GHSA-4vjp-phjj-3f57.json index 72397ebf2061f..a72de6e88a2fd 100644 --- a/advisories/unreviewed/2025/08/GHSA-4vjp-phjj-3f57/GHSA-4vjp-phjj-3f57.json +++ b/advisories/unreviewed/2025/08/GHSA-4vjp-phjj-3f57/GHSA-4vjp-phjj-3f57.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-4vjp-phjj-3f57", - "modified": "2025-11-05T00:31:24Z", + "modified": "2026-02-13T18:31:21Z", "published": "2025-08-13T18:31:24Z", "aliases": [ "CVE-2025-34153" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34153" }, + { + "type": "WEB", + "url": "https://community.hyland.com/resources/bulletins-and-notices/210540-security-update-hyland-timer-service-bulletin-ob2025-02" + }, { "type": "WEB", "url": "https://gist.github.com/VAMorales/32794cccc2195a935623a12ef32760dc" diff --git a/advisories/unreviewed/2025/09/GHSA-x2jm-xff2-34w4/GHSA-x2jm-xff2-34w4.json b/advisories/unreviewed/2025/09/GHSA-x2jm-xff2-34w4/GHSA-x2jm-xff2-34w4.json index a15e1d31feffe..988fb2d59f60f 100644 --- a/advisories/unreviewed/2025/09/GHSA-x2jm-xff2-34w4/GHSA-x2jm-xff2-34w4.json +++ b/advisories/unreviewed/2025/09/GHSA-x2jm-xff2-34w4/GHSA-x2jm-xff2-34w4.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-79" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2025/11/GHSA-2886-9536-rhhj/GHSA-2886-9536-rhhj.json b/advisories/unreviewed/2025/11/GHSA-2886-9536-rhhj/GHSA-2886-9536-rhhj.json index 36d4053526d62..e9c314581dda1 100644 --- a/advisories/unreviewed/2025/11/GHSA-2886-9536-rhhj/GHSA-2886-9536-rhhj.json +++ b/advisories/unreviewed/2025/11/GHSA-2886-9536-rhhj/GHSA-2886-9536-rhhj.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-2886-9536-rhhj", - "modified": "2025-11-13T18:31:05Z", + "modified": "2026-02-13T18:31:22Z", "published": "2025-11-13T18:31:05Z", "aliases": [ "CVE-2025-12784" ], "details": "Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2025/11/GHSA-rfj8-8392-mfcm/GHSA-rfj8-8392-mfcm.json b/advisories/unreviewed/2025/11/GHSA-rfj8-8392-mfcm/GHSA-rfj8-8392-mfcm.json index 81e7266466163..b3ec5d510064b 100644 --- a/advisories/unreviewed/2025/11/GHSA-rfj8-8392-mfcm/GHSA-rfj8-8392-mfcm.json +++ b/advisories/unreviewed/2025/11/GHSA-rfj8-8392-mfcm/GHSA-rfj8-8392-mfcm.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-rfj8-8392-mfcm", - "modified": "2025-11-13T18:31:05Z", + "modified": "2026-02-13T18:31:22Z", "published": "2025-11-13T18:31:05Z", "aliases": [ "CVE-2025-12785" ], "details": "Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json b/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json index cc4fc102d8088..c8e47565d98ec 100644 --- a/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json +++ b/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-v6c5-9mp4-mwq4", - "modified": "2026-02-11T15:30:21Z", + "modified": "2026-02-13T18:31:23Z", "published": "2025-11-26T15:34:12Z", "aliases": [ "CVE-2025-13601" @@ -47,6 +47,10 @@ "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2026:2072" }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2026:2064" + }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2026:1736" diff --git a/advisories/unreviewed/2025/12/GHSA-5wfc-7v23-c2vf/GHSA-5wfc-7v23-c2vf.json b/advisories/unreviewed/2025/12/GHSA-5wfc-7v23-c2vf/GHSA-5wfc-7v23-c2vf.json index e705d9d130360..16244a5359ebd 100644 --- a/advisories/unreviewed/2025/12/GHSA-5wfc-7v23-c2vf/GHSA-5wfc-7v23-c2vf.json +++ b/advisories/unreviewed/2025/12/GHSA-5wfc-7v23-c2vf/GHSA-5wfc-7v23-c2vf.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-5wfc-7v23-c2vf", - "modified": "2025-12-09T21:31:49Z", + "modified": "2026-02-13T18:31:23Z", "published": "2025-12-09T21:31:49Z", "aliases": [ "CVE-2021-47724" ], "details": "STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/01/GHSA-5mc7-p6pj-r3f5/GHSA-5mc7-p6pj-r3f5.json b/advisories/unreviewed/2026/01/GHSA-5mc7-p6pj-r3f5/GHSA-5mc7-p6pj-r3f5.json index 7652fb69f6540..a46c72ac4d3be 100644 --- a/advisories/unreviewed/2026/01/GHSA-5mc7-p6pj-r3f5/GHSA-5mc7-p6pj-r3f5.json +++ b/advisories/unreviewed/2026/01/GHSA-5mc7-p6pj-r3f5/GHSA-5mc7-p6pj-r3f5.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-5mc7-p6pj-r3f5", - "modified": "2026-01-21T00:31:42Z", + "modified": "2026-02-13T18:31:23Z", "published": "2026-01-21T00:31:42Z", "aliases": [ "CVE-2026-0865" @@ -43,6 +43,10 @@ "type": "WEB", "url": "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5" }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6" + }, { "type": "WEB", "url": "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995" diff --git a/advisories/unreviewed/2026/01/GHSA-jh94-8q48-f3m3/GHSA-jh94-8q48-f3m3.json b/advisories/unreviewed/2026/01/GHSA-jh94-8q48-f3m3/GHSA-jh94-8q48-f3m3.json index a122bc92e7d86..9d3113da8a192 100644 --- a/advisories/unreviewed/2026/01/GHSA-jh94-8q48-f3m3/GHSA-jh94-8q48-f3m3.json +++ b/advisories/unreviewed/2026/01/GHSA-jh94-8q48-f3m3/GHSA-jh94-8q48-f3m3.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-jh94-8q48-f3m3", - "modified": "2026-01-26T15:31:19Z", + "modified": "2026-02-13T18:31:23Z", "published": "2026-01-23T18:31:30Z", "aliases": [ "CVE-2026-1299" @@ -47,6 +47,10 @@ "type": "WEB", "url": "https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36" }, + { + "type": "WEB", + "url": "https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a" + }, { "type": "WEB", "url": "https://cve.org/CVERecord?id=CVE-2024-6923" diff --git a/advisories/unreviewed/2026/01/GHSA-qg84-jfh7-8hpx/GHSA-qg84-jfh7-8hpx.json b/advisories/unreviewed/2026/01/GHSA-qg84-jfh7-8hpx/GHSA-qg84-jfh7-8hpx.json index 1faa991ec0136..3ff46cfdcb468 100644 --- a/advisories/unreviewed/2026/01/GHSA-qg84-jfh7-8hpx/GHSA-qg84-jfh7-8hpx.json +++ b/advisories/unreviewed/2026/01/GHSA-qg84-jfh7-8hpx/GHSA-qg84-jfh7-8hpx.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-89" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-224f-wm46-5p4r/GHSA-224f-wm46-5p4r.json b/advisories/unreviewed/2026/02/GHSA-224f-wm46-5p4r/GHSA-224f-wm46-5p4r.json new file mode 100644 index 0000000000000..c74d239c86fb0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-224f-wm46-5p4r/GHSA-224f-wm46-5p4r.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-224f-wm46-5p4r", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-66676" + ], + "details": "An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66676" + }, + { + "type": "WEB", + "url": "https://github.com/cwjchoi01/CVE-2025-66676" + }, + { + "type": "WEB", + "url": "https://www.iobit.com/en/iobit-unlocker.php" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T18:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-26vr-h5vf-58cq/GHSA-26vr-h5vf-58cq.json b/advisories/unreviewed/2026/02/GHSA-26vr-h5vf-58cq/GHSA-26vr-h5vf-58cq.json index 26994f0e7141f..2eb69b7c705fb 100644 --- a/advisories/unreviewed/2026/02/GHSA-26vr-h5vf-58cq/GHSA-26vr-h5vf-58cq.json +++ b/advisories/unreviewed/2026/02/GHSA-26vr-h5vf-58cq/GHSA-26vr-h5vf-58cq.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-3669-8ww5-g35f/GHSA-3669-8ww5-g35f.json b/advisories/unreviewed/2026/02/GHSA-3669-8ww5-g35f/GHSA-3669-8ww5-g35f.json new file mode 100644 index 0000000000000..c40923c22e7bf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3669-8ww5-g35f/GHSA-3669-8ww5-g35f.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3669-8ww5-g35f", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70094" + ], + "details": "A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70094" + }, + { + "type": "WEB", + "url": "https://github.com/opensourcepos/opensourcepos/pull/4357" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70094.md" + }, + { + "type": "WEB", + "url": "https://www.opensourcepos.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3q2x-q945-c5mm/GHSA-3q2x-q945-c5mm.json b/advisories/unreviewed/2026/02/GHSA-3q2x-q945-c5mm/GHSA-3q2x-q945-c5mm.json index 54661722df369..7acac638a91ea 100644 --- a/advisories/unreviewed/2026/02/GHSA-3q2x-q945-c5mm/GHSA-3q2x-q945-c5mm.json +++ b/advisories/unreviewed/2026/02/GHSA-3q2x-q945-c5mm/GHSA-3q2x-q945-c5mm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-3q2x-q945-c5mm", - "modified": "2026-02-11T15:30:27Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-11T15:30:27Z", "aliases": [ "CVE-2019-25314" @@ -38,6 +38,10 @@ { "type": "WEB", "url": "https://www.vulncheck.com/advisories/duplicate-post-persistent-cross-site-scripting" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/duplicate-post/yoast-duplicate-post-323-authenticated-admin-stored-cross-site-scripting" } ], "database_specific": { diff --git a/advisories/unreviewed/2026/02/GHSA-4gg4-26q8-wv28/GHSA-4gg4-26q8-wv28.json b/advisories/unreviewed/2026/02/GHSA-4gg4-26q8-wv28/GHSA-4gg4-26q8-wv28.json new file mode 100644 index 0000000000000..8da634476cc20 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4gg4-26q8-wv28/GHSA-4gg4-26q8-wv28.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4gg4-26q8-wv28", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-69770" + ], + "details": "A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69770" + }, + { + "type": "WEB", + "url": "https://github.com/i7MEDIA/mojoportal/security" + }, + { + "type": "WEB", + "url": "https://github.com/kid-tnt/Mojo-check/blob/main/Zipslip%20in%20MojoPortal%20version%202.9.0.1.md" + }, + { + "type": "WEB", + "url": "https://www.mojoportal.com/mojoportal-2-9-1" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T18:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5wr5-vxhh-x7gm/GHSA-5wr5-vxhh-x7gm.json b/advisories/unreviewed/2026/02/GHSA-5wr5-vxhh-x7gm/GHSA-5wr5-vxhh-x7gm.json new file mode 100644 index 0000000000000..f05c070281e27 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5wr5-vxhh-x7gm/GHSA-5wr5-vxhh-x7gm.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5wr5-vxhh-x7gm", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2026-26221" + ], + "details": "Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g., TimerServiceAPI.rem and TimerServiceEvents.rem for Workflow) to trigger unsafe object unmarshalling, enabling arbitrary file read/write. By writing attacker-controlled content into web-accessible locations or chaining with other OnBase features, this can lead to remote code execution. The same primitive can be abused by supplying a UNC path to coerce outbound NTLM authentication (SMB coercion) to an attacker-controlled host.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26221" + }, + { + "type": "WEB", + "url": "https://community.hyland.com/resources/bulletins-and-notices/223223-security-update-onbase-workflow-timer-service-bulletin-ob2025-03" + }, + { + "type": "WEB", + "url": "https://www.hyland.com/en/solutions/products/onbase" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/hyland-onbase-timer-services-unauthenticated-net-remoting-rce" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7v9f-f4qv-fcxh/GHSA-7v9f-f4qv-fcxh.json b/advisories/unreviewed/2026/02/GHSA-7v9f-f4qv-fcxh/GHSA-7v9f-f4qv-fcxh.json new file mode 100644 index 0000000000000..4b374e9eea703 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7v9f-f4qv-fcxh/GHSA-7v9f-f4qv-fcxh.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7v9f-f4qv-fcxh", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-1790" + ], + "details": "Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:H/MVI:H/MVA:H/MSC:X/MSI:H/MSA:H/S:P/AU:N/R:X/V:C/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1790" + }, + { + "type": "WEB", + "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-SipeliaTM-2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-250" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json b/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json index 583c0515f5221..26d18da71a8ff 100644 --- a/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json +++ b/advisories/unreviewed/2026/02/GHSA-8xrx-9wj4-6775/GHSA-8xrx-9wj4-6775.json @@ -37,7 +37,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-377" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-c5gm-v7v7-vjx9/GHSA-c5gm-v7v7-vjx9.json b/advisories/unreviewed/2026/02/GHSA-c5gm-v7v7-vjx9/GHSA-c5gm-v7v7-vjx9.json index 71b182c662e59..3fdb1c5373ebf 100644 --- a/advisories/unreviewed/2026/02/GHSA-c5gm-v7v7-vjx9/GHSA-c5gm-v7v7-vjx9.json +++ b/advisories/unreviewed/2026/02/GHSA-c5gm-v7v7-vjx9/GHSA-c5gm-v7v7-vjx9.json @@ -45,7 +45,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-22" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json b/advisories/unreviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json new file mode 100644 index 0000000000000..566f6f187b641 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cgmm-x5ww-q5cr", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2026-26226" + ], + "details": "beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without proper escaping, allowing crafted input to break out of an attribute context and inject arbitrary SVG elements/attributes into the rendered output. When the generated SVG is embedded in a web page, this can result in script execution in the context of the embedding origin.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26226" + }, + { + "type": "WEB", + "url": "https://github.com/lukilabs/beautiful-mermaid/pull/8" + }, + { + "type": "WEB", + "url": "https://github.com/lukilabs/beautiful-mermaid/releases/tag/v0.1.3" + }, + { + "type": "WEB", + "url": "https://neo.projectdiscovery.io/share/cec71dc7-a8eb-417e-b8b4-666644796c1e" + }, + { + "type": "WEB", + "url": "https://www.vulncheck.com/advisories/beautiful-mermaid-svg-attribute-injection" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cm39-88fp-pv6j/GHSA-cm39-88fp-pv6j.json b/advisories/unreviewed/2026/02/GHSA-cm39-88fp-pv6j/GHSA-cm39-88fp-pv6j.json index 2318643dfd18f..bce80abbf7b42 100644 --- a/advisories/unreviewed/2026/02/GHSA-cm39-88fp-pv6j/GHSA-cm39-88fp-pv6j.json +++ b/advisories/unreviewed/2026/02/GHSA-cm39-88fp-pv6j/GHSA-cm39-88fp-pv6j.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-cm39-88fp-pv6j", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20624" ], "details": "An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-863" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:05Z" diff --git a/advisories/unreviewed/2026/02/GHSA-fq6p-4h82-858f/GHSA-fq6p-4h82-858f.json b/advisories/unreviewed/2026/02/GHSA-fq6p-4h82-858f/GHSA-fq6p-4h82-858f.json new file mode 100644 index 0000000000000..c9d4b3634317b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fq6p-4h82-858f/GHSA-fq6p-4h82-858f.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fq6p-4h82-858f", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70122" + ], + "details": "A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf-filter.go) when processing a declared length that exceeds the actual buffer capacity, leading to a runtime panic and UPF crash.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70122" + }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc/issues/746" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fqf2-x743-9564/GHSA-fqf2-x743-9564.json b/advisories/unreviewed/2026/02/GHSA-fqf2-x743-9564/GHSA-fqf2-x743-9564.json index 37b01af86dc3f..3ed2ead753663 100644 --- a/advisories/unreviewed/2026/02/GHSA-fqf2-x743-9564/GHSA-fqf2-x743-9564.json +++ b/advisories/unreviewed/2026/02/GHSA-fqf2-x743-9564/GHSA-fqf2-x743-9564.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-h6jx-x5f4-qmj9/GHSA-h6jx-x5f4-qmj9.json b/advisories/unreviewed/2026/02/GHSA-h6jx-x5f4-qmj9/GHSA-h6jx-x5f4-qmj9.json index 6f87148c28743..109964fac8eab 100644 --- a/advisories/unreviewed/2026/02/GHSA-h6jx-x5f4-qmj9/GHSA-h6jx-x5f4-qmj9.json +++ b/advisories/unreviewed/2026/02/GHSA-h6jx-x5f4-qmj9/GHSA-h6jx-x5f4-qmj9.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-h6jx-x5f4-qmj9", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20623" ], "details": "A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:05Z" diff --git a/advisories/unreviewed/2026/02/GHSA-h892-rh45-x8jp/GHSA-h892-rh45-x8jp.json b/advisories/unreviewed/2026/02/GHSA-h892-rh45-x8jp/GHSA-h892-rh45-x8jp.json index f2448d2f4681c..6a6a16057b1db 100644 --- a/advisories/unreviewed/2026/02/GHSA-h892-rh45-x8jp/GHSA-h892-rh45-x8jp.json +++ b/advisories/unreviewed/2026/02/GHSA-h892-rh45-x8jp/GHSA-h892-rh45-x8jp.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-h892-rh45-x8jp", - "modified": "2026-02-13T06:30:48Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-13T06:30:48Z", "aliases": [ "CVE-2025-15520" ], "details": "The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -21,7 +26,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-13T06:16:10Z" diff --git a/advisories/unreviewed/2026/02/GHSA-j98c-62jj-x3h3/GHSA-j98c-62jj-x3h3.json b/advisories/unreviewed/2026/02/GHSA-j98c-62jj-x3h3/GHSA-j98c-62jj-x3h3.json new file mode 100644 index 0000000000000..85d71bffe0028 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-j98c-62jj-x3h3/GHSA-j98c-62jj-x3h3.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j98c-62jj-x3h3", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70123" + ], + "details": "An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a subsequent valid PFCP Session Establishment Request triggers a cascading failure, disrupting the SMF connection and causing service degradation.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70123" + }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc/issues/745" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jhq4-533p-8p4c/GHSA-jhq4-533p-8p4c.json b/advisories/unreviewed/2026/02/GHSA-jhq4-533p-8p4c/GHSA-jhq4-533p-8p4c.json index 200deaa254608..3092e58eb79b4 100644 --- a/advisories/unreviewed/2026/02/GHSA-jhq4-533p-8p4c/GHSA-jhq4-533p-8p4c.json +++ b/advisories/unreviewed/2026/02/GHSA-jhq4-533p-8p4c/GHSA-jhq4-533p-8p4c.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-jhq4-533p-8p4c", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-12T00:31:03Z", "aliases": [ "CVE-2026-20608" ], "details": "This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -36,8 +41,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-770" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:04Z" diff --git a/advisories/unreviewed/2026/02/GHSA-m7rx-q9f3-3p96/GHSA-m7rx-q9f3-3p96.json b/advisories/unreviewed/2026/02/GHSA-m7rx-q9f3-3p96/GHSA-m7rx-q9f3-3p96.json index 6f0497ef22ac3..21e93d4d54400 100644 --- a/advisories/unreviewed/2026/02/GHSA-m7rx-q9f3-3p96/GHSA-m7rx-q9f3-3p96.json +++ b/advisories/unreviewed/2026/02/GHSA-m7rx-q9f3-3p96/GHSA-m7rx-q9f3-3p96.json @@ -30,7 +30,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-122" + "CWE-122", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-p47v-wp9g-8362/GHSA-p47v-wp9g-8362.json b/advisories/unreviewed/2026/02/GHSA-p47v-wp9g-8362/GHSA-p47v-wp9g-8362.json index fd782e26d81f6..eddabd2081f8b 100644 --- a/advisories/unreviewed/2026/02/GHSA-p47v-wp9g-8362/GHSA-p47v-wp9g-8362.json +++ b/advisories/unreviewed/2026/02/GHSA-p47v-wp9g-8362/GHSA-p47v-wp9g-8362.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-p47v-wp9g-8362", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20609" ], "details": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:04Z" diff --git a/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json b/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json index 1e43ff6433e4b..b6d3c0bc1c860 100644 --- a/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json +++ b/advisories/unreviewed/2026/02/GHSA-p5cr-gq3j-93c4/GHSA-p5cr-gq3j-93c4.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-p5cr-gq3j-93c4", - "modified": "2026-02-13T00:32:51Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-13T00:32:51Z", "aliases": [ "CVE-2025-70845" ], "details": "lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the \"intro\" field is not properly sanitized or escaped.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-12T22:16:03Z" diff --git a/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json b/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json index d4716738bd91d..372a3a4a8ad50 100644 --- a/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json +++ b/advisories/unreviewed/2026/02/GHSA-p5wr-5p37-2wm6/GHSA-p5wr-5p37-2wm6.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-p5wr-5p37-2wm6", - "modified": "2026-02-07T00:30:27Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-07T00:30:27Z", "aliases": [ "CVE-2026-1731" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293" }, + { + "type": "WEB", + "url": "https://github.com/win3zz/CVE-2026-1731" + }, { "type": "WEB", "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02" diff --git a/advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json b/advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json new file mode 100644 index 0000000000000..a1ff3a4c32013 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qqhc-37jx-7gh5/GHSA-qqhc-37jx-7gh5.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qqhc-37jx-7gh5", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70095" + ], + "details": "A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70095" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70095.md" + }, + { + "type": "WEB", + "url": "https://github.com/opensourcepos/opensourcepos" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json b/advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json new file mode 100644 index 0000000000000..b61da74c7afe4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r3p8-h9vv-9cqc/GHSA-r3p8-h9vv-9cqc.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r3p8-h9vv-9cqc", + "modified": "2026-02-13T18:31:24Z", + "published": "2026-02-13T18:31:24Z", + "aliases": [ + "CVE-2025-70093" + ], + "details": "An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70093" + }, + { + "type": "WEB", + "url": "https://github.com/opensourcepos/opensourcepos/pull/4357" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70093.md" + }, + { + "type": "WEB", + "url": "https://www.opensourcepos.org" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json b/advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json new file mode 100644 index 0000000000000..576b5627e73f5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vwfj-gc28-j2fg/GHSA-vwfj-gc28-j2fg.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vwfj-gc28-j2fg", + "modified": "2026-02-13T18:31:24Z", + "published": "2026-02-13T18:31:24Z", + "aliases": [ + "CVE-2025-70091" + ], + "details": "A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70091" + }, + { + "type": "WEB", + "url": "https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70091.md" + }, + { + "type": "WEB", + "url": "https://www.opensourcepos.org" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T16:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json b/advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json new file mode 100644 index 0000000000000..d7196d2e1ca2c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w7w9-2vjv-7r67/GHSA-w7w9-2vjv-7r67.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w7w9-2vjv-7r67", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2026-2026" + ], + "details": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2026" + }, + { + "type": "WEB", + "url": "https://www.tenable.com/security/tns-2026-05" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-276" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json b/advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json new file mode 100644 index 0000000000000..24f82d3dbbe7a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x3j4-874w-h7pv/GHSA-x3j4-874w-h7pv.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x3j4-874w-h7pv", + "modified": "2026-02-13T18:31:25Z", + "published": "2026-02-13T18:31:25Z", + "aliases": [ + "CVE-2025-70121" + ], + "details": "An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method (NAS_MobileIdentity5GS.go) when accessing index 5 of a 5-element array, leading to a runtime panic and AMF crash.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70121" + }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc/issues/747" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-13T17:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json b/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json index f5c1fe7f502f8..175244e5405e2 100644 --- a/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json +++ b/advisories/unreviewed/2026/02/GHSA-xrqq-m9vv-pq36/GHSA-xrqq-m9vv-pq36.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-xrqq-m9vv-pq36", - "modified": "2026-02-12T00:31:04Z", + "modified": "2026-02-13T18:31:24Z", "published": "2026-02-12T00:31:04Z", "aliases": [ "CVE-2026-20619" ], "details": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-11T23:16:05Z" From 767802338fa8c1dbd8944581598134d805b99b23 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 19:45:13 +0000 Subject: [PATCH 003/222] Publish GHSA-qvhc-9v3j-5rfw --- .../02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json b/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json index bbc291a2be5e0..eaff76ee3608b 100644 --- a/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json +++ b/advisories/github-reviewed/2026/02/GHSA-qvhc-9v3j-5rfw/GHSA-qvhc-9v3j-5rfw.json @@ -1,18 +1,14 @@ { "schema_version": "1.4.0", "id": "GHSA-qvhc-9v3j-5rfw", - "modified": "2026-02-12T17:44:46Z", + "modified": "2026-02-13T19:43:22Z", "published": "2026-02-10T21:32:18Z", "aliases": [ "CVE-2026-21218" ], "summary": "Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability", - "details": "# Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nAn attacker could exploit this vulnerability by crafting a malicious payload that bypasses the security checks in the affected System.Security.Cryptography.Cose versions, potentially leading to unauthorized access or data manipulation.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/380\n\n## Mitigation factors\n\nIf your application does not use System.Security.Cryptography.Cose it is not affected. By default, no .NET applications reference this component.\n\n## Affected Packages\nThe vulnerability affects any Microsoft .NET project if it uses any of affected packages versions listed below\n\n### .NET 10\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 10.0.0, < 10.0.2 | 10.0.3\n\n### .NET 9\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 9.0.0, < 9.0.12 | 9.0.13\n\n### .NET 8\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 8.0.0, < 8.0.1 | 8.0.2\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf an affected package listed in [affected software](#affected-software) or [affected packages](#affected-packages), you're exposed to the vulnerability.\n\n### How do I fix the issue?\n\nTo update the Using the System.Security.Cryptography.Cose NuGet package, use one of the following methods:\n\nNuGet Package Manager UI in Visual Studio:\n- Open your project in Visual Studio.\n- Right-click on your project in Solution Explorer and select \"Manage NuGet Packages...\" or navigate to \"Project > Manage NuGet Packages\".\n- In the NuGet Package Manager window, select the \"Updates\" tab. This tab lists packages with available updates from your configured package sources.\n- Select the package(s) you wish to update. You can choose a specific version from the dropdown or update to the latest available version.\n- Click the \"Update\" button.\n\nUsing the NuGet Package Manager Console in Visual Studio:\n- Open your project in Visual Studio.\n- Navigate to \"Tools > NuGet Package Manager > Package Manager Console\".\n- To update a specific package to its latest version, use the following Update-Package command:\n\n```\nUpdate-Package -Id System.Security.Cryptography.Cose\n```\n\nUsing the .NET CLI (Command Line Interface):\n- Open a terminal or command prompt in your project's directory.\n- To update a specific package to its latest version, use the following add package command:\n\n```\ndotnet add package System.Security.Cryptography.Cose\n```\n\nOnce you have updated the nuget package reference you must recompile and deploy your application. Additionally we recommend you update your runtime and/or SDKs, but it is not necessary to patch the vulnerability.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in a supported version of .NET, please report it to the Microsoft Security Response Center (MSRC) via the [MSRC Researcher Portal](https://msrc.microsoft.com/report/vulnerability/new). Further information can be found in the MSRC [Report an Issue FAQ](https://www.microsoft.com/msrc/faqs-report-an-issue).\n\nSecurity reports made through MSRC may qualify for the Microsoft .NET Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2026-21218](https://www.cve.org/CVERecord?id=CVE-2026-21218)\n\n### Acknowledgements\n\nvcsjones with GitHub\n\n### Revisions\n\nV1.0 (February 10, 2026): Advisory published.", + "details": "# Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nAn attacker could exploit this vulnerability by crafting a malicious payload that bypasses the security checks in the affected System.Security.Cryptography.Cose versions, potentially leading to unauthorized access or data manipulation.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/380\n\n## Mitigation factors\n\nIf your application does not use System.Security.Cryptography.Cose it is not affected. By default, no .NET applications reference this component.\n\n## Affected Packages\nThe vulnerability affects any Microsoft .NET project if it uses any of affected packages versions listed below\n\n### .NET 10\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 10.0.0, <= 10.0.2 | 10.0.3\n\n### .NET 9\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 9.0.0, <= 9.0.12 | 9.0.13\n\n### .NET 8\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Cose](https://www.nuget.org/packages/System.Security.Cryptography.Cose) | >= 8.0.0, <= 8.0.1 | 8.0.2\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf an affected package listed in [affected software](#affected-software) or [affected packages](#affected-packages), you're exposed to the vulnerability.\n\n### How do I fix the issue?\n\nTo update the Using the System.Security.Cryptography.Cose NuGet package, use one of the following methods:\n\nNuGet Package Manager UI in Visual Studio:\n- Open your project in Visual Studio.\n- Right-click on your project in Solution Explorer and select \"Manage NuGet Packages...\" or navigate to \"Project > Manage NuGet Packages\".\n- In the NuGet Package Manager window, select the \"Updates\" tab. This tab lists packages with available updates from your configured package sources.\n- Select the package(s) you wish to update. You can choose a specific version from the dropdown or update to the latest available version.\n- Click the \"Update\" button.\n\nUsing the NuGet Package Manager Console in Visual Studio:\n- Open your project in Visual Studio.\n- Navigate to \"Tools > NuGet Package Manager > Package Manager Console\".\n- To update a specific package to its latest version, use the following Update-Package command:\n\n```\nUpdate-Package -Id System.Security.Cryptography.Cose\n```\n\nUsing the .NET CLI (Command Line Interface):\n- Open a terminal or command prompt in your project's directory.\n- To update a specific package to its latest version, use the following add package command:\n\n```\ndotnet add package System.Security.Cryptography.Cose\n```\n\nOnce you have updated the nuget package reference you must recompile and deploy your application. Additionally we recommend you update your runtime and/or SDKs, but it is not necessary to patch the vulnerability.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in a supported version of .NET, please report it to the Microsoft Security Response Center (MSRC) via the [MSRC Researcher Portal](https://msrc.microsoft.com/report/vulnerability/new). Further information can be found in the MSRC [Report an Issue FAQ](https://www.microsoft.com/msrc/faqs-report-an-issue).\n\nSecurity reports made through MSRC may qualify for the Microsoft .NET Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2026-21218](https://www.cve.org/CVERecord?id=CVE-2026-21218)\n\n### Acknowledgements\n\nvcsjones with GitHub\n\n### Revisions\n\nV1.0 (February 10, 2026): Advisory published.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" - }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" @@ -60,7 +56,7 @@ } ], "database_specific": { - "last_known_affected_version_range": "< 9.0.12" + "last_known_affected_version_range": "<= 9.0.12" } }, { @@ -82,7 +78,7 @@ } ], "database_specific": { - "last_known_affected_version_range": "< 10.0.2" + "last_known_affected_version_range": "<= 10.0.2" } } ], From b0da1d5857c7eaaccab279ecc444471f0098ad3b Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 19:57:35 +0000 Subject: [PATCH 004/222] Publish GHSA-6426-9fv3-65x8 --- .../2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json b/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json index a760766599ba5..4ca15dfff45b2 100644 --- a/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json +++ b/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-6426-9fv3-65x8", - "modified": "2026-02-03T19:35:57Z", + "modified": "2026-02-13T19:55:25Z", "published": "2026-02-03T15:30:24Z", "aliases": [ "CVE-2026-1312" @@ -10,8 +10,8 @@ "details": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Solomon Kebede for reporting this issue.", "severity": [ { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "affected": [ @@ -107,7 +107,7 @@ "cwe_ids": [ "CWE-89" ], - "severity": "HIGH", + "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2026-02-03T19:35:56Z", "nvd_published_at": "2026-02-03T15:16:13Z" From acfcbcdafb291203572a85474681a243af8bfe36 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Fri, 13 Feb 2026 20:06:46 +0000 Subject: [PATCH 005/222] Publish Advisories GHSA-38c4-r59v-3vqw GHSA-cvhv-6xm6-c3v4 GHSA-g433-pq76-6cmf GHSA-cvhv-6xm6-c3v4 --- .../GHSA-38c4-r59v-3vqw.json | 37 ++++++- .../GHSA-cvhv-6xm6-c3v4.json | 65 +++++++++++ .../GHSA-g433-pq76-6cmf.json | 103 ++++++++++++++++++ .../GHSA-cvhv-6xm6-c3v4.json | 34 ------ 4 files changed, 199 insertions(+), 40 deletions(-) rename advisories/{unreviewed => github-reviewed}/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json (67%) create mode 100644 advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-g433-pq76-6cmf/GHSA-g433-pq76-6cmf.json delete mode 100644 advisories/unreviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json diff --git a/advisories/unreviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json b/advisories/github-reviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json similarity index 67% rename from advisories/unreviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json rename to advisories/github-reviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json index 89a716520ae70..8d068ccd0ebf8 100644 --- a/advisories/unreviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json +++ b/advisories/github-reviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json @@ -1,11 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-38c4-r59v-3vqw", - "modified": "2026-02-12T06:30:13Z", + "modified": "2026-02-13T20:04:39Z", "published": "2026-02-12T06:30:13Z", "aliases": [ "CVE-2026-2327" ], + "summary": "markdown-it is has a Regular Expression Denial of Service (ReDoS)", "details": "Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.", "severity": [ { @@ -14,10 +15,30 @@ }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "markdown-it" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "13.0.0" + }, + { + "fixed": "14.1.1" + } + ] + } + ] } ], - "affected": [], "references": [ { "type": "ADVISORY", @@ -31,9 +52,13 @@ "type": "WEB", "url": "https://gist.github.com/ltduc147/c9abecae1b291ede4f692f2ab988c917" }, + { + "type": "PACKAGE", + "url": "https://github.com/markdown-it/markdown-it" + }, { "type": "WEB", - "url": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs%23L33" + "url": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs#L33" }, { "type": "WEB", @@ -45,8 +70,8 @@ "CWE-1333" ], "severity": "MODERATE", - "github_reviewed": false, - "github_reviewed_at": null, + "github_reviewed": true, + "github_reviewed_at": "2026-02-13T20:04:39Z", "nvd_published_at": "2026-02-12T06:16:02Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json b/advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json new file mode 100644 index 0000000000000..3cc25c3b3a55b --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cvhv-6xm6-c3v4", + "modified": "2026-02-13T20:04:56Z", + "published": "2026-02-13T03:31:23Z", + "aliases": [ + "CVE-2026-1721" + ], + "summary": "Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler", + "details": "Summary\n\nA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.\n\nRoot cause\n\nThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline ` $state,\n])>\n```\n\nSince Laravel does not escape special characters within the `@style` Blade directive, the effective output HTML would be:\n\n```html\n
\n```\n\nCreating the opportunity for arbitrary JS to run if it was stored in the database.\n\n### Response\n\nThis vulnerability (in `ColorColumn` only) was reported by @sv-LayZ, who reported the issue and patched the issue during the evening of 25/09/2024. Thank you Mattis.\n\nThe review process concluded on 27/09/2024, which revealed the issue was also present in `ColorEntry`. This was fixed the same day and Filament [v3.2.115](https://github.com/filamentphp/filament/releases/tag/v3.2.115) followed to escape any special characters while outputting inline styles like this:\n\n```blade\n
$state,\n])>
\n```\n\nAlthough these components are no longer vulnerable to this type of XSS attack, it is good practice to validate colors, and since many Filament users may be accepting color input using the `ColorPicker` form component, [additional color validation documentation was published](https://filamentphp.com/docs/3.x/forms/fields/color-picker#color-picker-validation).", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], "affected": [ { "package": { @@ -71,7 +76,7 @@ "cwe_ids": [ "CWE-79" ], - "severity": "CRITICAL", + "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-09-27T20:51:01Z", "nvd_published_at": "2024-09-27T21:15:03Z" From f835ce7b9f868951c89aab8c4b6f063e1d723451 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Feb 2026 21:30:30 +0000 Subject: [PATCH 066/222] Publish Advisories GHSA-4chv-4c6w-w254 GHSA-7v42-g35v-xrch GHSA-f5p9-j34q-pwcc --- .../GHSA-4chv-4c6w-w254.json | 120 ++++++++++++++++++ .../GHSA-7v42-g35v-xrch.json | 74 +++++++++++ .../GHSA-f5p9-j34q-pwcc.json | 66 ++++++++++ 3 files changed, 260 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-7v42-g35v-xrch/GHSA-7v42-g35v-xrch.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-f5p9-j34q-pwcc/GHSA-f5p9-j34q-pwcc.json diff --git a/advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json b/advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json new file mode 100644 index 0000000000000..9ce39d9038fa0 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json @@ -0,0 +1,120 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4chv-4c6w-w254", + "modified": "2026-02-17T21:29:05Z", + "published": "2026-02-17T21:29:05Z", + "aliases": [ + "CVE-2026-26267" + ], + "summary": "The rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide", + "details": "### Impact\n\nThe `#[contractimpl]` macro contains a bug in how it wires up function calls.\n\nIn Rust, you can define functions on a type in two ways:\n- Directly on the type as an inherent function:\n ```rust\n impl MyContract {\n fn value() { ... }\n }\n ```\n- Through a trait\n ```rust\n impl Trait for MyContract {\n fn value() { ... }\n }\n ```\n\nThese are two separate functions that happen to share the same name. Rust has rules for which one gets called. When you write `MyContract::value()`, Rust always picks the one defined directly on the type, not the trait version.\n\nThe bug is that `#[contractimpl]` generates code that uses `MyContract::value()` style calls even when it's processing the trait version. This means if an inherent function is also defined with the same name, the inherent function gets called instead of the trait function.\n\nThis means the Wasm-exported entry point silently calls the wrong function when two conditions are met simultaneously:\n1. A `impl Trait for MyContract` block is defined with one or more functions, with `#[contractimpl]` applied.\n2. A `impl MyContract` block is defined with one or more identically named functions, without `#[contractimpl]` applied.\n\nIf the trait version contains important security checks, such as verifying the caller is authorized, that the inherent version does not, those checks are bypassed. Anyone interacting with the contract through its public interface will call the wrong function.\n\nFor example:\n\n```rust\n#[contract]\npub struct Contract;\n\nimpl Contract {\n /// Inherent function — returns 1.\n /// Bug: The macro-generated WASM export is wired up to call this function.\n pub fn value() -> u32 {\n 1\n }\n}\n\npub trait Trait {\n fn value(env: Env) -> u32;\n}\n\n#[contractimpl]\nimpl Trait for MyContract {\n /// Trait implementation — returns 2.\n /// Fix: The macro-generated WASM export should call this function.\n fn value() -> u32 {\n 2\n }\n}\n```\n\n### Patches\n\nThe problem is patched in `soroban-sdk-macros` version **25.1.1**. The fix changes the generated call from `::func()` to `::func()` when processing trait implementations, ensuring Rust resolves to the trait associated function regardless of whether an inherent function with the same name exists.\n\nUsers should upgrade to `soroban-sdk-macros` **>= 25.1.1** and recompile their contracts.\n\n### Workarounds\n\nIf upgrading is not immediately possible, contract developers can avoid the issue by ensuring that no inherent associated function on the contract type shares a name with any function in the trait implementation. Renaming or removing the conflicting inherent function eliminates the ambiguity and causes the macro-generated code to correctly resolve to the trait function.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "crates.io", + "name": "soroban-sdk-macros" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "25.0.0" + }, + { + "fixed": "25.1.1" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 25.1.0" + } + }, + { + "package": { + "ecosystem": "crates.io", + "name": "soroban-sdk-macros" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "23.0.0" + }, + { + "fixed": "23.5.2" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 23.5.1" + } + }, + { + "package": { + "ecosystem": "crates.io", + "name": "soroban-sdk-macros" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "22.0.10" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 22.0.9" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-4chv-4c6w-w254" + }, + { + "type": "WEB", + "url": "https://github.com/stellar/rs-soroban-sdk/pull/1729" + }, + { + "type": "WEB", + "url": "https://github.com/stellar/rs-soroban-sdk/pull/1730" + }, + { + "type": "WEB", + "url": "https://github.com/stellar/rs-soroban-sdk/pull/1731" + }, + { + "type": "WEB", + "url": "https://github.com/stellar/rs-soroban-sdk/commit/e92a3933e5f92dc09da3c740cf6a360d55709a2b" + }, + { + "type": "PACKAGE", + "url": "https://github.com/stellar/rs-soroban-sdk" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-670" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:29:05Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-7v42-g35v-xrch/GHSA-7v42-g35v-xrch.json b/advisories/github-reviewed/2026/02/GHSA-7v42-g35v-xrch/GHSA-7v42-g35v-xrch.json new file mode 100644 index 0000000000000..8366aba3562b7 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-7v42-g35v-xrch/GHSA-7v42-g35v-xrch.json @@ -0,0 +1,74 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7v42-g35v-xrch", + "modified": "2026-02-17T21:29:34Z", + "published": "2026-02-17T21:29:34Z", + "aliases": [ + "CVE-2026-26275" + ], + "summary": "Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass", + "details": "### Impact\n\nAn issue was discovered in `httpsig-hyper` where Digest header verification could incorrectly succeed due to misuse of Rust's `matches!` macro. Specifically, the comparison:\n\n```rust\nif matches!(digest, _expected_digest)\n```\n\ntreated `_expected_digest` as a pattern binding rather than a value comparison, resulting in unconditional success of the match expression.\n\nAs a consequence, digest verification could incorrectly return success even when the computed digest did not match the expected value.\n\nApplications relying on Digest verification as part of HTTP message signature validation may therefore fail to detect message body modification. The severity depends on how the library is integrated and whether additional signature validation layers are enforced.\n\n---\n\n### Patches\n\nThis issue has been fixed in:\n\n- `httpsig-hyper` >= 0.0.23\n\nThe fix replaces the incorrect `matches!` usage with proper value comparison and additionally introduces constant-time comparison for digest verification as defense-in-depth.\n\nRegression tests have also been added to prevent reintroduction of this issue. Users are strongly advised to upgrade to the patched version.\n\n---\n\n### Workarounds\n\nThere is no reliable workaround without upgrading. Users who cannot immediately upgrade should avoid relying solely on Digest verification for message integrity and ensure that full HTTP message signature verification is enforced at the application layer.\n\n---\n\n### References\n\n- PR: https://github.com/junkurihara/httpsig-rs/pull/14\n- Follow-up hardening and test additions: https://github.com/junkurihara/httpsig-rs/pull/15", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "crates.io", + "name": "httpsig-hyper" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.0.23" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/junkurihara/httpsig-rs/security/advisories/GHSA-7v42-g35v-xrch" + }, + { + "type": "WEB", + "url": "https://github.com/junkurihara/httpsig-rs/pull/14" + }, + { + "type": "WEB", + "url": "https://github.com/junkurihara/httpsig-rs/pull/15" + }, + { + "type": "WEB", + "url": "https://github.com/junkurihara/httpsig-rs/commit/5533f596c650377e02f4aa9e3eb8dba591b87370" + }, + { + "type": "WEB", + "url": "https://github.com/junkurihara/httpsig-rs/commit/65cbd19b395180a4bba09a89746c4b14ccb8d297" + }, + { + "type": "PACKAGE", + "url": "https://github.com/junkurihara/httpsig-rs" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-354", + "CWE-697" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:29:34Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-f5p9-j34q-pwcc/GHSA-f5p9-j34q-pwcc.json b/advisories/github-reviewed/2026/02/GHSA-f5p9-j34q-pwcc/GHSA-f5p9-j34q-pwcc.json new file mode 100644 index 0000000000000..e3c4ac2e025e5 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-f5p9-j34q-pwcc/GHSA-f5p9-j34q-pwcc.json @@ -0,0 +1,66 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f5p9-j34q-pwcc", + "modified": "2026-02-17T21:27:58Z", + "published": "2026-02-17T21:27:58Z", + "aliases": [ + "CVE-2026-26201" + ], + "summary": "emp3r0r Affected by Concurrent Map Access DoS (panic/crash)", + "details": "## Summary\n\nMultiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger `fatal error: concurrent map read and map write`, causing C2 process crash (availability loss).\n\n## Vulnerable Component(with code examples)\n\nOperator relay map had mixed access patterns (iteration and mutation without a single lock policy):\n\n```go\n// vulnerable pattern (operator session map)\nfor sessionID, op := range OPERATORS { // iteration path\n ...\n}\n\n// concurrent mutation path elsewhere\nOPERATORS[operatorSession] = &operator_t{...}\ndelete(OPERATORS, operatorSession)\n```\n\nPort-forwarding session map had read/write paths guarded inconsistently:\n\n```go\n// vulnerable pattern (port forward map)\nif sess, ok := PortFwds[id]; ok { // read path\n ...\n}\n\nPortFwds[id] = newSession // write path\ndelete(PortFwds, id) // delete path\n```\n\nFTP stream map similarly mixed concurrent iteration with mutation:\n\n```go\n// vulnerable pattern (FTP stream map)\nfor token, stream := range FTPStreams { // iteration path\n ...\n}\n\nFTPStreams[token] = stream // write path\ndelete(FTPStreams, token) // delete path\n```\n\n## Attack Vector\n\n1. Attacker (or stress traffic in authenticated flows) triggers high concurrency in normal control paths.\n2. Operator sessions connect/disconnect while message forwarding and file-transfer workflows are active.\n3. Concurrent read/write hits shared maps.\n4. Go runtime panics with concurrent map read/write error.\n5. C2 component exits, producing denial of service.\n\n## Proof of Concept\n\n1. Start C2 server with active operator session(s) in a lab environment.\n2. Generate rapid operator session churn (connect/disconnect loops).\n3. Simultaneously drive agent message tunnel traffic and/or file transfer activity.\n4. Observe crash signature in logs: `fatal error: concurrent map read and map write`.\n5. Optional: run with race detector in dev build to confirm race locations.\n\n## Impact\n\n- C2 service interruption due to process panic/crash.\n- Operational instability under load or deliberate churn.\n- Repeated crash-restart cycles can degrade command reliability and incident response workflows.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/jm33-m0/emp3r0r/core" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.0.0-20260212232424-ea4d074f081d" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-f5p9-j34q-pwcc" + }, + { + "type": "WEB", + "url": "https://github.com/jm33-m0/emp3r0r/commit/ea4d074f081dac6293f3aec38f01def5f08d5af5" + }, + { + "type": "PACKAGE", + "url": "https://github.com/jm33-m0/emp3r0r" + }, + { + "type": "WEB", + "url": "https://github.com/jm33-m0/emp3r0r/releases/tag/v3.21.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-362", + "CWE-663" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:27:58Z", + "nvd_published_at": null + } +} \ No newline at end of file From 42ec163609d18b8008567c964959d19792f6903a Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Feb 2026 21:34:21 +0000 Subject: [PATCH 067/222] Advisory Database Sync --- .../GHSA-3m3q-x3gj-f79x.json | 82 +++++++++++++++++++ .../GHSA-g27f-9qjv-22pm.json | 67 +++++++++++++++ .../GHSA-jmr7-xgp7-cmfj.json | 65 +++++++++++++++ .../GHSA-mv9j-6xhh-g383.json | 64 +++++++++++++++ .../GHSA-wfp2-v9c7-fh79.json | 67 +++++++++++++++ .../GHSA-h58h-8g45-v677.json | 16 +++- .../GHSA-qfxw-56c6-7pjg.json | 17 +++- .../GHSA-9c5h-6x6r-hvxh.json | 4 +- .../GHSA-gvpq-95j2-mc36.json | 4 +- .../GHSA-22f5-q5gp-64wx.json | 6 +- .../GHSA-q28j-qr7m-gpf6.json | 6 +- .../GHSA-3hmm-3q3p-7x72.json | 3 +- .../GHSA-8x3f-4jvw-ww73.json | 6 +- .../GHSA-fm67-x2fw-2g76.json | 6 +- .../GHSA-j644-xc9q-497g.json | 9 +- .../GHSA-prgg-gmcv-8hj2.json | 3 +- .../GHSA-wmgp-r59p-x29f.json | 3 +- .../GHSA-2gp2-mfg4-q5mv.json | 36 ++++++++ .../GHSA-3mc6-qj9j-9v96.json | 6 +- .../GHSA-3q38-qghq-9hmp.json | 36 ++++++++ .../GHSA-3qr2-wf7p-c9f8.json | 4 +- .../GHSA-3w38-x6jp-8474.json | 36 ++++++++ .../GHSA-4586-432g-jmvg.json | 41 ++++++++++ .../GHSA-4c5g-pgmw-3hxj.json | 52 ++++++++++++ .../GHSA-4rxf-gw9p-prj2.json | 36 ++++++++ .../GHSA-58rc-3q27-grhq.json | 36 ++++++++ .../GHSA-5fc6-h8m7-2wfc.json | 34 ++++++++ .../GHSA-5fpg-jg99-g97m.json | 4 +- .../GHSA-5jg4-px58-ghq6.json | 29 +++++++ .../GHSA-5mcc-f9f9-29w9.json | 36 ++++++++ .../GHSA-5xwj-82gw-46fv.json | 36 ++++++++ .../GHSA-622x-ww28-86h7.json | 15 +++- .../GHSA-65rw-7fc7-g478.json | 34 ++++++++ .../GHSA-6j8r-j98h-9g9f.json | 6 +- .../GHSA-6xm9-322m-9c67.json | 3 +- .../GHSA-74jq-6q38-p5wf.json | 34 ++++++++ .../GHSA-7g55-6w4c-27v8.json | 36 ++++++++ .../GHSA-846m-xcgv-cmm3.json | 36 ++++++++ .../GHSA-8rh3-rvv2-3mr4.json | 34 ++++++++ .../GHSA-95x4-2j8q-mf8q.json | 36 ++++++++ .../GHSA-9pq4-hhwq-2hcq.json | 15 +++- .../GHSA-9xgc-j99m-jvr5.json | 3 +- .../GHSA-c56r-fcf4-6rp2.json | 36 ++++++++ .../GHSA-c62m-j9cx-48c8.json | 6 +- .../GHSA-cc8m-46cg-cg54.json | 36 ++++++++ .../GHSA-cxcr-rj95-h6f4.json | 36 ++++++++ .../GHSA-fp2x-rmwp-chww.json | 36 ++++++++ .../GHSA-fpj8-gq4v-p354.json | 31 +++++++ .../GHSA-frcr-mg6p-g499.json | 40 +++++++++ .../GHSA-fvpc-p8pv-qjmp.json | 36 ++++++++ .../GHSA-fwv6-g5vr-pgpx.json | 36 ++++++++ .../GHSA-g268-rwhc-cj9f.json | 33 ++++++++ .../GHSA-g989-fg9h-96pr.json | 6 +- .../GHSA-gpj4-p4vm-jmrr.json | 36 ++++++++ .../GHSA-gr4h-93qx-7636.json | 36 ++++++++ .../GHSA-hf4g-rr9m-7fx6.json | 37 +++++++++ .../GHSA-hp59-976f-xjmx.json | 36 ++++++++ .../GHSA-jwv5-943c-f5wh.json | 3 +- .../GHSA-m2gf-58fp-54j4.json | 6 +- .../GHSA-mgp5-rv84-w37q.json | 31 +++++++ .../GHSA-mrc8-4r2p-q3ww.json | 52 ++++++++++++ .../GHSA-p2vv-8mpq-57x2.json | 3 +- .../GHSA-p2xq-4rwg-xcp7.json | 36 ++++++++ .../GHSA-p937-j3mh-5m6r.json | 33 ++++++++ .../GHSA-p9g6-vwf9-qggv.json | 3 +- .../GHSA-pqh8-xq2x-mwg2.json | 29 +++++++ .../GHSA-qc7g-qpr2-qpjj.json | 36 ++++++++ .../GHSA-qq5r-98hh-rxc9.json | 31 +++++++ .../GHSA-qvhf-98cj-8779.json | 29 +++++++ .../GHSA-qxp9-w6x3-f25v.json | 3 +- .../GHSA-rgxp-2hwp-jwgg.json | 6 +- .../GHSA-rm24-2x6v-8w7f.json | 52 ++++++++++++ .../GHSA-v5g8-2q7f-c524.json | 3 +- .../GHSA-v929-j8mj-vc74.json | 34 ++++++++ .../GHSA-vp3m-qh4p-wg7c.json | 36 ++++++++ .../GHSA-vq48-824m-7qhf.json | 6 +- .../GHSA-vw2m-h749-pv59.json | 36 ++++++++ .../GHSA-w2v5-vxvg-mqgh.json | 15 +++- .../GHSA-w7gq-6p98-xh22.json | 3 +- .../GHSA-wj4m-c5pc-p9r9.json | 36 ++++++++ .../GHSA-wm8j-hgw9-h534.json | 36 ++++++++ .../GHSA-wmq7-3p89-w6h8.json | 4 +- .../GHSA-wrgv-jmfr-c4gr.json | 36 ++++++++ .../GHSA-wrqj-g5w9-qq86.json | 36 ++++++++ .../GHSA-wxpc-f9fq-w9pq.json | 3 +- .../GHSA-x7fc-g3mg-7h5h.json | 36 ++++++++ .../GHSA-xpp8-qpcr-c3rg.json | 6 +- 87 files changed, 2207 insertions(+), 51 deletions(-) create mode 100644 advisories/github-reviewed/2026/02/GHSA-3m3q-x3gj-f79x/GHSA-3m3q-x3gj-f79x.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-g27f-9qjv-22pm/GHSA-g27f-9qjv-22pm.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-jmr7-xgp7-cmfj/GHSA-jmr7-xgp7-cmfj.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-mv9j-6xhh-g383/GHSA-mv9j-6xhh-g383.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-wfp2-v9c7-fh79/GHSA-wfp2-v9c7-fh79.json create mode 100644 advisories/unreviewed/2026/02/GHSA-2gp2-mfg4-q5mv/GHSA-2gp2-mfg4-q5mv.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3q38-qghq-9hmp/GHSA-3q38-qghq-9hmp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3w38-x6jp-8474/GHSA-3w38-x6jp-8474.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4586-432g-jmvg/GHSA-4586-432g-jmvg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4c5g-pgmw-3hxj/GHSA-4c5g-pgmw-3hxj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4rxf-gw9p-prj2/GHSA-4rxf-gw9p-prj2.json create mode 100644 advisories/unreviewed/2026/02/GHSA-58rc-3q27-grhq/GHSA-58rc-3q27-grhq.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5jg4-px58-ghq6/GHSA-5jg4-px58-ghq6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5mcc-f9f9-29w9/GHSA-5mcc-f9f9-29w9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5xwj-82gw-46fv/GHSA-5xwj-82gw-46fv.json create mode 100644 advisories/unreviewed/2026/02/GHSA-65rw-7fc7-g478/GHSA-65rw-7fc7-g478.json create mode 100644 advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7g55-6w4c-27v8/GHSA-7g55-6w4c-27v8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-846m-xcgv-cmm3/GHSA-846m-xcgv-cmm3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-95x4-2j8q-mf8q/GHSA-95x4-2j8q-mf8q.json create mode 100644 advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cc8m-46cg-cg54/GHSA-cc8m-46cg-cg54.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cxcr-rj95-h6f4/GHSA-cxcr-rj95-h6f4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fp2x-rmwp-chww/GHSA-fp2x-rmwp-chww.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fpj8-gq4v-p354/GHSA-fpj8-gq4v-p354.json create mode 100644 advisories/unreviewed/2026/02/GHSA-frcr-mg6p-g499/GHSA-frcr-mg6p-g499.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fvpc-p8pv-qjmp/GHSA-fvpc-p8pv-qjmp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fwv6-g5vr-pgpx/GHSA-fwv6-g5vr-pgpx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g268-rwhc-cj9f/GHSA-g268-rwhc-cj9f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gpj4-p4vm-jmrr/GHSA-gpj4-p4vm-jmrr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gr4h-93qx-7636/GHSA-gr4h-93qx-7636.json create mode 100644 advisories/unreviewed/2026/02/GHSA-hf4g-rr9m-7fx6/GHSA-hf4g-rr9m-7fx6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-hp59-976f-xjmx/GHSA-hp59-976f-xjmx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mgp5-rv84-w37q/GHSA-mgp5-rv84-w37q.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mrc8-4r2p-q3ww/GHSA-mrc8-4r2p-q3ww.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p2xq-4rwg-xcp7/GHSA-p2xq-4rwg-xcp7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p937-j3mh-5m6r/GHSA-p937-j3mh-5m6r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-pqh8-xq2x-mwg2/GHSA-pqh8-xq2x-mwg2.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qc7g-qpr2-qpjj/GHSA-qc7g-qpr2-qpjj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qq5r-98hh-rxc9/GHSA-qq5r-98hh-rxc9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qvhf-98cj-8779/GHSA-qvhf-98cj-8779.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rm24-2x6v-8w7f/GHSA-rm24-2x6v-8w7f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vp3m-qh4p-wg7c/GHSA-vp3m-qh4p-wg7c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vw2m-h749-pv59/GHSA-vw2m-h749-pv59.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wj4m-c5pc-p9r9/GHSA-wj4m-c5pc-p9r9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wm8j-hgw9-h534/GHSA-wm8j-hgw9-h534.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wrgv-jmfr-c4gr/GHSA-wrgv-jmfr-c4gr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wrqj-g5w9-qq86/GHSA-wrqj-g5w9-qq86.json create mode 100644 advisories/unreviewed/2026/02/GHSA-x7fc-g3mg-7h5h/GHSA-x7fc-g3mg-7h5h.json diff --git a/advisories/github-reviewed/2026/02/GHSA-3m3q-x3gj-f79x/GHSA-3m3q-x3gj-f79x.json b/advisories/github-reviewed/2026/02/GHSA-3m3q-x3gj-f79x/GHSA-3m3q-x3gj-f79x.json new file mode 100644 index 0000000000000..733bb027dc399 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-3m3q-x3gj-f79x/GHSA-3m3q-x3gj-f79x.json @@ -0,0 +1,82 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3m3q-x3gj-f79x", + "modified": "2026-02-17T21:31:58Z", + "published": "2026-02-17T21:31:58Z", + "aliases": [], + "summary": "OpenClaw optional voice-call plugin: webhook verification may be bypassed behind certain proxy configurations", + "details": "## Affected Packages / Versions\n\nThis issue affects the optional voice-call plugin only. It is not enabled by default; it only applies to installations where the plugin is installed and enabled.\n\n- Package: `@openclaw/voice-call`\n- Vulnerable versions: `< 2026.2.3`\n- Patched versions: `>= 2026.2.3`\n\nLegacy package name (if you are still using it):\n\n- Package: `@clawdbot/voice-call`\n- Vulnerable versions: `<= 2026.1.24`\n- Patched versions: none published under this package name; migrate to `@openclaw/voice-call`\n\n## Summary\n\nIn certain reverse-proxy / forwarding setups, webhook verification can be bypassed if untrusted forwarded headers are accepted.\n\n## Impact\n\nAn external party may be able to send voice-call webhook requests that are accepted as valid, which can result in spoofed webhook events being processed.\n\n## Root Cause\n\nSome deployments implicitly trusted forwarded headers (for example `Forwarded` / `X-Forwarded-*`) when determining request properties used during webhook verification. If those headers are not overwritten by a trusted proxy, a client can supply them directly and influence verification.\n\n## Resolution\n\nIgnore forwarded headers by default unless explicitly trusted and allowlisted in configuration. Keep any loopback-only development bypass restricted to local development only. Upgrade to a patched version.\n\nIf you cannot upgrade immediately, strip `Forwarded` and `X-Forwarded-*` headers at the edge so clients cannot supply them directly.\n\n## Fix Commit(s)\n\n- `a749db9820eb6d6224032a5a34223d286d2dcc2f`\n\n## Credits\n\nThanks `@0x5t` for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "@openclaw/voice-call" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "@clawdbot/voice-call" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "2026.1.24" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3m3q-x3gj-f79x" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/a749db9820eb6d6224032a5a34223d286d2dcc2f" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.3" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:31:58Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-g27f-9qjv-22pm/GHSA-g27f-9qjv-22pm.json b/advisories/github-reviewed/2026/02/GHSA-g27f-9qjv-22pm/GHSA-g27f-9qjv-22pm.json new file mode 100644 index 0000000000000..1bbefe9673966 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-g27f-9qjv-22pm/GHSA-g27f-9qjv-22pm.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g27f-9qjv-22pm", + "modified": "2026-02-17T21:31:39Z", + "published": "2026-02-17T21:31:39Z", + "aliases": [], + "summary": "OpenClaw log poisoning (indirect prompt injection) via WebSocket headers", + "details": "### Summary\nIn `openclaw` versions prior to `2026.2.13`, OpenClaw logged certain WebSocket request headers (including `Origin` and `User-Agent`) without neutralization or length limits on the \"closed before connect\" path.\n\nIf an unauthenticated client can reach the gateway and send crafted header values, those values may be written into core logs. Under workflows where logs are later read or interpreted by an LLM (for example via AI-assisted debugging), this can increase the risk of indirect prompt injection (log poisoning).\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.2.12`\n- Fixed: `>= 2026.2.13`\n\n### Details\n- Component: `src/gateway/server/ws-connection.ts`\n- Trigger: WebSocket connection closes before completing the connect/handshake; header values are included in the log message and structured context.\n\n### Impact\nThis issue is primarily an indirect prompt injection risk and depends on downstream log consumption behavior. If you do not feed logs into an LLM or other automation, impact is limited.\n\n### Fix\nHeader values written to gateway logs are now sanitized and truncated (including removal of control/format characters and length limiting).\n- Fix commits: `d637a263505448bf4505b85535babbfaacedbaac`, `e84318e4bcdc948d92e57fda1eb763a65e1774f0` (PR #15592)\n\n### Workarounds\n- Upgrade to `openclaw@2026.2.13` or later.\n- Treat logs as untrusted input when using AI-assisted debugging (sanitize/escape, and do not auto-execute instructions derived from logs).\n- Restrict gateway network exposure; apply reverse-proxy limits on header size where applicable.\n\nThanks @pkerkhofs for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.13" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g27f-9qjv-22pm" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/15592" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/d637a263505448bf4505b85535babbfaacedbaac" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.13" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-117" + ], + "severity": "LOW", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:31:39Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-jmr7-xgp7-cmfj/GHSA-jmr7-xgp7-cmfj.json b/advisories/github-reviewed/2026/02/GHSA-jmr7-xgp7-cmfj/GHSA-jmr7-xgp7-cmfj.json new file mode 100644 index 0000000000000..bc6d8ff3bb5e0 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-jmr7-xgp7-cmfj/GHSA-jmr7-xgp7-cmfj.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jmr7-xgp7-cmfj", + "modified": "2026-02-17T21:30:10Z", + "published": "2026-02-17T21:30:10Z", + "aliases": [ + "CVE-2026-26278" + ], + "summary": "fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)", + "details": "### Summary\nThe XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application.\n\n### Details\nThere is a check in `DocTypeReader.js` that tries to prevent entity expansion attacks by rejecting entities that reference other entities (it looks for & inside entity values). This does stop classic “Billion Laughs” payloads.\n\nHowever, it doesn’t stop a much simpler variant.\n\nIf you define one large entity that contains only raw text (no & characters) and then reference it many times, the parser will happily expand it every time. There is no limit on how large the expanded result can become, or how many replacements are allowed.\n\nThe problem is in `replaceEntitiesValue()` inside `OrderedObjParser.js`. It repeatedly runs `val.replace()` in a loop, without any checks on total output size or execution cost. As the entity grows or the number of references increases, parsing time explodes.\n\nRelevant code:\n\n`DocTypeReader.js` (lines 28–33): entity registration only checks for &\n\n`OrderedObjParser.js` (lines 439–458): entity replacement loop with no limits\n\n### PoC\n\n```js\nconst { XMLParser } = require('fast-xml-parser');\n\nconst entity = 'A'.repeat(1000);\nconst refs = '&big;'.repeat(100);\nconst xml = `]>${refs}`;\n\nconsole.time('parse');\nnew XMLParser().parse(xml); // ~4–8 seconds for ~1.3 KB of XML\nconsole.timeEnd('parse');\n\n// 5,000 chars × 100 refs takes 200+ seconds\n// 50,000 chars × 1,000 refs will hang indefinitely\n```\n\n### Impact\nThis is a straightforward denial-of-service issue.\n\nAny service that parses user-supplied XML using the default configuration is vulnerable. Since Node.js runs on a single thread, the moment the parser starts expanding entities, the event loop is blocked. While this is happening, the server can’t handle any other requests.\n\nIn testing, a payload of only a few kilobytes was enough to make a simple HTTP server completely unresponsive for several minutes, with all other requests timing out.\n\n### Workaround\n\nAvoid using DOCTYPE parsing by `processEntities: false` option.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "fast-xml-parser" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.1.3" + }, + { + "fixed": "5.3.6" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj" + }, + { + "type": "WEB", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77" + }, + { + "type": "PACKAGE", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser" + }, + { + "type": "WEB", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-776" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:30:10Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-mv9j-6xhh-g383/GHSA-mv9j-6xhh-g383.json b/advisories/github-reviewed/2026/02/GHSA-mv9j-6xhh-g383/GHSA-mv9j-6xhh-g383.json new file mode 100644 index 0000000000000..71925776dcba5 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-mv9j-6xhh-g383/GHSA-mv9j-6xhh-g383.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mv9j-6xhh-g383", + "modified": "2026-02-17T21:31:17Z", + "published": "2026-02-17T21:31:17Z", + "aliases": [], + "summary": "OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering", + "details": "## Summary\nThe OpenClaw Nostr channel plugin (optional, disabled by default, installed separately) exposes profile management HTTP endpoints under `/api/channels/nostr/:accountId/profile` (GET/PUT) and `/api/channels/nostr/:accountId/profile/import` (POST). In affected versions, these routes were dispatched via the gateway plugin HTTP layer without requiring gateway authentication, allowing unauthenticated remote callers to read or mutate the Nostr profile and persist changes to the gateway config. Profile updates are also published as a signed Nostr kind:0 event using the bot's private key.\n\nDeployments that do not have the Nostr plugin installed and enabled are not impacted.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.9`\n- Fixed versions: `>= 2026.2.12`\n- Scope note: only affects deployments with the optional `@openclaw/nostr` plugin installed and enabled\n\n## Details\nThis is exploitable when the gateway HTTP port is reachable beyond localhost (for example: bound to `0.0.0.0`, exposed on a LAN, behind a reverse proxy, or via Tailscale Funnel/Serve).\n\nUnauthenticated callers could update the Nostr profile and persist the new profile in the gateway config.\n\n## Mitigation\nUpgrade to `openclaw` `2026.2.12` or later.\n\nAs a temporary mitigation, restrict gateway HTTP exposure (bind loopback-only and/or enforce network-layer access controls) until upgraded.\n\n## Fix\nGateway now requires gateway authentication for plugin HTTP requests under `/api/channels/*` before dispatching to plugin handlers.\n\nFix commit(s):\n- 647d929c9d0fd114249230d939a5cb3b36dc70e7\n\nThanks @simecek for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.12" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mv9j-6xhh-g383" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/647d929c9d0fd114249230d939a5cb3b36dc70e7" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.12" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-285", + "CWE-306" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:31:17Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-wfp2-v9c7-fh79/GHSA-wfp2-v9c7-fh79.json b/advisories/github-reviewed/2026/02/GHSA-wfp2-v9c7-fh79/GHSA-wfp2-v9c7-fh79.json new file mode 100644 index 0000000000000..a9811b9f8b51d --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-wfp2-v9c7-fh79/GHSA-wfp2-v9c7-fh79.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wfp2-v9c7-fh79", + "modified": "2026-02-17T21:30:48Z", + "published": "2026-02-17T21:30:48Z", + "aliases": [], + "summary": "OpenClaw affected by SSRF via attachment/media URL hydration", + "details": "### Summary\n\nVersions of the `openclaw` npm package prior to `2026.2.2` could be coerced into fetching arbitrary `http(s)` URLs during attachment/media hydration. An attacker who can influence the media URL (for example via model-controlled `sendAttachment` or auto-reply media URLs) could trigger SSRF to internal resources and exfiltrate the fetched bytes as an outbound attachment.\n\n### Plain-English Explanation\n\nOpenClaw can send files by downloading them first.\n\nOn vulnerable versions (`< 2026.2.2`), if an attacker could get OpenClaw to treat a URL as the “file to attach”, OpenClaw would download that URL from the gateway machine and then send the downloaded bytes back out as an attachment.\n\nThat matters because the gateway can often reach internal-only endpoints that an attacker cannot (for example `127.0.0.1` services, private RFC1918 addresses, or cloud metadata endpoints). This is a data-leak risk.\n\nThis does not directly grant code execution or shell access; it is about making the gateway perform HTTP requests and returning the response bytes.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `< 2026.2.2`\n- Fixed: `>= 2026.2.2`\n\nRelease timeline (npm):\n\n- `2026.2.1` published `2026-02-02T11:45:27Z`\n- `2026.2.2` published `2026-02-04T00:56:41Z`\n- This advisory was created `2026-02-05T10:42:26Z`\n\n### Details\n\nIn affected versions, remote media fetching performed a raw `fetch(url)` without SSRF protections.\n\nStarting in `2026.2.2`, remote media fetching is guarded by SSRF checks (private/loopback/link-local blocking, DNS pinning, and redirect handling), so attempts to fetch `127.0.0.1`, private RFC1918 space, or cloud metadata hostnames are rejected.\n\n### Proof of Concept\n\nFrom any context where an attacker can influence an attachment/media URL, provide a media URL targeting an internal endpoint (example: `http://127.0.0.1:9999/secret.txt`).\n\nOn vulnerable versions (`< 2026.2.2`), the gateway fetches the URL and uses the response bytes as the attachment payload.\n\n### Fix\n\nFix commits:\n\n- `81c68f582d4a9a20d9cca9f367d2da9edc5a65ae`\n- `9bd64c8a1f91dda602afc1d5246a2ff2be164647`\n\n### Mitigation\n\nUpgrade to `openclaw >= 2026.2.2`.\n\nThanks @simecek for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.2" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wfp2-v9c7-fh79" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/81c68f582d4a9a20d9cca9f367d2da9edc5a65ae" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/9bd64c8a1f91dda602afc1d5246a2ff2be164647" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:30:48Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2022/05/GHSA-h58h-8g45-v677/GHSA-h58h-8g45-v677.json b/advisories/unreviewed/2022/05/GHSA-h58h-8g45-v677/GHSA-h58h-8g45-v677.json index 9c4b708bc7a42..e7664232f6c12 100644 --- a/advisories/unreviewed/2022/05/GHSA-h58h-8g45-v677/GHSA-h58h-8g45-v677.json +++ b/advisories/unreviewed/2022/05/GHSA-h58h-8g45-v677/GHSA-h58h-8g45-v677.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-h58h-8g45-v677", - "modified": "2022-05-01T23:27:17Z", + "modified": "2026-02-17T21:31:12Z", "published": "2022-05-01T23:27:17Z", "aliases": [ "CVE-2008-0015" ], "details": "Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka \"Microsoft Video ActiveX Control Vulnerability.\"", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -34,6 +39,10 @@ "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436" }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-0015" + }, { "type": "WEB", "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx" @@ -97,7 +106,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-121" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2022/05/GHSA-qfxw-56c6-7pjg/GHSA-qfxw-56c6-7pjg.json b/advisories/unreviewed/2022/05/GHSA-qfxw-56c6-7pjg/GHSA-qfxw-56c6-7pjg.json index eb36aefe1a1a5..7debe1c13b804 100644 --- a/advisories/unreviewed/2022/05/GHSA-qfxw-56c6-7pjg/GHSA-qfxw-56c6-7pjg.json +++ b/advisories/unreviewed/2022/05/GHSA-qfxw-56c6-7pjg/GHSA-qfxw-56c6-7pjg.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-qfxw-56c6-7pjg", - "modified": "2022-05-24T17:09:16Z", + "modified": "2026-02-17T21:31:12Z", "published": "2022-05-24T17:09:16Z", "aliases": [ "CVE-2020-7796" ], "details": "Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -17,10 +22,16 @@ { "type": "WEB", "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7796" } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-918" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2024/05/GHSA-9c5h-6x6r-hvxh/GHSA-9c5h-6x6r-hvxh.json b/advisories/unreviewed/2024/05/GHSA-9c5h-6x6r-hvxh/GHSA-9c5h-6x6r-hvxh.json index d88d43a4049ba..4dc0b9965119a 100644 --- a/advisories/unreviewed/2024/05/GHSA-9c5h-6x6r-hvxh/GHSA-9c5h-6x6r-hvxh.json +++ b/advisories/unreviewed/2024/05/GHSA-9c5h-6x6r-hvxh/GHSA-9c5h-6x6r-hvxh.json @@ -1,12 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-9c5h-6x6r-hvxh", - "modified": "2024-05-02T15:30:33Z", + "modified": "2026-02-17T21:31:12Z", "published": "2024-05-02T15:30:33Z", "aliases": [ "CVE-2024-23462" ], - "details": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.\n\n", + "details": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/unreviewed/2024/05/GHSA-gvpq-95j2-mc36/GHSA-gvpq-95j2-mc36.json b/advisories/unreviewed/2024/05/GHSA-gvpq-95j2-mc36/GHSA-gvpq-95j2-mc36.json index d94d99481d639..e598400c1c2ad 100644 --- a/advisories/unreviewed/2024/05/GHSA-gvpq-95j2-mc36/GHSA-gvpq-95j2-mc36.json +++ b/advisories/unreviewed/2024/05/GHSA-gvpq-95j2-mc36/GHSA-gvpq-95j2-mc36.json @@ -1,12 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-gvpq-95j2-mc36", - "modified": "2024-05-01T18:30:41Z", + "modified": "2026-02-17T21:31:12Z", "published": "2024-05-01T18:30:41Z", "aliases": [ "CVE-2024-23480" ], - "details": "A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2.\n", + "details": "A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2.", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/unreviewed/2024/08/GHSA-22f5-q5gp-64wx/GHSA-22f5-q5gp-64wx.json b/advisories/unreviewed/2024/08/GHSA-22f5-q5gp-64wx/GHSA-22f5-q5gp-64wx.json index 3f9e989b77385..ecc2f40d787dc 100644 --- a/advisories/unreviewed/2024/08/GHSA-22f5-q5gp-64wx/GHSA-22f5-q5gp-64wx.json +++ b/advisories/unreviewed/2024/08/GHSA-22f5-q5gp-64wx/GHSA-22f5-q5gp-64wx.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-22f5-q5gp-64wx", - "modified": "2024-08-12T15:30:53Z", + "modified": "2026-02-17T21:31:12Z", "published": "2024-08-12T15:30:53Z", "aliases": [ "CVE-2024-7694" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7694" }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7694" + }, { "type": "WEB", "url": "https://www.twcert.org.tw/en/cp-139-8000-e5a5c-2.html" diff --git a/advisories/unreviewed/2025/12/GHSA-q28j-qr7m-gpf6/GHSA-q28j-qr7m-gpf6.json b/advisories/unreviewed/2025/12/GHSA-q28j-qr7m-gpf6/GHSA-q28j-qr7m-gpf6.json index c7b99372395b1..a358c19b0d270 100644 --- a/advisories/unreviewed/2025/12/GHSA-q28j-qr7m-gpf6/GHSA-q28j-qr7m-gpf6.json +++ b/advisories/unreviewed/2025/12/GHSA-q28j-qr7m-gpf6/GHSA-q28j-qr7m-gpf6.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-q28j-qr7m-gpf6", - "modified": "2025-12-09T21:31:48Z", + "modified": "2026-02-17T21:31:12Z", "published": "2025-12-09T21:31:48Z", "aliases": [ "CVE-2021-47723" ], "details": "STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/01/GHSA-3hmm-3q3p-7x72/GHSA-3hmm-3q3p-7x72.json b/advisories/unreviewed/2026/01/GHSA-3hmm-3q3p-7x72/GHSA-3hmm-3q3p-7x72.json index 0b9e96235155f..f4a7c5765d522 100644 --- a/advisories/unreviewed/2026/01/GHSA-3hmm-3q3p-7x72/GHSA-3hmm-3q3p-7x72.json +++ b/advisories/unreviewed/2026/01/GHSA-3hmm-3q3p-7x72/GHSA-3hmm-3q3p-7x72.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-121" + "CWE-121", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/01/GHSA-8x3f-4jvw-ww73/GHSA-8x3f-4jvw-ww73.json b/advisories/unreviewed/2026/01/GHSA-8x3f-4jvw-ww73/GHSA-8x3f-4jvw-ww73.json index c399c22289ffd..333534747ecbc 100644 --- a/advisories/unreviewed/2026/01/GHSA-8x3f-4jvw-ww73/GHSA-8x3f-4jvw-ww73.json +++ b/advisories/unreviewed/2026/01/GHSA-8x3f-4jvw-ww73/GHSA-8x3f-4jvw-ww73.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-8x3f-4jvw-ww73", - "modified": "2026-02-12T15:32:42Z", + "modified": "2026-02-17T21:31:12Z", "published": "2026-01-08T15:31:25Z", "aliases": [ "CVE-2026-0719" @@ -31,6 +31,10 @@ "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2026-0719" }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2026:2844" + }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2026:2628" diff --git a/advisories/unreviewed/2026/01/GHSA-fm67-x2fw-2g76/GHSA-fm67-x2fw-2g76.json b/advisories/unreviewed/2026/01/GHSA-fm67-x2fw-2g76/GHSA-fm67-x2fw-2g76.json index b589234d050fa..188a13aa111c8 100644 --- a/advisories/unreviewed/2026/01/GHSA-fm67-x2fw-2g76/GHSA-fm67-x2fw-2g76.json +++ b/advisories/unreviewed/2026/01/GHSA-fm67-x2fw-2g76/GHSA-fm67-x2fw-2g76.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-fm67-x2fw-2g76", - "modified": "2026-01-27T09:30:30Z", + "modified": "2026-02-17T21:31:12Z", "published": "2026-01-27T09:30:30Z", "aliases": [ "CVE-2026-24811" ], "details": "Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C.\n\nThis issue affects root.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber" diff --git a/advisories/unreviewed/2026/01/GHSA-j644-xc9q-497g/GHSA-j644-xc9q-497g.json b/advisories/unreviewed/2026/01/GHSA-j644-xc9q-497g/GHSA-j644-xc9q-497g.json index 4166562021083..8cc260ba8ab7e 100644 --- a/advisories/unreviewed/2026/01/GHSA-j644-xc9q-497g/GHSA-j644-xc9q-497g.json +++ b/advisories/unreviewed/2026/01/GHSA-j644-xc9q-497g/GHSA-j644-xc9q-497g.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-j644-xc9q-497g", - "modified": "2026-01-27T09:30:29Z", + "modified": "2026-02-17T21:31:12Z", "published": "2026-01-27T09:30:29Z", "aliases": [ "CVE-2026-24793" ], "details": "Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C.\n\nThis issue affects azerothcore-wotlk: through v4.0.0.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Red" @@ -26,7 +30,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-120" + "CWE-120", + "CWE-787" ], "severity": "CRITICAL", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/01/GHSA-prgg-gmcv-8hj2/GHSA-prgg-gmcv-8hj2.json b/advisories/unreviewed/2026/01/GHSA-prgg-gmcv-8hj2/GHSA-prgg-gmcv-8hj2.json index 1ce35dbb26939..9fee24a351dfe 100644 --- a/advisories/unreviewed/2026/01/GHSA-prgg-gmcv-8hj2/GHSA-prgg-gmcv-8hj2.json +++ b/advisories/unreviewed/2026/01/GHSA-prgg-gmcv-8hj2/GHSA-prgg-gmcv-8hj2.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-120" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/01/GHSA-wmgp-r59p-x29f/GHSA-wmgp-r59p-x29f.json b/advisories/unreviewed/2026/01/GHSA-wmgp-r59p-x29f/GHSA-wmgp-r59p-x29f.json index 6de5ecfbeced5..7a84875c7dd99 100644 --- a/advisories/unreviewed/2026/01/GHSA-wmgp-r59p-x29f/GHSA-wmgp-r59p-x29f.json +++ b/advisories/unreviewed/2026/01/GHSA-wmgp-r59p-x29f/GHSA-wmgp-r59p-x29f.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-120" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-2gp2-mfg4-q5mv/GHSA-2gp2-mfg4-q5mv.json b/advisories/unreviewed/2026/02/GHSA-2gp2-mfg4-q5mv/GHSA-2gp2-mfg4-q5mv.json new file mode 100644 index 0000000000000..3e294d6d86790 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2gp2-mfg4-q5mv/GHSA-2gp2-mfg4-q5mv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2gp2-mfg4-q5mv", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2023-38265" + ], + "details": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38265" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259955" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-548" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3mc6-qj9j-9v96/GHSA-3mc6-qj9j-9v96.json b/advisories/unreviewed/2026/02/GHSA-3mc6-qj9j-9v96/GHSA-3mc6-qj9j-9v96.json index c16dcf57eb8bd..790f87e4c1b05 100644 --- a/advisories/unreviewed/2026/02/GHSA-3mc6-qj9j-9v96/GHSA-3mc6-qj9j-9v96.json +++ b/advisories/unreviewed/2026/02/GHSA-3mc6-qj9j-9v96/GHSA-3mc6-qj9j-9v96.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-3mc6-qj9j-9v96", - "modified": "2026-02-17T18:32:57Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-17T18:32:57Z", "aliases": [ "CVE-2026-23647" ], "details": "Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded passwords. An attacker with network access to exposed services such as SSH may authenticate using these credentials and gain unauthorized access to the system. Successful exploitation allows remote access with elevated privileges and may result in full system compromise.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-3q38-qghq-9hmp/GHSA-3q38-qghq-9hmp.json b/advisories/unreviewed/2026/02/GHSA-3q38-qghq-9hmp/GHSA-3q38-qghq-9hmp.json new file mode 100644 index 0000000000000..661cd8643e9c1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3q38-qghq-9hmp/GHSA-3q38-qghq-9hmp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3q38-qghq-9hmp", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-26357" + ], + "details": "Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26357" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3qr2-wf7p-c9f8/GHSA-3qr2-wf7p-c9f8.json b/advisories/unreviewed/2026/02/GHSA-3qr2-wf7p-c9f8/GHSA-3qr2-wf7p-c9f8.json index 6987564cf8676..217864fdb1de3 100644 --- a/advisories/unreviewed/2026/02/GHSA-3qr2-wf7p-c9f8/GHSA-3qr2-wf7p-c9f8.json +++ b/advisories/unreviewed/2026/02/GHSA-3qr2-wf7p-c9f8/GHSA-3qr2-wf7p-c9f8.json @@ -53,7 +53,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-77" + ], "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-3w38-x6jp-8474/GHSA-3w38-x6jp-8474.json b/advisories/unreviewed/2026/02/GHSA-3w38-x6jp-8474/GHSA-3w38-x6jp-8474.json new file mode 100644 index 0000000000000..80b43ceb0bed4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3w38-x6jp-8474/GHSA-3w38-x6jp-8474.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3w38-x6jp-8474", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-36377" + ], + "details": "IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36377" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260390" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-613" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4586-432g-jmvg/GHSA-4586-432g-jmvg.json b/advisories/unreviewed/2026/02/GHSA-4586-432g-jmvg/GHSA-4586-432g-jmvg.json new file mode 100644 index 0000000000000..f1bdc63b7a753 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4586-432g-jmvg/GHSA-4586-432g-jmvg.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4586-432g-jmvg", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2025-59793" + ], + "details": "Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59793" + }, + { + "type": "WEB", + "url": "https://www.rcesecurity.com" + }, + { + "type": "WEB", + "url": "https://www.rcesecurity.com/advisories/cve-2025-59793" + }, + { + "type": "WEB", + "url": "https://www.rocketsoftware.com/en-us/products/b2b-supply-chain-integration/trufusion" + }, + { + "type": "WEB", + "url": "https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4c5g-pgmw-3hxj/GHSA-4c5g-pgmw-3hxj.json b/advisories/unreviewed/2026/02/GHSA-4c5g-pgmw-3hxj/GHSA-4c5g-pgmw-3hxj.json new file mode 100644 index 0000000000000..b5846de186da7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4c5g-pgmw-3hxj/GHSA-4c5g-pgmw-3hxj.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4c5g-pgmw-3hxj", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-2620" + ], + "details": "A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2620" + }, + { + "type": "WEB", + "url": "https://github.com/red88-debug/CVEs/blob/main/Huace%20Monitoring%20and%20Early%20Warning%20SQL.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346271" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346271" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.751808" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4rxf-gw9p-prj2/GHSA-4rxf-gw9p-prj2.json b/advisories/unreviewed/2026/02/GHSA-4rxf-gw9p-prj2/GHSA-4rxf-gw9p-prj2.json new file mode 100644 index 0000000000000..c062b433b2192 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4rxf-gw9p-prj2/GHSA-4rxf-gw9p-prj2.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4rxf-gw9p-prj2", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-14289" + ], + "details": "IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14289" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260932" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-80" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-58rc-3q27-grhq/GHSA-58rc-3q27-grhq.json b/advisories/unreviewed/2026/02/GHSA-58rc-3q27-grhq/GHSA-58rc-3q27-grhq.json new file mode 100644 index 0000000000000..5437602e37464 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-58rc-3q27-grhq/GHSA-58rc-3q27-grhq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-58rc-3q27-grhq", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2025-36019" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36019" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json b/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json new file mode 100644 index 0000000000000..8b64705509c5c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5fc6-h8m7-2wfc", + "modified": "2026-02-17T21:31:15Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-23597" + ], + "details": "Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23597" + }, + { + "type": "WEB", + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5fpg-jg99-g97m/GHSA-5fpg-jg99-g97m.json b/advisories/unreviewed/2026/02/GHSA-5fpg-jg99-g97m/GHSA-5fpg-jg99-g97m.json index d64eaf37f17b8..58a61d78b3ff4 100644 --- a/advisories/unreviewed/2026/02/GHSA-5fpg-jg99-g97m/GHSA-5fpg-jg99-g97m.json +++ b/advisories/unreviewed/2026/02/GHSA-5fpg-jg99-g97m/GHSA-5fpg-jg99-g97m.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-862" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-5jg4-px58-ghq6/GHSA-5jg4-px58-ghq6.json b/advisories/unreviewed/2026/02/GHSA-5jg4-px58-ghq6/GHSA-5jg4-px58-ghq6.json new file mode 100644 index 0000000000000..45b9c46c02bb7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5jg4-px58-ghq6/GHSA-5jg4-px58-ghq6.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5jg4-px58-ghq6", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2026-26736" + ], + "details": "TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26736" + }, + { + "type": "WEB", + "url": "https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RUV3.0-boa-formIpv6Setup-StackOverflow" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5mcc-f9f9-29w9/GHSA-5mcc-f9f9-29w9.json b/advisories/unreviewed/2026/02/GHSA-5mcc-f9f9-29w9/GHSA-5mcc-f9f9-29w9.json new file mode 100644 index 0000000000000..2be76a60f6e95 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5mcc-f9f9-29w9/GHSA-5mcc-f9f9-29w9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5mcc-f9f9-29w9", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-33124" + ], + "details": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33124" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260043" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-131" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5xwj-82gw-46fv/GHSA-5xwj-82gw-46fv.json b/advisories/unreviewed/2026/02/GHSA-5xwj-82gw-46fv/GHSA-5xwj-82gw-46fv.json new file mode 100644 index 0000000000000..ff1b73881af32 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5xwj-82gw-46fv/GHSA-5xwj-82gw-46fv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5xwj-82gw-46fv", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-27898" + ], + "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27898" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259901" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-613" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-622x-ww28-86h7/GHSA-622x-ww28-86h7.json b/advisories/unreviewed/2026/02/GHSA-622x-ww28-86h7/GHSA-622x-ww28-86h7.json index 43fa143b9f25c..ebff11352d9e5 100644 --- a/advisories/unreviewed/2026/02/GHSA-622x-ww28-86h7/GHSA-622x-ww28-86h7.json +++ b/advisories/unreviewed/2026/02/GHSA-622x-ww28-86h7/GHSA-622x-ww28-86h7.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-622x-ww28-86h7", - "modified": "2026-02-17T18:32:57Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-17T18:32:57Z", "aliases": [ "CVE-2024-55270" ], "details": "phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in studentms/admin/search.php via the searchdata parameter.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-17T18:20:27Z" diff --git a/advisories/unreviewed/2026/02/GHSA-65rw-7fc7-g478/GHSA-65rw-7fc7-g478.json b/advisories/unreviewed/2026/02/GHSA-65rw-7fc7-g478/GHSA-65rw-7fc7-g478.json new file mode 100644 index 0000000000000..c44b2b8ae5d96 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-65rw-7fc7-g478/GHSA-65rw-7fc7-g478.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-65rw-7fc7-g478", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-13108" + ], + "details": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13108" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260043" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6j8r-j98h-9g9f/GHSA-6j8r-j98h-9g9f.json b/advisories/unreviewed/2026/02/GHSA-6j8r-j98h-9g9f/GHSA-6j8r-j98h-9g9f.json index eb8792c82e4f2..3949df9e8c834 100644 --- a/advisories/unreviewed/2026/02/GHSA-6j8r-j98h-9g9f/GHSA-6j8r-j98h-9g9f.json +++ b/advisories/unreviewed/2026/02/GHSA-6j8r-j98h-9g9f/GHSA-6j8r-j98h-9g9f.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-6j8r-j98h-9g9f", - "modified": "2026-02-12T15:32:42Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-02T15:30:34Z", "aliases": [ "CVE-2026-1761" @@ -27,6 +27,10 @@ "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2026-1761" }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2026:2844" + }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2026:2628" diff --git a/advisories/unreviewed/2026/02/GHSA-6xm9-322m-9c67/GHSA-6xm9-322m-9c67.json b/advisories/unreviewed/2026/02/GHSA-6xm9-322m-9c67/GHSA-6xm9-322m-9c67.json index ff7d93c6b53c3..44d9ed14729bc 100644 --- a/advisories/unreviewed/2026/02/GHSA-6xm9-322m-9c67/GHSA-6xm9-322m-9c67.json +++ b/advisories/unreviewed/2026/02/GHSA-6xm9-322m-9c67/GHSA-6xm9-322m-9c67.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json new file mode 100644 index 0000000000000..6e844f0378d15 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-74jq-6q38-p5wf", + "modified": "2026-02-17T21:31:15Z", + "published": "2026-02-17T21:31:15Z", + "aliases": [ + "CVE-2026-23595" + ], + "details": "An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23595" + }, + { + "type": "WEB", + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7g55-6w4c-27v8/GHSA-7g55-6w4c-27v8.json b/advisories/unreviewed/2026/02/GHSA-7g55-6w4c-27v8/GHSA-7g55-6w4c-27v8.json new file mode 100644 index 0000000000000..eb0e912542f79 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7g55-6w4c-27v8/GHSA-7g55-6w4c-27v8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7g55-6w4c-27v8", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-36597" + ], + "details": "Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36597" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-846m-xcgv-cmm3/GHSA-846m-xcgv-cmm3.json b/advisories/unreviewed/2026/02/GHSA-846m-xcgv-cmm3/GHSA-846m-xcgv-cmm3.json new file mode 100644 index 0000000000000..d8f59b7106c95 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-846m-xcgv-cmm3/GHSA-846m-xcgv-cmm3.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-846m-xcgv-cmm3", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2025-12755" + ], + "details": "IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized user to inject malicious data into MQ log entries, potentially leading to misleading logs, log manipulation, or downstream log‑processing issues.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12755" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260087" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-117" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json b/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json new file mode 100644 index 0000000000000..c94330561f16b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8rh3-rvv2-3mr4", + "modified": "2026-02-17T21:31:15Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-23596" + ], + "details": "A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23596" + }, + { + "type": "WEB", + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-95x4-2j8q-mf8q/GHSA-95x4-2j8q-mf8q.json b/advisories/unreviewed/2026/02/GHSA-95x4-2j8q-mf8q/GHSA-95x4-2j8q-mf8q.json new file mode 100644 index 0000000000000..ab8f2703b2624 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-95x4-2j8q-mf8q/GHSA-95x4-2j8q-mf8q.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-95x4-2j8q-mf8q", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-36243" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36243" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9pq4-hhwq-2hcq/GHSA-9pq4-hhwq-2hcq.json b/advisories/unreviewed/2026/02/GHSA-9pq4-hhwq-2hcq/GHSA-9pq4-hhwq-2hcq.json index 83638af4f8133..b2aaec36af967 100644 --- a/advisories/unreviewed/2026/02/GHSA-9pq4-hhwq-2hcq/GHSA-9pq4-hhwq-2hcq.json +++ b/advisories/unreviewed/2026/02/GHSA-9pq4-hhwq-2hcq/GHSA-9pq4-hhwq-2hcq.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-9pq4-hhwq-2hcq", - "modified": "2026-02-17T18:32:57Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-17T18:32:57Z", "aliases": [ "CVE-2024-55271" ], "details": "A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-352" + ], + "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-17T17:21:03Z" diff --git a/advisories/unreviewed/2026/02/GHSA-9xgc-j99m-jvr5/GHSA-9xgc-j99m-jvr5.json b/advisories/unreviewed/2026/02/GHSA-9xgc-j99m-jvr5/GHSA-9xgc-j99m-jvr5.json index a71fd3def1615..324d6614b54db 100644 --- a/advisories/unreviewed/2026/02/GHSA-9xgc-j99m-jvr5/GHSA-9xgc-j99m-jvr5.json +++ b/advisories/unreviewed/2026/02/GHSA-9xgc-j99m-jvr5/GHSA-9xgc-j99m-jvr5.json @@ -50,7 +50,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-284" + "CWE-284", + "CWE-434" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json b/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json new file mode 100644 index 0000000000000..56e6e2ccb704d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c56r-fcf4-6rp2", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-22769" + ], + "details": "Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22769" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-798" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-c62m-j9cx-48c8/GHSA-c62m-j9cx-48c8.json b/advisories/unreviewed/2026/02/GHSA-c62m-j9cx-48c8/GHSA-c62m-j9cx-48c8.json index 2ec4f8d705798..9faa0f483bce4 100644 --- a/advisories/unreviewed/2026/02/GHSA-c62m-j9cx-48c8/GHSA-c62m-j9cx-48c8.json +++ b/advisories/unreviewed/2026/02/GHSA-c62m-j9cx-48c8/GHSA-c62m-j9cx-48c8.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-c62m-j9cx-48c8", - "modified": "2026-02-17T18:32:57Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-17T18:32:57Z", "aliases": [ "CVE-2026-23648" ], "details": "Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify these binaries to execute arbitrary commands with root privileges, enabling local privilege escalation.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-cc8m-46cg-cg54/GHSA-cc8m-46cg-cg54.json b/advisories/unreviewed/2026/02/GHSA-cc8m-46cg-cg54/GHSA-cc8m-46cg-cg54.json new file mode 100644 index 0000000000000..30091ec56a771 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cc8m-46cg-cg54/GHSA-cc8m-46cg-cg54.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cc8m-46cg-cg54", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-22762" + ], + "details": "Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22762" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000425796/dsa-2026-053-security-update-for-dell-avamar-server-and-dell-avamar-virtual-edition-improper-limitation-of-a-pathname-to-a-restricted-directory-path-traversal-vulnerability" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cxcr-rj95-h6f4/GHSA-cxcr-rj95-h6f4.json b/advisories/unreviewed/2026/02/GHSA-cxcr-rj95-h6f4/GHSA-cxcr-rj95-h6f4.json new file mode 100644 index 0000000000000..9734949983c94 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cxcr-rj95-h6f4/GHSA-cxcr-rj95-h6f4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cxcr-rj95-h6f4", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-36376" + ], + "details": "IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36376" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260390" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-613" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fp2x-rmwp-chww/GHSA-fp2x-rmwp-chww.json b/advisories/unreviewed/2026/02/GHSA-fp2x-rmwp-chww/GHSA-fp2x-rmwp-chww.json new file mode 100644 index 0000000000000..d0a5cec5cdb84 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fp2x-rmwp-chww/GHSA-fp2x-rmwp-chww.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fp2x-rmwp-chww", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-36598" + ], + "details": "Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36598" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fpj8-gq4v-p354/GHSA-fpj8-gq4v-p354.json b/advisories/unreviewed/2026/02/GHSA-fpj8-gq4v-p354/GHSA-fpj8-gq4v-p354.json new file mode 100644 index 0000000000000..3c84c6d8f796e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fpj8-gq4v-p354/GHSA-fpj8-gq4v-p354.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fpj8-gq4v-p354", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2025-66614" + ], + "details": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66614" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-20" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:55Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-frcr-mg6p-g499/GHSA-frcr-mg6p-g499.json b/advisories/unreviewed/2026/02/GHSA-frcr-mg6p-g499/GHSA-frcr-mg6p-g499.json new file mode 100644 index 0000000000000..2c83c61b895e2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-frcr-mg6p-g499/GHSA-frcr-mg6p-g499.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-frcr-mg6p-g499", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2026-2630" + ], + "details": "A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2630" + }, + { + "type": "WEB", + "url": "https://www.tenable.com/security/tns-2026-06" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fvpc-p8pv-qjmp/GHSA-fvpc-p8pv-qjmp.json b/advisories/unreviewed/2026/02/GHSA-fvpc-p8pv-qjmp/GHSA-fvpc-p8pv-qjmp.json new file mode 100644 index 0000000000000..130ae92b7b4f4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fvpc-p8pv-qjmp/GHSA-fvpc-p8pv-qjmp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fvpc-p8pv-qjmp", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-27903" + ], + "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27903" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259901" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-319" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fwv6-g5vr-pgpx/GHSA-fwv6-g5vr-pgpx.json b/advisories/unreviewed/2026/02/GHSA-fwv6-g5vr-pgpx/GHSA-fwv6-g5vr-pgpx.json new file mode 100644 index 0000000000000..e88c9aa2cbd7a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fwv6-g5vr-pgpx/GHSA-fwv6-g5vr-pgpx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fwv6-g5vr-pgpx", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-27904" + ], + "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27904" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259901" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g268-rwhc-cj9f/GHSA-g268-rwhc-cj9f.json b/advisories/unreviewed/2026/02/GHSA-g268-rwhc-cj9f/GHSA-g268-rwhc-cj9f.json new file mode 100644 index 0000000000000..5d821da9b85be --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g268-rwhc-cj9f/GHSA-g268-rwhc-cj9f.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g268-rwhc-cj9f", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-67102" + ], + "details": "A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67102" + }, + { + "type": "WEB", + "url": "https://github.com/bbalet/jorani" + }, + { + "type": "WEB", + "url": "https://www.helx.io/blog/advisory-jorani" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g989-fg9h-96pr/GHSA-g989-fg9h-96pr.json b/advisories/unreviewed/2026/02/GHSA-g989-fg9h-96pr/GHSA-g989-fg9h-96pr.json index 1e6c391f78b85..ca0b4d6c8c847 100644 --- a/advisories/unreviewed/2026/02/GHSA-g989-fg9h-96pr/GHSA-g989-fg9h-96pr.json +++ b/advisories/unreviewed/2026/02/GHSA-g989-fg9h-96pr/GHSA-g989-fg9h-96pr.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-g989-fg9h-96pr", - "modified": "2026-02-17T15:31:34Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-14T00:32:42Z", "aliases": [ "CVE-2025-70954" @@ -34,6 +34,10 @@ { "type": "WEB", "url": "https://mp.weixin.qq.com/s/IbRKrCKdMyIi-azkuqOOvg" + }, + { + "type": "WEB", + "url": "https://www.tonbit.xyz/blog/post/TonBit-Discovers-Critical-Vulnerability-on-TON-Virtual-Machine-for-the-Third-Time-Once-Again-Receiving-Official-Recognition-from-the-TON-Team.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2026/02/GHSA-gpj4-p4vm-jmrr/GHSA-gpj4-p4vm-jmrr.json b/advisories/unreviewed/2026/02/GHSA-gpj4-p4vm-jmrr/GHSA-gpj4-p4vm-jmrr.json new file mode 100644 index 0000000000000..6e080becd6be3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gpj4-p4vm-jmrr/GHSA-gpj4-p4vm-jmrr.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gpj4-p4vm-jmrr", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-13691" + ], + "details": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13691" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259956" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-497" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gr4h-93qx-7636/GHSA-gr4h-93qx-7636.json b/advisories/unreviewed/2026/02/GHSA-gr4h-93qx-7636/GHSA-gr4h-93qx-7636.json new file mode 100644 index 0000000000000..941546bfbb42a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gr4h-93qx-7636/GHSA-gr4h-93qx-7636.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gr4h-93qx-7636", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-22284" + ], + "details": "Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22284" + }, + { + "type": "WEB", + "url": "https://www.dell.com/support/kbdoc/en-us/000429181/dsa-2026-033-security-update-for-dell-networking-os10-vulnerabilities" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hf4g-rr9m-7fx6/GHSA-hf4g-rr9m-7fx6.json b/advisories/unreviewed/2026/02/GHSA-hf4g-rr9m-7fx6/GHSA-hf4g-rr9m-7fx6.json new file mode 100644 index 0000000000000..de13b699c3e3c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-hf4g-rr9m-7fx6/GHSA-hf4g-rr9m-7fx6.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hf4g-rr9m-7fx6", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-32355" + ], + "details": "Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32355" + }, + { + "type": "WEB", + "url": "https://www.rcesecurity.com" + }, + { + "type": "WEB", + "url": "https://www.rcesecurity.com/advisories/cve-2025-32355" + }, + { + "type": "WEB", + "url": "https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hp59-976f-xjmx/GHSA-hp59-976f-xjmx.json b/advisories/unreviewed/2026/02/GHSA-hp59-976f-xjmx/GHSA-hp59-976f-xjmx.json new file mode 100644 index 0000000000000..fb8b0abf5b638 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-hp59-976f-xjmx/GHSA-hp59-976f-xjmx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hp59-976f-xjmx", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-27900" + ], + "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27900" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259901" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jwv5-943c-f5wh/GHSA-jwv5-943c-f5wh.json b/advisories/unreviewed/2026/02/GHSA-jwv5-943c-f5wh/GHSA-jwv5-943c-f5wh.json index 33d6b81fb36be..5903af54afeb2 100644 --- a/advisories/unreviewed/2026/02/GHSA-jwv5-943c-f5wh/GHSA-jwv5-943c-f5wh.json +++ b/advisories/unreviewed/2026/02/GHSA-jwv5-943c-f5wh/GHSA-jwv5-943c-f5wh.json @@ -30,7 +30,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-290" + "CWE-290", + "CWE-451" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-m2gf-58fp-54j4/GHSA-m2gf-58fp-54j4.json b/advisories/unreviewed/2026/02/GHSA-m2gf-58fp-54j4/GHSA-m2gf-58fp-54j4.json index 75112a7d5a618..3311a1c280ff4 100644 --- a/advisories/unreviewed/2026/02/GHSA-m2gf-58fp-54j4/GHSA-m2gf-58fp-54j4.json +++ b/advisories/unreviewed/2026/02/GHSA-m2gf-58fp-54j4/GHSA-m2gf-58fp-54j4.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-m2gf-58fp-54j4", - "modified": "2026-02-13T00:32:51Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-13T00:32:51Z", "aliases": [ "CVE-2026-1358" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1358" }, + { + "type": "WEB", + "url": "https://airleader.us/contact" + }, { "type": "WEB", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json" diff --git a/advisories/unreviewed/2026/02/GHSA-mgp5-rv84-w37q/GHSA-mgp5-rv84-w37q.json b/advisories/unreviewed/2026/02/GHSA-mgp5-rv84-w37q/GHSA-mgp5-rv84-w37q.json new file mode 100644 index 0000000000000..f1b973b89ed8b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mgp5-rv84-w37q/GHSA-mgp5-rv84-w37q.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mgp5-rv84-w37q", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2026-24734" + ], + "details": "Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.\n\nWhen using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.\n\nThis issue affects Apache Tomcat Native:  from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected.\n\nApache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.\n\nApache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24734" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-20" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-mrc8-4r2p-q3ww/GHSA-mrc8-4r2p-q3ww.json b/advisories/unreviewed/2026/02/GHSA-mrc8-4r2p-q3ww/GHSA-mrc8-4r2p-q3ww.json new file mode 100644 index 0000000000000..7c8f82075dbf5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mrc8-4r2p-q3ww/GHSA-mrc8-4r2p-q3ww.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mrc8-4r2p-q3ww", + "modified": "2026-02-17T21:31:15Z", + "published": "2026-02-17T21:31:15Z", + "aliases": [ + "CVE-2026-2621" + ], + "details": "A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.aspx. The manipulation of the argument PGUID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2621" + }, + { + "type": "WEB", + "url": "https://github.com/red88-debug/CVEs/blob/main/Koyuan%20Thermoelectricity%20Heat%20Network%20Management%20System%20SQL%20Injection%20Vulnerability.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346272" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346272" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.751809" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p2vv-8mpq-57x2/GHSA-p2vv-8mpq-57x2.json b/advisories/unreviewed/2026/02/GHSA-p2vv-8mpq-57x2/GHSA-p2vv-8mpq-57x2.json index 2045abbdd967c..026480e49d8b2 100644 --- a/advisories/unreviewed/2026/02/GHSA-p2vv-8mpq-57x2/GHSA-p2vv-8mpq-57x2.json +++ b/advisories/unreviewed/2026/02/GHSA-p2vv-8mpq-57x2/GHSA-p2vv-8mpq-57x2.json @@ -58,7 +58,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-p2xq-4rwg-xcp7/GHSA-p2xq-4rwg-xcp7.json b/advisories/unreviewed/2026/02/GHSA-p2xq-4rwg-xcp7/GHSA-p2xq-4rwg-xcp7.json new file mode 100644 index 0000000000000..5527c039b6da0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p2xq-4rwg-xcp7/GHSA-p2xq-4rwg-xcp7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p2xq-4rwg-xcp7", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-33101" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33101" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-244" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p937-j3mh-5m6r/GHSA-p937-j3mh-5m6r.json b/advisories/unreviewed/2026/02/GHSA-p937-j3mh-5m6r/GHSA-p937-j3mh-5m6r.json new file mode 100644 index 0000000000000..3bbf46aceb5ca --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p937-j3mh-5m6r/GHSA-p937-j3mh-5m6r.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p937-j3mh-5m6r", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-70846" + ], + "details": "lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70846" + }, + { + "type": "WEB", + "url": "https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-70846" + }, + { + "type": "WEB", + "url": "https://github.com/lty628/aidigu" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json b/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json index 9b7cb193a2e8e..e34377f86fd72 100644 --- a/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json +++ b/advisories/unreviewed/2026/02/GHSA-p9g6-vwf9-qggv/GHSA-p9g6-vwf9-qggv.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-89" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-pqh8-xq2x-mwg2/GHSA-pqh8-xq2x-mwg2.json b/advisories/unreviewed/2026/02/GHSA-pqh8-xq2x-mwg2/GHSA-pqh8-xq2x-mwg2.json new file mode 100644 index 0000000000000..558cd8091de45 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pqh8-xq2x-mwg2/GHSA-pqh8-xq2x-mwg2.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pqh8-xq2x-mwg2", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-26732" + ], + "details": "TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26732" + }, + { + "type": "WEB", + "url": "https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RU-boa-formFilter-StackOverflow" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qc7g-qpr2-qpjj/GHSA-qc7g-qpr2-qpjj.json b/advisories/unreviewed/2026/02/GHSA-qc7g-qpr2-qpjj/GHSA-qc7g-qpr2-qpjj.json new file mode 100644 index 0000000000000..60dcf969ccebe --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qc7g-qpr2-qpjj/GHSA-qc7g-qpr2-qpjj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qc7g-qpr2-qpjj", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-33130" + ], + "details": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33130" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260043" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-120" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq5r-98hh-rxc9/GHSA-qq5r-98hh-rxc9.json b/advisories/unreviewed/2026/02/GHSA-qq5r-98hh-rxc9/GHSA-qq5r-98hh-rxc9.json new file mode 100644 index 0000000000000..fc7fa835ba62e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq5r-98hh-rxc9/GHSA-qq5r-98hh-rxc9.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq5r-98hh-rxc9", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2026-24733" + ], + "details": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24733" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/6xk3t65qpn1myp618krtfotbjn1qt90f" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-20" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:56Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qvhf-98cj-8779/GHSA-qvhf-98cj-8779.json b/advisories/unreviewed/2026/02/GHSA-qvhf-98cj-8779/GHSA-qvhf-98cj-8779.json new file mode 100644 index 0000000000000..37c01fdb58dfe --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qvhf-98cj-8779/GHSA-qvhf-98cj-8779.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qvhf-98cj-8779", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2026-26731" + ], + "details": "TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the routernamer`parameter in the formDnsv6 function.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26731" + }, + { + "type": "WEB", + "url": "https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RU-boa-formDnsv6-StackOverflow" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:57Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json b/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json index 4f85327475fc1..eaa933b28c760 100644 --- a/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json +++ b/advisories/unreviewed/2026/02/GHSA-qxp9-w6x3-f25v/GHSA-qxp9-w6x3-f25v.json @@ -50,7 +50,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-rgxp-2hwp-jwgg/GHSA-rgxp-2hwp-jwgg.json b/advisories/unreviewed/2026/02/GHSA-rgxp-2hwp-jwgg/GHSA-rgxp-2hwp-jwgg.json index 93969a7a35a07..8f013e4c3e9fe 100644 --- a/advisories/unreviewed/2026/02/GHSA-rgxp-2hwp-jwgg/GHSA-rgxp-2hwp-jwgg.json +++ b/advisories/unreviewed/2026/02/GHSA-rgxp-2hwp-jwgg/GHSA-rgxp-2hwp-jwgg.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-rgxp-2hwp-jwgg", - "modified": "2026-02-17T15:31:35Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-17T15:31:35Z", "aliases": [ "CVE-2026-25087" @@ -26,6 +26,10 @@ { "type": "WEB", "url": "https://lists.apache.org/thread/mpm4ld1qony30tchfpjtk5b11tcyvmwh" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2026/02/17/4" } ], "database_specific": { diff --git a/advisories/unreviewed/2026/02/GHSA-rm24-2x6v-8w7f/GHSA-rm24-2x6v-8w7f.json b/advisories/unreviewed/2026/02/GHSA-rm24-2x6v-8w7f/GHSA-rm24-2x6v-8w7f.json new file mode 100644 index 0000000000000..a150f302cc657 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rm24-2x6v-8w7f/GHSA-rm24-2x6v-8w7f.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rm24-2x6v-8w7f", + "modified": "2026-02-17T21:31:15Z", + "published": "2026-02-17T21:31:15Z", + "aliases": [ + "CVE-2026-2622" + ], + "details": "A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2622" + }, + { + "type": "WEB", + "url": "https://fx4tqqfvdw4.feishu.cn/docx/AXa1dpliBomr2Ox6dYJc6jJInEb" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346273" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346273" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.751987" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json b/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json index 7618ec7972a42..82543f1d908da 100644 --- a/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json +++ b/advisories/unreviewed/2026/02/GHSA-v5g8-2q7f-c524/GHSA-v5g8-2q7f-c524.json @@ -58,7 +58,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json b/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json new file mode 100644 index 0000000000000..25e79b3d76e98 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v929-j8mj-vc74", + "modified": "2026-02-17T21:31:15Z", + "published": "2026-02-17T21:31:15Z", + "aliases": [ + "CVE-2026-23598" + ], + "details": "Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23598" + }, + { + "type": "WEB", + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vp3m-qh4p-wg7c/GHSA-vp3m-qh4p-wg7c.json b/advisories/unreviewed/2026/02/GHSA-vp3m-qh4p-wg7c/GHSA-vp3m-qh4p-wg7c.json new file mode 100644 index 0000000000000..f481da1a92ba1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vp3m-qh4p-wg7c/GHSA-vp3m-qh4p-wg7c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vp3m-qh4p-wg7c", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2026-0102" + ], + "details": "Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0102" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-359" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vq48-824m-7qhf/GHSA-vq48-824m-7qhf.json b/advisories/unreviewed/2026/02/GHSA-vq48-824m-7qhf/GHSA-vq48-824m-7qhf.json index 785e1070bd02b..7ff2918c99944 100644 --- a/advisories/unreviewed/2026/02/GHSA-vq48-824m-7qhf/GHSA-vq48-824m-7qhf.json +++ b/advisories/unreviewed/2026/02/GHSA-vq48-824m-7qhf/GHSA-vq48-824m-7qhf.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-vq48-824m-7qhf", - "modified": "2026-02-17T15:31:35Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-17T15:31:35Z", "aliases": [ "CVE-2026-22208" ], "details": "OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues. An attacker can provide a malicious S-100 portrayal catalogue containing Lua scripts that execute arbitrary commands with the privileges of the OpenS100 process when a user imports the catalogue and loads a chart.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-vw2m-h749-pv59/GHSA-vw2m-h749-pv59.json b/advisories/unreviewed/2026/02/GHSA-vw2m-h749-pv59/GHSA-vw2m-h749-pv59.json new file mode 100644 index 0000000000000..70460d5124236 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vw2m-h749-pv59/GHSA-vw2m-h749-pv59.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vw2m-h749-pv59", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2025-36018" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36018" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:54Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2v5-vxvg-mqgh/GHSA-w2v5-vxvg-mqgh.json b/advisories/unreviewed/2026/02/GHSA-w2v5-vxvg-mqgh/GHSA-w2v5-vxvg-mqgh.json index 9b62631b0baa6..a3c5d1f63ae8c 100644 --- a/advisories/unreviewed/2026/02/GHSA-w2v5-vxvg-mqgh/GHSA-w2v5-vxvg-mqgh.json +++ b/advisories/unreviewed/2026/02/GHSA-w2v5-vxvg-mqgh/GHSA-w2v5-vxvg-mqgh.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-w2v5-vxvg-mqgh", - "modified": "2026-02-17T18:32:57Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-17T18:32:57Z", "aliases": [ "CVE-2025-67905" ], "details": "Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an attacker must create a file in a given folder path and intercept the application log file deletion flow.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-269" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-17T17:21:04Z" diff --git a/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json b/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json index fb983741d1b02..642990f28e6a5 100644 --- a/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json +++ b/advisories/unreviewed/2026/02/GHSA-w7gq-6p98-xh22/GHSA-w7gq-6p98-xh22.json @@ -50,7 +50,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-94" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-wj4m-c5pc-p9r9/GHSA-wj4m-c5pc-p9r9.json b/advisories/unreviewed/2026/02/GHSA-wj4m-c5pc-p9r9/GHSA-wj4m-c5pc-p9r9.json new file mode 100644 index 0000000000000..e553b9435d6ab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wj4m-c5pc-p9r9/GHSA-wj4m-c5pc-p9r9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wj4m-c5pc-p9r9", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-33089" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33089" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-798" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wm8j-hgw9-h534/GHSA-wm8j-hgw9-h534.json b/advisories/unreviewed/2026/02/GHSA-wm8j-hgw9-h534/GHSA-wm8j-hgw9-h534.json new file mode 100644 index 0000000000000..f8c52c623738e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wm8j-hgw9-h534/GHSA-wm8j-hgw9-h534.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wm8j-hgw9-h534", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-27899" + ], + "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27899" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259901" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-526" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wmq7-3p89-w6h8/GHSA-wmq7-3p89-w6h8.json b/advisories/unreviewed/2026/02/GHSA-wmq7-3p89-w6h8/GHSA-wmq7-3p89-w6h8.json index 426b38feca13c..39700aa88f517 100644 --- a/advisories/unreviewed/2026/02/GHSA-wmq7-3p89-w6h8/GHSA-wmq7-3p89-w6h8.json +++ b/advisories/unreviewed/2026/02/GHSA-wmq7-3p89-w6h8/GHSA-wmq7-3p89-w6h8.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-862" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-wrgv-jmfr-c4gr/GHSA-wrgv-jmfr-c4gr.json b/advisories/unreviewed/2026/02/GHSA-wrgv-jmfr-c4gr/GHSA-wrgv-jmfr-c4gr.json new file mode 100644 index 0000000000000..a0d94f20b63a4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrgv-jmfr-c4gr/GHSA-wrgv-jmfr-c4gr.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrgv-jmfr-c4gr", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-36379" + ], + "details": "IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36379" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260390" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-326" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T21:22:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrqj-g5w9-qq86/GHSA-wrqj-g5w9-qq86.json b/advisories/unreviewed/2026/02/GHSA-wrqj-g5w9-qq86/GHSA-wrqj-g5w9-qq86.json new file mode 100644 index 0000000000000..3aeb4bad3c3c4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wrqj-g5w9-qq86/GHSA-wrqj-g5w9-qq86.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wrqj-g5w9-qq86", + "modified": "2026-02-17T21:31:14Z", + "published": "2026-02-17T21:31:14Z", + "aliases": [ + "CVE-2025-27901" + ], + "details": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27901" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259901" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-644" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T20:22:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json b/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json index 46321191a0f21..31fc90fce35ae 100644 --- a/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json +++ b/advisories/unreviewed/2026/02/GHSA-wxpc-f9fq-w9pq/GHSA-wxpc-f9fq-w9pq.json @@ -46,7 +46,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-610" + "CWE-610", + "CWE-611" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-x7fc-g3mg-7h5h/GHSA-x7fc-g3mg-7h5h.json b/advisories/unreviewed/2026/02/GHSA-x7fc-g3mg-7h5h/GHSA-x7fc-g3mg-7h5h.json new file mode 100644 index 0000000000000..dd8b316fefb88 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x7fc-g3mg-7h5h/GHSA-x7fc-g3mg-7h5h.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x7fc-g3mg-7h5h", + "modified": "2026-02-17T21:31:13Z", + "published": "2026-02-17T21:31:13Z", + "aliases": [ + "CVE-2024-43178" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43178" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260162" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-327" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T19:21:53Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json b/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json index 15217ea7fcdc0..de22b2120f16e 100644 --- a/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json +++ b/advisories/unreviewed/2026/02/GHSA-xpp8-qpcr-c3rg/GHSA-xpp8-qpcr-c3rg.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-xpp8-qpcr-c3rg", - "modified": "2026-02-13T21:31:39Z", + "modified": "2026-02-17T21:31:13Z", "published": "2026-02-13T21:31:39Z", "aliases": [ "CVE-2026-2441" @@ -26,6 +26,10 @@ { "type": "WEB", "url": "https://issues.chromium.org/issues/483569511" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-2441" } ], "database_specific": { From cc1f14b68a87f678dc7dc76839740b991eb37655 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Feb 2026 21:38:00 +0000 Subject: [PATCH 068/222] Publish Advisories GHSA-4rj2-gpmh-qq5x GHSA-fhvm-j76f-qmjv GHSA-pchc-86f6-8758 GHSA-r5h9-vjqc-hq3r GHSA-rmxw-jxxx-4cpc --- .../GHSA-4rj2-gpmh-qq5x.json | 63 +++++++++++++ .../GHSA-fhvm-j76f-qmjv.json | 75 ++++++++++++++++ .../GHSA-pchc-86f6-8758.json | 88 +++++++++++++++++++ .../GHSA-r5h9-vjqc-hq3r.json | 70 +++++++++++++++ .../GHSA-rmxw-jxxx-4cpc.json | 63 +++++++++++++ 5 files changed, 359 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-4rj2-gpmh-qq5x/GHSA-4rj2-gpmh-qq5x.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-fhvm-j76f-qmjv/GHSA-fhvm-j76f-qmjv.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-pchc-86f6-8758/GHSA-pchc-86f6-8758.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-r5h9-vjqc-hq3r/GHSA-r5h9-vjqc-hq3r.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-rmxw-jxxx-4cpc/GHSA-rmxw-jxxx-4cpc.json diff --git a/advisories/github-reviewed/2026/02/GHSA-4rj2-gpmh-qq5x/GHSA-4rj2-gpmh-qq5x.json b/advisories/github-reviewed/2026/02/GHSA-4rj2-gpmh-qq5x/GHSA-4rj2-gpmh-qq5x.json new file mode 100644 index 0000000000000..4d6bd69616268 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-4rj2-gpmh-qq5x/GHSA-4rj2-gpmh-qq5x.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4rj2-gpmh-qq5x", + "modified": "2026-02-17T21:36:34Z", + "published": "2026-02-17T21:36:34Z", + "aliases": [], + "summary": "OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)", + "details": "### Summary\n\nAn authentication bypass in the optional `voice-call` extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to `allowlist` or `pairing`.\n\nDeployments that do not install/enable the `voice-call` extension are not affected.\n\n### Affected Packages / Versions\n\n- `openclaw` (npm): `<= 2026.2.1`\n- Fixed in: `>= 2026.2.2`\n\n### Details\n\nIn affected versions (for example `2026.2.1`), the inbound allowlist check in `extensions/voice-call/src/manager.ts` used suffix-based matching and accepted empty caller IDs after normalization.\n\nThis allowed two bypasses:\n\n1. Missing/empty `from` values normalized to an empty string, which caused the allowlist predicate to evaluate as allowed.\n2. Suffix-based matching meant any caller number whose digits ended with an allowlisted number would be accepted.\n\n### Proof Of Concept\n\n1. Configure the voice-call extension with `inboundPolicy: allowlist` and `allowFrom: [\"+15550001234\"]`.\n2. Place/trigger an inbound call with missing/empty caller ID (provider-dependent; for example anonymous/restricted caller). The call is accepted.\n3. Place a call from a number whose E.164 digits end with `15550001234` (for example `+99915550001234`). The call is accepted.\n\n### Impact\n\nOnly operators who install/enable the optional `voice-call` extension and use `inboundPolicy=allowlist` or `pairing` could have inbound access controls bypassed, potentially allowing unauthorized callers to reach auto-response and tool execution.\n\n### Fix\n\nThe fix hardens inbound policy handling:\n\n- Reject inbound calls when caller ID is missing.\n- Require strict equality when comparing normalized caller IDs against the allowlist (no suffix/prefix matching).\n- Add regression tests for missing caller ID, anonymous caller ID, and suffix-collision cases.\n\nFix commit(s):\n\n- `f8dfd034f5d9235c5485f492a9e4ccc114e97fdb`\n\nThanks @simecek for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.2" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4rj2-gpmh-qq5x" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/f8dfd034f5d9235c5485f492a9e4ccc114e97fdb" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "CRITICAL", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:36:34Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-fhvm-j76f-qmjv/GHSA-fhvm-j76f-qmjv.json b/advisories/github-reviewed/2026/02/GHSA-fhvm-j76f-qmjv/GHSA-fhvm-j76f-qmjv.json new file mode 100644 index 0000000000000..02ab6913acbbe --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-fhvm-j76f-qmjv/GHSA-fhvm-j76f-qmjv.json @@ -0,0 +1,75 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fhvm-j76f-qmjv", + "modified": "2026-02-17T21:34:36Z", + "published": "2026-02-17T21:34:36Z", + "aliases": [], + "summary": "OpenClaw has a potential access-group authorization bypass if channel type lookup fails", + "details": "## Summary\n\nWhen Telegram webhook mode is enabled without a configured webhook secret, OpenClaw may accept unauthenticated HTTP POST requests at the Telegram webhook endpoint and trust attacker-controlled update JSON. This can allow forged Telegram updates that spoof `message.from.id` / `chat.id`, potentially bypassing sender allowlists and executing privileged bot commands.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.1.30`\n- Patched: `>= 2026.2.1`\n\n## Impact\n\nAn attacker who can reach the webhook endpoint can forge Telegram updates and impersonate allowlisted/paired senders by spoofing fields in the webhook payload (for example `message.from.id`). Impact depends on enabled commands/tools and the deployment’s network exposure.\n\n## Mitigations / Workarounds\n\n- Configure a strong `channels.telegram.webhookSecret` and ensure your reverse proxy forwards the `X-Telegram-Bot-Api-Secret-Token` header unchanged.\n\n## Fix Commit(s)\n\n- ca92597e1f9593236ad86810b66633144b69314d (config validation: `webhookUrl` requires `webhookSecret`)\n\nDefense-in-depth / supporting fixes:\n\n- 5643a934799dc523ec2ef18c007e1aa2c386b670 (default webhook listener bind host to loopback)\n- 3cbcba10cf30c2ffb898f0d8c7dfb929f15f8930 (bound webhook request body size/time)\n- 633fe8b9c17f02fcc68ecdb5ec212a5ace932f09 (runtime guard: reject webhook startup when secret is missing/empty)\n\n## Release Process Note\n\n`patched_versions` is set to the first fixed release (`2026.2.1`).\n\nThanks @yueyueL for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fhvm-j76f-qmjv" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/3cbcba10cf30c2ffb898f0d8c7dfb929f15f8930" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/5643a934799dc523ec2ef18c007e1aa2c386b670" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/633fe8b9c17f02fcc68ecdb5ec212a5ace932f09" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/ca92597e1f9593236ad86810b66633144b69314d" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-285" + ], + "severity": "CRITICAL", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:34:36Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-pchc-86f6-8758/GHSA-pchc-86f6-8758.json b/advisories/github-reviewed/2026/02/GHSA-pchc-86f6-8758/GHSA-pchc-86f6-8758.json new file mode 100644 index 0000000000000..be7cb922e9814 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-pchc-86f6-8758/GHSA-pchc-86f6-8758.json @@ -0,0 +1,88 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pchc-86f6-8758", + "modified": "2026-02-17T21:33:51Z", + "published": "2026-02-17T21:33:51Z", + "aliases": [ + "CVE-2026-26316" + ], + "summary": "OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust", + "details": "### Summary\n\nIn affected versions, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when the configured webhook secret was missing or incorrect. This does not affect the default iMessage integration unless BlueBubbles is installed and enabled.\n\n### Affected Packages / Versions\n\n- npm: `openclaw` `< 2026.2.13`\n- npm: `@openclaw/bluebubbles` `< 2026.2.13`\n\n### Details\n\nIf a deployment exposes the BlueBubbles webhook endpoint through a same-host reverse proxy (or an attacker can reach loopback via SSRF), an unauthenticated party may be able to inject inbound webhook events into the agent pipeline.\n\n### Fix Commit(s)\n\n- f836c385ffc746cb954e8ee409f99d079bfdcd2f\n- 743f4b28495cdeb0d5bf76f6ebf4af01f6a02e5a (defense-in-depth)\n\n### Mitigations\n\n- Set a non-empty BlueBubbles webhook password.\n- Avoid deployments where a public-facing reverse proxy forwards to a loopback-bound Gateway without strong upstream authentication.\n\nThanks @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.13" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "@openclaw/bluebubbles" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.13" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pchc-86f6-8758" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/743f4b28495cdeb0d5bf76f6ebf4af01f6a02e5a" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/f836c385ffc746cb954e8ee409f99d079bfdcd2f" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.12" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:33:51Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-r5h9-vjqc-hq3r/GHSA-r5h9-vjqc-hq3r.json b/advisories/github-reviewed/2026/02/GHSA-r5h9-vjqc-hq3r/GHSA-r5h9-vjqc-hq3r.json new file mode 100644 index 0000000000000..d8abd5797eaa7 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-r5h9-vjqc-hq3r/GHSA-r5h9-vjqc-hq3r.json @@ -0,0 +1,70 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r5h9-vjqc-hq3r", + "modified": "2026-02-17T21:36:15Z", + "published": "2026-02-17T21:36:15Z", + "aliases": [], + "summary": "Nextcloud Talk allowlist bypass via actor.name display name spoofing", + "details": "## Summary\n\nIn affected versions of the optional Nextcloud Talk plugin (installed separately; not bundled with the core OpenClaw install), an untrusted webhook field (`actor.name`, display name) could be treated as an allowlist identifier. An attacker could change their Nextcloud display name to match an allowlisted user ID and bypass DM or room allowlists.\n\n## Details\n\nNextcloud Talk webhook payloads provide a stable sender identifier (`actor.id`) and a mutable display name (`actor.name`). In affected versions, the plugin’s allowlist matching accepted equality on the display name, which is attacker-controlled.\n\n## Affected Packages / Versions\n\n- Package: `@openclaw/nextcloud-talk` (npm)\n- Affected: `<= 2026.2.2`\n- Fixed: `>= 2026.2.6`\n\nNote: This advisory applies to the optional Nextcloud Talk plugin package. Core `openclaw` is not impacted unless you installed and use `@openclaw/nextcloud-talk`.\n\n## Fix Commit(s)\n\n- [6b4b6049b47c3329a7014509594647826669892d](https://github.com/openclaw/openclaw/commit/6b4b6049b47c3329a7014509594647826669892d)\n\n## Timeline\n\n- Introduced: [660f87278c9f292061e097441e0b10c20d62b31b](https://github.com/openclaw/openclaw/commit/660f87278c9f292061e097441e0b10c20d62b31b) (2026-01-20)\n- Fixed in repo: [6b4b6049b47c3329a7014509594647826669892d](https://github.com/openclaw/openclaw/commit/6b4b6049b47c3329a7014509594647826669892d) (2026-02-04 UTC)\n- First fixed tag containing the change: [v2026.2.3](https://github.com/openclaw/openclaw/releases/tag/v2026.2.3)\n- First fixed npm release of `@openclaw/nextcloud-talk`: `2026.2.6` (published 2026-02-07 UTC)\n\n## Mitigation\n\nUpgrade `@openclaw/nextcloud-talk` to `>= 2026.2.6`.\n\n## Release Process Note\n\nThe patched version range is set to the first npm release that contains the fix. Once you are ready, you can publish this advisory without additional version edits.\n\nThanks @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "@openclaw/nextcloud-talk" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.6" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2026.2.2" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r5h9-vjqc-hq3r" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/660f87278c9f292061e097441e0b10c20d62b31b" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/6b4b6049b47c3329a7014509594647826669892d" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.3" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-290" + ], + "severity": "CRITICAL", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:36:15Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-rmxw-jxxx-4cpc/GHSA-rmxw-jxxx-4cpc.json b/advisories/github-reviewed/2026/02/GHSA-rmxw-jxxx-4cpc/GHSA-rmxw-jxxx-4cpc.json new file mode 100644 index 0000000000000..5cebf9e6d09dd --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-rmxw-jxxx-4cpc/GHSA-rmxw-jxxx-4cpc.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rmxw-jxxx-4cpc", + "modified": "2026-02-17T21:34:17Z", + "published": "2026-02-17T21:34:17Z", + "aliases": [], + "summary": "OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching", + "details": "### Summary\n\nOpenClaw Matrix DM allowlist matching could be bypassed in certain configurations.\n\nMatrix support ships as an optional plugin (not bundled with the core install), so this only affects deployments that have installed and enabled the Matrix plugin.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `>= 2026.1.14-1, < 2026.2.2`\n- Patched: `>= 2026.2.2`\n\n### Details\n\nIn affected versions, DM allowlist decisions could be made by exact-matching `channels.matrix.dm.allowFrom` entries against multiple sender-derived candidates, including:\n\n- The sender display name (attacker-controlled and non-unique)\n- The sender MXID localpart with the homeserver discarded, so `@alice:evil.example` and `@alice:trusted.example` both match `alice`\n\nIf an operator configured `channels.matrix.dm.allowFrom` with display names or bare localparts (for example, `\"Alice\"` or `\"alice\"`), a remote Matrix user may be able to impersonate an allowed identity for allowlist purposes and reach the routing/agent pipeline.\n\n### Impact\n\nMatrix DM allowlist identity confusion. The practical impact depends on your Matrix channel policies and what capabilities are enabled downstream.\n\n### Mitigation\n\n- Upgrade to `openclaw >= 2026.2.2`.\n- Ensure Matrix allowlists contain only full Matrix user IDs (MXIDs) like `@user:server` (or `*`). Do not use display names or bare localparts.\n\n### Fix Commit(s)\n\n- `8f3bfbd1c4fb967a2ddb5b4b9a05784920814bcf`\n\n### Release Process Note\n\nThe patched version is already published to npm; the advisory can be published once you're ready.\n\nThanks @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.14-1" + }, + { + "fixed": "2026.2.2" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rmxw-jxxx-4cpc" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/8f3bfbd1c4fb967a2ddb5b4b9a05784920814bcf" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-290" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:34:17Z", + "nvd_published_at": null + } +} \ No newline at end of file From d0c143e821b0561830127aa5001dc71e14ed0c3e Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Feb 2026 21:41:47 +0000 Subject: [PATCH 069/222] Publish Advisories GHSA-236c-vhj4-gfxg GHSA-33rq-m5x2-fvgf GHSA-4hg8-92x6-h2f3 GHSA-7vwx-582j-j332 GHSA-mqpw-46fh-299h GHSA-qrq5-wjgg-rvqw GHSA-236c-vhj4-gfxg --- .../GHSA-236c-vhj4-gfxg.json | 112 ++++++++++++++++++ .../GHSA-33rq-m5x2-fvgf.json | 63 ++++++++++ .../GHSA-4hg8-92x6-h2f3.json | 69 +++++++++++ .../GHSA-7vwx-582j-j332.json | 63 ++++++++++ .../GHSA-mqpw-46fh-299h.json | 56 +++++++++ .../GHSA-qrq5-wjgg-rvqw.json | 63 ++++++++++ .../GHSA-236c-vhj4-gfxg.json | 45 ------- 7 files changed, 426 insertions(+), 45 deletions(-) create mode 100644 advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-33rq-m5x2-fvgf/GHSA-33rq-m5x2-fvgf.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-4hg8-92x6-h2f3/GHSA-4hg8-92x6-h2f3.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-7vwx-582j-j332/GHSA-7vwx-582j-j332.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-mqpw-46fh-299h/GHSA-mqpw-46fh-299h.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-qrq5-wjgg-rvqw/GHSA-qrq5-wjgg-rvqw.json delete mode 100644 advisories/unreviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json diff --git a/advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json b/advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json new file mode 100644 index 0000000000000..5e254e659881b --- /dev/null +++ b/advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json @@ -0,0 +1,112 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-236c-vhj4-gfxg", + "modified": "2026-02-17T21:40:20Z", + "published": "2022-05-25T00:00:31Z", + "withdrawn": "2026-02-17T21:40:20Z", + "aliases": [], + "summary": "Duplicate Advisory: Embedded malware in ua-parser-js", + "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "ua-parser-js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.7.29" + }, + { + "fixed": "0.7.30" + } + ] + } + ], + "versions": [ + "0.7.29" + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "ua-parser-js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.8.0" + }, + { + "fixed": "0.8.1" + } + ] + } + ], + "versions": [ + "0.8.0" + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "ua-parser-js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.0.0" + }, + { + "fixed": "1.0.1" + } + ] + } + ], + "versions": [ + "1.0.0" + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4229" + }, + { + "type": "WEB", + "url": "https://github.com/faisalman/ua-parser-js/issues/536" + }, + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-pjwm-rvh2-c87w" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.185453" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-829", + "CWE-912" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:40:20Z", + "nvd_published_at": "2022-05-24T16:15:00Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-33rq-m5x2-fvgf/GHSA-33rq-m5x2-fvgf.json b/advisories/github-reviewed/2026/02/GHSA-33rq-m5x2-fvgf/GHSA-33rq-m5x2-fvgf.json new file mode 100644 index 0000000000000..0f3179a684a60 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-33rq-m5x2-fvgf/GHSA-33rq-m5x2-fvgf.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-33rq-m5x2-fvgf", + "modified": "2026-02-17T21:37:55Z", + "published": "2026-02-17T21:37:55Z", + "aliases": [], + "summary": "OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline", + "details": "### Summary\n\nIn the optional Twitch channel plugin (`extensions/twitch`), `allowFrom` is documented as a hard allowlist of Twitch user IDs, but it was not enforced as a hard gate. If `allowedRoles` is unset or empty, the access control path defaulted to allow, so any Twitch user who could mention the bot could reach the agent dispatch pipeline.\n\n**Scope note:** This only affects deployments that installed and enabled the Twitch plugin. Core OpenClaw installs that do not install/enable the Twitch plugin are not impacted.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `>= 2026.1.29, < 2026.2.1`\n- Fixed: `>= 2026.2.1`\n\n### Details\n\nAffected component: Twitch plugin access control (`extensions/twitch/src/access-control.ts`).\n\nProblematic logic in `checkTwitchAccessControl()`:\n\n- When `allowFrom` was configured, the code returned `allowed: true` for members but did not return `allowed: false` for non-members, so execution fell through.\n- If `allowedRoles` was unset or empty, the function returned `allowed: true` by default, even when `allowFrom` was configured.\n\n### Proof of Concept (PoC)\n\n1. Install and enable the Twitch plugin.\n2. Configure an `allowFrom` list, but do not set `allowedRoles` (or set it to an empty list).\n3. From a different Twitch account whose user ID is NOT in `allowFrom`, send a message that mentions the bot (for example `@ hello`).\n4. Observe the message is processed and can trigger agent dispatch/replies despite not being allowlisted.\n\n### Impact\n\nAuthorization bypass for operators who relied on `allowFrom` to restrict who can invoke the bot in Twitch chat. Depending on configuration (tools, routing, model costs), this could lead to unintended actions/responses and resource or cost exhaustion.\n\n### Fix Commit(s)\n\n- `8c7901c984866a776eb59662dc9d8b028de4f0d0`\n\n### Workaround\n\nUpgrade to `openclaw >= 2026.2.1`.\n\nThanks @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.29" + }, + { + "fixed": "2026.2.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-33rq-m5x2-fvgf" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/8c7901c984866a776eb59662dc9d8b028de4f0d0" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-285" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:37:55Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-4hg8-92x6-h2f3/GHSA-4hg8-92x6-h2f3.json b/advisories/github-reviewed/2026/02/GHSA-4hg8-92x6-h2f3/GHSA-4hg8-92x6-h2f3.json new file mode 100644 index 0000000000000..3de18c6a5137c --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-4hg8-92x6-h2f3/GHSA-4hg8-92x6-h2f3.json @@ -0,0 +1,69 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4hg8-92x6-h2f3", + "modified": "2026-02-17T21:40:47Z", + "published": "2026-02-17T21:40:46Z", + "aliases": [ + "CVE-2026-26319" + ], + "summary": "OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests", + "details": "## Summary\n\nIn affected versions, OpenClaw's optional `@openclaw/voice-call` plugin Telnyx webhook handler could accept unsigned inbound webhook requests when `telnyx.publicKey` was not configured, allowing unauthenticated callers to forge Telnyx events.\n\nThis only impacts deployments where the Voice Call plugin is installed, enabled, and the webhook endpoint is reachable from the attacker (for example, publicly exposed via a tunnel/proxy).\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.2.13`\n- Fixed: `>= 2026.2.14` (planned)\n\n## Details\n\nTelnyx webhooks are expected to be authenticated via Ed25519 signature verification.\n\nIn affected versions, `TelnyxProvider.verifyWebhook()` could effectively fail open when no Telnyx public key was configured, allowing arbitrary HTTP POST requests to the voice-call webhook endpoint to be treated as legitimate Telnyx events.\n\n## Fix\n\nThe fix makes Telnyx webhook verification fail closed by default and requires `telnyx.publicKey` (or `TELNYX_PUBLIC_KEY`) to be configured.\n\nA signature verification bypass exists only for local development via `skipSignatureVerification: true`, which is off by default, emits a loud startup warning, and should not be used in production.\n\nThis requirement is documented in the Voice Call plugin docs.\n\n## Fix Commit(s)\n\n- `29b587e73cbdc941caec573facd16e87d52f007b`\n- `f47584fec` (centralized verification helper + stronger tests)\n\n## Workarounds\n\n- Configure `plugins.entries.voice-call.config.telnyx.publicKey` (or `TELNYX_PUBLIC_KEY`) to enable signature verification.\n- Only for local development: set `skipSignatureVerification: true`.\n\nThanks @p80n-sec for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4hg8-92x6-h2f3" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/29b587e73cbdc941caec573facd16e87d52f007b" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/f47584fec86d6d73f2d483043a2ad0e7e3c50411" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:40:46Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-7vwx-582j-j332/GHSA-7vwx-582j-j332.json b/advisories/github-reviewed/2026/02/GHSA-7vwx-582j-j332/GHSA-7vwx-582j-j332.json new file mode 100644 index 0000000000000..87f1abd906f06 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-7vwx-582j-j332/GHSA-7vwx-582j-j332.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7vwx-582j-j332", + "modified": "2026-02-17T21:38:14Z", + "published": "2026-02-17T21:38:14Z", + "aliases": [], + "summary": "OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains", + "details": "## Summary\n\nNOTE: This only affects deployments that enable the optional MS Teams extension (Teams channel). If you do not use MS Teams, you are not impacted.\n\nWhen OpenClaw downloads inbound MS Teams attachments / inline images, it may retry a URL with an `Authorization: Bearer ` header after receiving `401` or `403`.\n\nBecause the default download allowlist uses suffix matching (and includes some multi-tenant suffix domains), a message that references an untrusted but allowlisted host could cause that bearer token to be sent to the wrong place.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Vulnerable: `<= 2026.1.30`\n- Patched: `>= 2026.2.1`\n\n## Fix\n\n- Fix commit: `41cc5bcd4f1d434ad1bbdfa55b56f25025ecbf6b`\n- Upgrade to `openclaw >= 2026.2.1`\n\n## Workarounds\n\n- If you do not need MS Teams, disable the MS Teams extension.\n- If you must stay on an older version, ensure the auth host allowlist is strict (only Microsoft-owned endpoints that require auth) and avoid wildcard or broad suffix entries.\n\n## Credits\n\nThanks @yueyueL for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7vwx-582j-j332" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/41cc5bcd4f1d434ad1bbdfa55b56f25025ecbf6b" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-201" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:38:14Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-mqpw-46fh-299h/GHSA-mqpw-46fh-299h.json b/advisories/github-reviewed/2026/02/GHSA-mqpw-46fh-299h/GHSA-mqpw-46fh-299h.json new file mode 100644 index 0000000000000..015b297f92f86 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-mqpw-46fh-299h/GHSA-mqpw-46fh-299h.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mqpw-46fh-299h", + "modified": "2026-02-17T21:39:11Z", + "published": "2026-02-17T21:39:11Z", + "aliases": [], + "summary": "OpenClaw authorization bypass: operator.write can resolve exec approvals via chat.send -> /approve", + "details": "## Summary\n\n### What this means (plain language)\n\nIf you give a client “chat/write” access to the gateway (`operator.write`) but you do not intend to let that client approve exec requests (`operator.approvals`), affected versions could still let that client approve/deny a pending exec approval by sending the `/approve` chat command.\n\nThis is mainly relevant for shared or multi-client setups where different tokens are intentionally scoped differently. Single-operator installs are typically less impacted.\n\n### Technical summary\n\nA gateway client authenticated with a device token scoped only to `operator.write` (without `operator.approvals`) could approve/deny pending exec approval requests by sending a chat message containing the built-in `/approve` command.\n\n`exec.approval.resolve` is correctly scoped to `operator.approvals` for direct RPC calls, but the `/approve` command path invoked it via an internal privileged gateway client.\n\n## Affected Packages / Versions\n\n- `openclaw` (npm): `< 2026.2.2`\n\n## Fix\n\n- Fixed in `openclaw` `2026.2.2`.\n- Fix commit(s): `efe2a464afcff55bb5a95b959e6bd9ec0fef086e`.\n- Change: when `/approve` is invoked from gateway clients (webchat/internal channel), it now requires the requesting client to have `operator.approvals` (or `operator.admin`).\n\n## Workarounds\n\n- Upgrade to `openclaw >= 2026.2.2`.\n- If you cannot upgrade: avoid issuing write-only device tokens to untrusted clients; disable text commands (`commands.text=false`) or restrict access to the webchat/control UI.\n\n## References\n\n- Fix: `src/auto-reply/reply/commands-approve.ts`\n- Coverage: `src/auto-reply/reply/commands-approve.test.ts`\n\n## Release Process Note\n\nThis advisory is kept in draft; once the fixed npm versions are available, it can be published without further edits.\n\nThanks @yueyueL for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.2" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mqpw-46fh-299h" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269", + "CWE-863" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:39:11Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-qrq5-wjgg-rvqw/GHSA-qrq5-wjgg-rvqw.json b/advisories/github-reviewed/2026/02/GHSA-qrq5-wjgg-rvqw/GHSA-qrq5-wjgg-rvqw.json new file mode 100644 index 0000000000000..601c34ccaea0c --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-qrq5-wjgg-rvqw/GHSA-qrq5-wjgg-rvqw.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qrq5-wjgg-rvqw", + "modified": "2026-02-17T21:39:24Z", + "published": "2026-02-17T21:39:24Z", + "aliases": [], + "summary": "OpenClaw has a Path Traversal in Plugin Installation", + "details": "### Summary\n\nOpenClaw's plugin installation path derivation could be abused by a malicious plugin `package.json` `name` to escape the intended extensions directory and write files to a parent directory.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `>= 2026.1.20, < 2026.2.1`\n- Fixed: `>= 2026.2.1`\n- Latest published as of 2026-02-14: `2026.2.13` (not affected)\n\n### Details\n\nIn affected versions, the plugin installer derives the on-disk install directory from the plugin manifest name without robust validation.\n\nExample (POSIX / macOS / Linux):\n\n- Manifest name: `@malicious/..`\n- `unscopedPackageName(\"@malicious/..\")` yields `..`\n- The install directory becomes `path.join(extensionsDir, \"..\")`, which resolves to the parent of the extensions directory.\n\nThis can cause plugin files to be written into the OpenClaw state directory (default `~/.openclaw/`) rather than a subdirectory of `~/.openclaw/extensions/`.\n\nNote: on Windows, affected versions also failed to sanitize backslashes (`\\\\`) in the derived directory name, which can enable deeper traversal via crafted `pluginId` strings.\n\n### Impact\n\nThis issue requires a user/operator to install untrusted plugin content (for example via `openclaw plugins install`). In many deployments, plugin installation is an operator-only action and may be performed on a separate machine; that operational separation significantly reduces exposure for the primary gateway/runtime host.\n\nOn hosts where untrusted plugins are installed, this can lead to unintended file writes outside the extensions directory (potentially overwriting files under the OpenClaw state directory). On Windows, the traversal surface may extend further, within the privileges of the user running OpenClaw.\n\n### Fix\n\nFixed in `openclaw` `2026.2.1` by validating plugin IDs and ensuring the resolved install directory remains within the configured extensions base directory.\n\n### Fix Commit(s)\n\n- d03eca8450dc493b198a88b105fd180895238e57\n\nThanks @logicx24 for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.20" + }, + { + "fixed": "2026.2.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qrq5-wjgg-rvqw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/d03eca8450dc493b198a88b105fd180895238e5" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "CRITICAL", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:39:24Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json b/advisories/unreviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json deleted file mode 100644 index 214c9978d1ac0..0000000000000 --- a/advisories/unreviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-236c-vhj4-gfxg", - "modified": "2024-04-04T03:11:24Z", - "published": "2022-05-25T00:00:31Z", - "aliases": [ - "CVE-2021-4229" - ], - "details": "A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" - } - ], - "affected": [], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4229" - }, - { - "type": "WEB", - "url": "https://github.com/faisalman/ua-parser-js/issues/536" - }, - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-pjwm-rvh2-c87w" - }, - { - "type": "WEB", - "url": "https://vuldb.com/?id.185453" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-829", - "CWE-912" - ], - "severity": "HIGH", - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2022-05-24T16:15:00Z" - } -} \ No newline at end of file From 5e80a628aab2c78f059b0f804d63f522906e9c0b Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Feb 2026 21:45:24 +0000 Subject: [PATCH 070/222] Publish Advisories GHSA-7q2j-c4q5-rm27 GHSA-8jpq-5h99-ff5r GHSA-8mh7-phf8-xgfm GHSA-g6q9-8fvw-f7rf GHSA-h3f9-mjwj-w476 GHSA-jrvc-8ff5-2f9f --- .../GHSA-7q2j-c4q5-rm27.json | 65 +++++++++++++++++ .../GHSA-8jpq-5h99-ff5r.json | 65 +++++++++++++++++ .../GHSA-8mh7-phf8-xgfm.json | 69 +++++++++++++++++++ .../GHSA-g6q9-8fvw-f7rf.json | 65 +++++++++++++++++ .../GHSA-h3f9-mjwj-w476.json | 65 +++++++++++++++++ .../GHSA-jrvc-8ff5-2f9f.json | 65 +++++++++++++++++ 6 files changed, 394 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-7q2j-c4q5-rm27/GHSA-7q2j-c4q5-rm27.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-8jpq-5h99-ff5r/GHSA-8jpq-5h99-ff5r.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-8mh7-phf8-xgfm/GHSA-8mh7-phf8-xgfm.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-g6q9-8fvw-f7rf/GHSA-g6q9-8fvw-f7rf.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-h3f9-mjwj-w476/GHSA-h3f9-mjwj-w476.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-jrvc-8ff5-2f9f/GHSA-jrvc-8ff5-2f9f.json diff --git a/advisories/github-reviewed/2026/02/GHSA-7q2j-c4q5-rm27/GHSA-7q2j-c4q5-rm27.json b/advisories/github-reviewed/2026/02/GHSA-7q2j-c4q5-rm27/GHSA-7q2j-c4q5-rm27.json new file mode 100644 index 0000000000000..04aca933c996c --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-7q2j-c4q5-rm27/GHSA-7q2j-c4q5-rm27.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7q2j-c4q5-rm27", + "modified": "2026-02-17T21:41:40Z", + "published": "2026-02-17T21:41:40Z", + "aliases": [ + "CVE-2026-26320" + ], + "summary": "OpenClaw macOS deep link confirmation truncation can conceal executed agent message", + "details": "### Summary\nOpenClaw macOS desktop client registers the `openclaw://` URL scheme. For `openclaw://agent` deep links without an unattended `key`, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full message after the user clicked \"Run\".\n\nAt the time of writing, the OpenClaw macOS desktop client is still in beta.\n\nAn attacker could pad the message with whitespace to push a malicious payload outside the visible preview, increasing the chance a user approves a different message than the one that is actually executed.\n\n### Impact\nIf a user runs the deep link, the agent may perform actions that can lead to arbitrary command execution depending on the user's configured tool approvals/allowlists. This is a social-engineering mediated vulnerability: the confirmation prompt could be made to misrepresent the executed message.\n\n## Affected Versions\n- OpenClaw macOS desktop client versions >= 2026.2.6 and <= 2026.2.13.\n\n## Fixed Versions\n- 2026.2.14.\n\n### Mitigations\n- Do not approve unexpected \"Run OpenClaw agent?\" prompts triggered while browsing untrusted sites.\n- Use unattended deep links only with a valid `key` for trusted personal automations.\n\n### Resolution\nUnkeyed deep links now enforce a strict message length limit for confirmation and ignore delivery/routing knobs (`deliver`, `to`, `channel`) unless a valid unattended `key` is provided.\n\nFix commit: 28d9dd7a772501ccc3f71457b4adfee79084fe6f\n\n---\n\nFix commit 28d9dd7a772501ccc3f71457b4adfee79084fe6f confirmed on main and in v2026.2.14. Upgrade to `openclaw >= 2026.2.14`.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.2.6-0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7q2j-c4q5-rm27" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/28d9dd7a772501ccc3f71457b4adfee79084fe6f" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-451" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:41:40Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-8jpq-5h99-ff5r/GHSA-8jpq-5h99-ff5r.json b/advisories/github-reviewed/2026/02/GHSA-8jpq-5h99-ff5r/GHSA-8jpq-5h99-ff5r.json new file mode 100644 index 0000000000000..e93320993406d --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-8jpq-5h99-ff5r/GHSA-8jpq-5h99-ff5r.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8jpq-5h99-ff5r", + "modified": "2026-02-17T21:41:52Z", + "published": "2026-02-17T21:41:52Z", + "aliases": [ + "CVE-2026-26321" + ], + "summary": "OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension", + "details": "### Summary\nThe Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly.\n\n### Affected versions\n- `< 2026.2.14`\n\n### Patched versions\n- `>= 2026.2.14`\n\n### Impact\nIf an attacker can influence tool calls (directly or via prompt injection), they may be able to exfiltrate local files by supplying paths such as `/etc/passwd` as `mediaUrl`.\n\n### Remediation\nUpgrade to OpenClaw `2026.2.14` or newer.\n\n### Notes\nThe fix removes direct local file reads from this path and routes media loading through hardened helpers that enforce local-root restrictions.\n\n---\n\nFix commit 5b4121d60 confirmed on main and in v2026.2.14. Upgrade to `openclaw >= 2026.2.14`.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8jpq-5h99-ff5r" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/5b4121d6011a48c71e747e3c18197f180b872c5d" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:41:52Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-8mh7-phf8-xgfm/GHSA-8mh7-phf8-xgfm.json b/advisories/github-reviewed/2026/02/GHSA-8mh7-phf8-xgfm/GHSA-8mh7-phf8-xgfm.json new file mode 100644 index 0000000000000..51279fa50f1f1 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-8mh7-phf8-xgfm/GHSA-8mh7-phf8-xgfm.json @@ -0,0 +1,69 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8mh7-phf8-xgfm", + "modified": "2026-02-17T21:43:41Z", + "published": "2026-02-17T21:43:41Z", + "aliases": [ + "CVE-2026-26326" + ], + "summary": "OpenClaw skills.status could leak secrets to operator.read clients", + "details": "### Summary\n\n`skills.status` could disclose secrets to `operator.read` clients by returning raw resolved config values in `configChecks` for skill `requires.config` paths.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.2.13`\n- Patched: `2026.2.14`\n\n### Details\n\nThe gateway method `skills.status` returned a requirements report that included `configChecks[].value` (the resolved value for each `requires.config` entry). If a skill required a broad config subtree (for example `channels.discord`), the report could include secrets such as Discord bot tokens.\n\n`skills.status` is callable with `operator.read`, so read-scoped clients could obtain secrets without `operator.admin` / `config.*` access.\n\n### Fix\n\n- Stop including raw resolved config values in requirement checks (return only `{ path, satisfied }`).\n- Narrow the Discord skill requirement to the token key.\n\nFix commit(s):\n\n- d3428053d95eefbe10ecf04f92218ffcba55ae5a\n- ebc68861a61067fc37f9298bded3eec9de0ba783\n\n### Mitigation\n\nRotate any Discord tokens that may have been exposed to read-scoped clients.\n\nThanks @simecek for reporting.\n\n---\n\nFix commits d3428053d95eefbe10ecf04f92218ffcba55ae5a and ebc68861a61067fc37f9298bded3eec9de0ba783 confirmed on main and in v2026.2.14. Upgrade to `openclaw >= 2026.2.14`.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8mh7-phf8-xgfm" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/d3428053d95eefbe10ecf04f92218ffcba55ae5a" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/ebc68861a61067fc37f9298bded3eec9de0ba783" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:43:41Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-g6q9-8fvw-f7rf/GHSA-g6q9-8fvw-f7rf.json b/advisories/github-reviewed/2026/02/GHSA-g6q9-8fvw-f7rf/GHSA-g6q9-8fvw-f7rf.json new file mode 100644 index 0000000000000..c9fac9f32c3c5 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-g6q9-8fvw-f7rf/GHSA-g6q9-8fvw-f7rf.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g6q9-8fvw-f7rf", + "modified": "2026-02-17T21:42:15Z", + "published": "2026-02-17T21:42:15Z", + "aliases": [ + "CVE-2026-26322" + ], + "summary": "OpenClaw Gateway tool allowed unrestricted gatewayUrl override", + "details": "## Summary\nThe Gateway tool accepted a tool-supplied `gatewayUrl` without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.13`\n- Patched versions: `>= 2026.2.14` (planned)\n\n## What Is Needed To Trigger This\nThis requires the ability to invoke tools that accept `gatewayUrl` overrides (directly or indirectly). In typical setups this is limited to authenticated operators, trusted automation, or environments where tool calls are exposed to non-operators.\n\nIn other words, this is not a drive-by issue for arbitrary internet users unless a deployment explicitly allows untrusted users to trigger these tool calls.\n\n## Details\nSome tool call paths allowed `gatewayUrl` overrides to flow into the Gateway WebSocket client without validation or allowlisting. This meant the host could be instructed to attempt connections to non-gateway endpoints (for example, localhost services, private network addresses, or cloud metadata IPs).\n\n## Impact\nIn the common case, this results in an outbound connection attempt from the OpenClaw host (and corresponding errors/timeouts). In environments where the tool caller can observe the results, this can also be used for limited network reachability probing. If the target speaks WebSocket and is reachable, further interaction may be possible.\n\n## Fix\nTool-supplied `gatewayUrl` overrides are now restricted to loopback (on the configured gateway port) or the configured `gateway.remote.url`. Disallowed protocols, credentials, query/hash, and non-root paths are rejected.\n\n## Fix Commit(s)\n- c5406e1d2434be2ef6eb4d26d8f1798d718713f4\n\n## Release Process Note\n`patched_versions` is set to the planned next release. Once the npm release is published, the advisory can be published without further edits.\n\nThanks @p80n-sec for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g6q9-8fvw-f7rf" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/c5406e1d2434be2ef6eb4d26d8f1798d718713f4" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:42:15Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-h3f9-mjwj-w476/GHSA-h3f9-mjwj-w476.json b/advisories/github-reviewed/2026/02/GHSA-h3f9-mjwj-w476/GHSA-h3f9-mjwj-w476.json new file mode 100644 index 0000000000000..fefb15ed84ef3 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-h3f9-mjwj-w476/GHSA-h3f9-mjwj-w476.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h3f9-mjwj-w476", + "modified": "2026-02-17T21:42:49Z", + "published": "2026-02-17T21:42:49Z", + "aliases": [ + "CVE-2026-26325" + ], + "summary": "OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals", + "details": "## Summary\n\nA mismatch between `rawCommand` and `command[]` in the node host `system.run` handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv.\n\n## Affected Configurations\n\nThis only impacts deployments that:\n\n- Use the node host / companion node execution path (`system.run` on a node).\n- Enable allowlist-based exec policy (`security=allowlist`) with approval prompting driven by allowlist misses (for example `ask=on-miss`).\n- Allow an attacker to invoke `system.run`.\n\nDefault/non-node configurations are not affected.\n\n## Impact\n\nIn affected configurations, an attacker who can invoke `system.run` can bypass allowlist enforcement and approval prompts by supplying an allowlisted `rawCommand` while providing a different `command[]` argv for execution.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.13`\n- Patched version: `>= 2026.2.14` (planned next release)\n\n## Fix\n\nEnforce `rawCommand`/`command[]` consistency (gateway fail-fast + node host validation).\n\n## Fix Commit(s)\n\n- cb3290fca32593956638f161d9776266b90ab891\n\n## Release Process Note\n\nThis advisory pre-sets the patched version to the planned next release (`2026.2.14`). Once `openclaw@2026.2.14` is published to npm, the advisory can be published without further edits.\n\nThanks @christos-eth for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h3f9-mjwj-w476" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/cb3290fca32593956638f161d9776266b90ab891" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:42:49Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-jrvc-8ff5-2f9f/GHSA-jrvc-8ff5-2f9f.json b/advisories/github-reviewed/2026/02/GHSA-jrvc-8ff5-2f9f/GHSA-jrvc-8ff5-2f9f.json new file mode 100644 index 0000000000000..231805f7ddbb7 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-jrvc-8ff5-2f9f/GHSA-jrvc-8ff5-2f9f.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jrvc-8ff5-2f9f", + "modified": "2026-02-17T21:42:40Z", + "published": "2026-02-17T21:42:40Z", + "aliases": [ + "CVE-2026-26324" + ], + "summary": "OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)", + "details": "### Summary\n\nOpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should be blocked (loopback / private network / link-local metadata) to pass the SSRF guard.\n\n- Vulnerable component: SSRF guard (`src/infra/net/ssrf.ts`)\n- Issue type: SSRF protection bypass\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Vulnerable: `<= 2026.2.13`\n- Patched: `>= 2026.2.14` (planned next release)\n\n### Details\n\nThe SSRF guard's IP classification did not consistently detect private IPv4 addresses when they were embedded in IPv6 using full-form IPv4-mapped IPv6 notation. As a result, inputs like `0:0:0:0:0:ffff:7f00:1` could bypass loopback/private network blocking.\n\n### Fix Commit(s)\n\n- `c0c0e0f9aecb913e738742f73e091f2f72d39a19`\n\n### Release Process Note\n\nThis advisory is kept in draft state with the patched version set to the planned next release. Once `openclaw@2026.2.14` is published to npm, the only remaining step should be to publish this advisory.\n\nThanks @yueyueL for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jrvc-8ff5-2f9f" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/c0c0e0f9aecb913e738742f73e091f2f72d39a19" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T21:42:40Z", + "nvd_published_at": null + } +} \ No newline at end of file From 6234aea6b2092e63f7ada16d0f065e5be5c37a34 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Feb 2026 21:50:05 +0000 Subject: [PATCH 071/222] Publish GHSA-87r5-mp6g-5w5j --- .../2026/02/GHSA-87r5-mp6g-5w5j/GHSA-87r5-mp6g-5w5j.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-87r5-mp6g-5w5j/GHSA-87r5-mp6g-5w5j.json b/advisories/github-reviewed/2026/02/GHSA-87r5-mp6g-5w5j/GHSA-87r5-mp6g-5w5j.json index 5ea36ae35cac0..d08c716ee5736 100644 --- a/advisories/github-reviewed/2026/02/GHSA-87r5-mp6g-5w5j/GHSA-87r5-mp6g-5w5j.json +++ b/advisories/github-reviewed/2026/02/GHSA-87r5-mp6g-5w5j/GHSA-87r5-mp6g-5w5j.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-87r5-mp6g-5w5j", - "modified": "2026-02-12T15:29:55Z", + "modified": "2026-02-17T21:47:32Z", "published": "2026-02-09T06:30:28Z", "aliases": [ "CVE-2026-1615" @@ -32,7 +32,7 @@ "introduced": "0" }, { - "fixed": "1.2.1" + "last_affected": "1.2.1" } ] } From d50ee2b209d100ab6e69caf88d90e2504e44338d Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Feb 2026 21:59:40 +0000 Subject: [PATCH 072/222] Publish GHSA-pjwm-rvh2-c87w --- .../2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json b/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json index 9ef5757001b98..b1da087ffa98d 100644 --- a/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json +++ b/advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json @@ -1,9 +1,11 @@ { "schema_version": "1.4.0", "id": "GHSA-pjwm-rvh2-c87w", - "modified": "2023-07-28T15:38:48Z", + "modified": "2026-02-17T21:57:43Z", "published": "2021-10-22T20:38:14Z", - "aliases": [], + "aliases": [ + "CVE-2021-4229" + ], "summary": "Embedded malware in ua-parser-js", "details": "The npm package `ua-parser-js` had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See [this issue](https://github.com/faisalman/ua-parser-js/issues/536) for details as they unfold.\n\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", "severity": [ From 18bef7ecc40f3f39b880f385b2c36992b92bf5c2 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Feb 2026 22:03:13 +0000 Subject: [PATCH 073/222] Publish Advisories GHSA-g74q-5xw3-j7q9 GHSA-c2f9-4jmm-v45m GHSA-2cgv-28vr-rv6j --- .../GHSA-g74q-5xw3-j7q9.json | 15 ++++-- .../GHSA-c2f9-4jmm-v45m.json | 15 ++++-- .../GHSA-2cgv-28vr-rv6j.json | 46 ++++++++++++++++++- 3 files changed, 66 insertions(+), 10 deletions(-) diff --git a/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json b/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json index 3ef93a9f6af83..5f7a7b4f87119 100644 --- a/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json +++ b/advisories/github-reviewed/2024/02/GHSA-g74q-5xw3-j7q9/GHSA-g74q-5xw3-j7q9.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-g74q-5xw3-j7q9", - "modified": "2024-03-19T18:00:01Z", + "modified": "2026-02-17T22:01:33Z", "published": "2024-02-13T19:49:43Z", "aliases": [ "CVE-2024-21386" ], "summary": "Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability", "details": "# Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.\n\nA vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service.\n\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/295\n\n### Mitigation factors\n\nMicrosoft has not identified any mitigating factors for this vulnerability.\n\n## Affected software\n\n* Any .NET 6.0 application running on .NET 6.0.26 or earlier.\n* Any .NET 7.0 application running on .NET 7.0.15 or earlier.\n* Any .NET 8.0 application running on .NET 8.0.1 or earlier.\n\n## Affected Packages\nThe vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below\n\n### ASP.NET 6.0\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64) | <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86) | <= 6.0.26 | 6.0.27\n\n\n\n### ASP.NET 7.0\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64) | <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86) | <= 7.0.15 | 7.0.16\n\n### ASP.NET 8.0\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64) | <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86) | <= 8.0.1 | 8.0.2\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf you have a runtime or SDK with a version listed, or an affected package listed in [affected software](#affected-software) or [affected packages](#affected-packages) , you're exposed to the vulnerability.\n\n### How do I fix the issue?\n\n* To fix the issue please install the latest version of .NET 8.0 or .NET 7.0 or .NET 6.0. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.\n* If you have .NET 6.0 or greater installed, you can list the versions you have installed by running the `dotnet --info` command. You will see output like the following;\n\n```\n.NET Core SDK (reflecting any global.json):\n\n Version: 6.0.200\n Commit: 8473146e7d\n\nRuntime Environment:\n\n OS Name: Windows\n OS Version: 10.0.18363\n OS Platform: Windows\n RID: win10-x64\n Base Path: C:\\Program Files\\dotnet\\sdk\\6.0.300\\\n\nHost (useful for support):\n\n Version: 6.0.5\n Commit: 8473146e7d\n\n.NET Core SDKs installed:\n\n 6.0.200 [C:\\Program Files\\dotnet\\sdk]\n\n.NET Core runtimes installed:\n\n Microsoft.AspNetCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.AspNetCore.App]\n Microsoft.NETCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.NETCore.App]\n Microsoft.WindowsDesktop.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.WindowsDesktop.App]\n\nTo install additional .NET Core runtimes or SDKs:\n https://aka.ms/dotnet-download\n```\n\n* If you're using .NET 8.0, you should download and install .NET 8.0.2 Runtime or .NET 8.0.102 SDK (for Visual Studio 2022 v17.8) from https://dotnet.microsoft.com/download/dotnet-core/8.0.\n* If you're using .NET 7.0, you should download and install Runtime 7.0.16 or SDK 7.0.116 (for Visual Studio 2022 v17.4) from https://dotnet.microsoft.com/download/dotnet-core/7.0.\n* If you're using .NET 6.0, you should download and install Runtime 6.0.27 or SDK 6.0.419 from https://dotnet.microsoft.com/download/dotnet-core/6.0.\n\n.NET 6.0, .NET 7.0 and, .NET 8.0 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.\n\nOnce you have installed the updated runtime or SDK, restart your apps for the update to take effect.\n\nAdditionally, if you've deployed [self-contained applications](https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd) targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in .NET 8.0 or .NET 7.0 or .NET 6.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at .\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/aspnet/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2024-21386]( https://www.cve.org/CVERecord?id=CVE-2024-21386)\n\n### Revisions\n\nV1.0 (February 13, 2024): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2024-02-13_", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [ { "package": { @@ -822,8 +827,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": "CRITICAL", + "cwe_ids": [ + "CWE-400" + ], + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-02-13T19:49:43Z", "nvd_published_at": null diff --git a/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json b/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json index 38ea09ccfe953..0d40371e3ebe4 100644 --- a/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json +++ b/advisories/github-reviewed/2024/03/GHSA-c2f9-4jmm-v45m/GHSA-c2f9-4jmm-v45m.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-c2f9-4jmm-v45m", - "modified": "2024-03-06T15:06:54Z", + "modified": "2026-02-17T22:02:24Z", "published": "2024-03-06T15:06:54Z", "aliases": [ "CVE-2024-27917" ], "summary": "Shopware's session is persistent in Cache for 404 pages", - "details": "### Impact\n\nThe Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done.\nWhen Redis is in use for Sessions using the PHP Redis extension, this exploiting code is not used.\n\n### Patches\nUpdate to Shopware version 6.5.8.7\n\n### Workarounds\nUsing Redis for Sessions, as this does not trigger the exploit code. Example configuration for Redis\n\n```ini\n# php.ini\nsession.save_handler = redis\nsession.save_path = \"tcp://127.0.0.1:6379\"\n```\n\n## Consequences\n\nAs an guest browser session has been cached on a 404 page, every missing image or directly reaching a 404 page will logout the customer or clear his cart.\n", - "severity": [], + "details": "### Impact\n\nThe Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done.\nWhen Redis is in use for Sessions using the PHP Redis extension, this exploiting code is not used.\n\n### Patches\nUpdate to Shopware version 6.5.8.7\n\n### Workarounds\nUsing Redis for Sessions, as this does not trigger the exploit code. Example configuration for Redis\n\n```ini\n# php.ini\nsession.save_handler = redis\nsession.save_path = \"tcp://127.0.0.1:6379\"\n```\n\n## Consequences\n\nAs an guest browser session has been cached on a 404 page, every missing image or directly reaching a 404 page will logout the customer or clear his cart.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], "affected": [ { "package": { @@ -75,9 +80,9 @@ "cwe_ids": [ "CWE-524" ], - "severity": "CRITICAL", + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-06T15:06:54Z", - "nvd_published_at": null + "nvd_published_at": "2024-03-06T20:15:48Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2025/12/GHSA-2cgv-28vr-rv6j/GHSA-2cgv-28vr-rv6j.json b/advisories/github-reviewed/2025/12/GHSA-2cgv-28vr-rv6j/GHSA-2cgv-28vr-rv6j.json index 8d659cdd866a8..8c76520d3232d 100644 --- a/advisories/github-reviewed/2025/12/GHSA-2cgv-28vr-rv6j/GHSA-2cgv-28vr-rv6j.json +++ b/advisories/github-reviewed/2025/12/GHSA-2cgv-28vr-rv6j/GHSA-2cgv-28vr-rv6j.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-2cgv-28vr-rv6j", - "modified": "2025-12-04T17:24:23Z", + "modified": "2026-02-17T22:00:42Z", "published": "2025-12-04T17:24:23Z", "aliases": [], "summary": "libcrux incorrectly calculates on aarch64", @@ -34,6 +34,50 @@ "versions": [ "0.0.3" ] + }, + { + "package": { + "ecosystem": "crates.io", + "name": "libcrux-ml-kem" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.0.3" + }, + { + "fixed": "0.0.4" + } + ] + } + ], + "versions": [ + "0.0.3" + ] + }, + { + "package": { + "ecosystem": "crates.io", + "name": "libcrux-ml-dsa" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.0.3" + }, + { + "fixed": "0.0.4" + } + ] + } + ], + "versions": [ + "0.0.3" + ] } ], "references": [ From 6b0d1aa58c9fdc55b3b77bc5c13ea39438f5847d Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Feb 2026 22:06:49 +0000 Subject: [PATCH 074/222] Publish Advisories GHSA-qjm7-55vv-3c5f GHSA-vm74-j4wq-82xj --- .../2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json | 9 +++++++-- .../2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json | 9 +++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json b/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json index 8d3278ddb2d50..f6754d1003fb4 100644 --- a/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json +++ b/advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-qjm7-55vv-3c5f", - "modified": "2023-01-20T23:35:16Z", + "modified": "2026-02-17T22:04:14Z", "published": "2023-01-18T03:31:17Z", "aliases": [ "CVE-2018-25077" ], "summary": "mel-spintax has Inefficient Regular Expression Complexity", "details": "A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file `lib/spintax.js`. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ], "affected": [ { "package": { diff --git a/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json b/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json index f9e33a67fda75..852c72f7cbb42 100644 --- a/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json +++ b/advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json @@ -1,14 +1,19 @@ { "schema_version": "1.4.0", "id": "GHSA-vm74-j4wq-82xj", - "modified": "2024-03-01T14:28:55Z", + "modified": "2026-02-17T22:04:50Z", "published": "2023-01-17T21:30:22Z", "aliases": [ "CVE-2022-4891" ], "summary": "Sisimai Inefficient Regular Expression Complexity vulnerability", "details": "A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function `to_plain` of the file `lib/sisimai/string.rb`. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ], "affected": [ { "package": { From 2d536ff6971ad2624459e6ede04d01e68833d688 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 17 Feb 2026 22:59:08 +0000 Subject: [PATCH 075/222] Publish GHSA-chm2-m3w2-wcxm --- .../GHSA-chm2-m3w2-wcxm.json | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-chm2-m3w2-wcxm/GHSA-chm2-m3w2-wcxm.json diff --git a/advisories/github-reviewed/2026/02/GHSA-chm2-m3w2-wcxm/GHSA-chm2-m3w2-wcxm.json b/advisories/github-reviewed/2026/02/GHSA-chm2-m3w2-wcxm/GHSA-chm2-m3w2-wcxm.json new file mode 100644 index 0000000000000..5e551c9b97072 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-chm2-m3w2-wcxm/GHSA-chm2-m3w2-wcxm.json @@ -0,0 +1,87 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-chm2-m3w2-wcxm", + "modified": "2026-02-17T22:56:39Z", + "published": "2026-02-17T22:56:39Z", + "aliases": [], + "summary": "OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch", + "details": "### Summary\nGoogle Chat allowlisting supports matching by sender email in addition to immutable sender resource name (`users/`). This weakens identity binding if a deployment assumes allowlists are strictly keyed by immutable principals.\n\n### Affected Packages / Versions\n(As of 2026-02-14; based on latest published npm versions)\n- `openclaw` (npm): `<= 2026.2.13`\n- `clawdbot` (npm): `<= 2026.1.24-3`\n\n### Details\nAffected component:\n- `extensions/googlechat/src/monitor.ts`\n\nThe `allowFrom` checks accept:\n- Immutable sender id (`users/`)\n- Raw email (`alice@example.com`) for usability\n\nHistorically, `users/` was also treated as an email allowlist entry. This is now deprecated because it looks like an immutable ID but is actually a mutable principal.\n\n### Security Triage (2026-02-14)\nSeverity: **Low**\n\nRationale:\n- Requests are authenticated as coming from Google Chat (token verification), so this is not a generic unauthenticated spoofing vector.\n- A realistic exploit generally requires **Google Workspace / IdP administrative control** over identity lifecycle (e.g. reassigning an email address to a different underlying account) to obtain the same email with a different `users/`.\n- With that level of access, the attacker typically has broader compromise paths.\n\nWe still treat it as a valid defense-in-depth report because accepting mutable principals in authorization decisions can increase risk in chained-failure scenarios.\n\n### Remediation / Behavior Changes\nGoal: preserve usability while reducing footguns.\n- Raw email allowlists remain supported.\n- `users/` is deprecated and treated as a **user id**, not as an email allowlist.\n- Documentation recommends `users/` when strict immutable binding is required.\n\n### Fix Commit(s)\n- `c8424bf29a921e25663b29f308640b3d91a49432` (PR #16243)\n\nThanks @vincentkoc for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "clawdbot" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "2026.1.24-3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-chm2-m3w2-wcxm" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/16243" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/c8424bf29a921e25663b29f308640b3d91a49432" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-290", + "CWE-863" + ], + "severity": "LOW", + "github_reviewed": true, + "github_reviewed_at": "2026-02-17T22:56:39Z", + "nvd_published_at": null + } +} \ No newline at end of file From cf6638255c2f1420aeb9ce16bb95c1108654a9aa Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 00:32:20 +0000 Subject: [PATCH 076/222] Publish Advisories GHSA-2mxv-4v56-9pp9 GHSA-3pj6-82hg-m85c GHSA-74hh-vrfx-9235 GHSA-7jfh-hm8h-m5rq GHSA-86fw-gqvv-g24p GHSA-9xqc-25x2-75vf GHSA-crg7-mqpm-5qr4 GHSA-jm7g-jgq2-cxf3 GHSA-mw8p-6vj4-pvjr GHSA-pgcw-657p-x286 GHSA-pp6p-hwf9-pcpx GHSA-q543-x74m-r8q9 GHSA-qvc7-4wrw-mpgp GHSA-vfjm-qj84-h7cw GHSA-w5xc-rm8g-jf7m GHSA-wprr-57fw-46wj --- .../GHSA-2mxv-4v56-9pp9.json | 36 ++++++++++++ .../GHSA-3pj6-82hg-m85c.json | 56 +++++++++++++++++++ .../GHSA-74hh-vrfx-9235.json | 48 ++++++++++++++++ .../GHSA-7jfh-hm8h-m5rq.json | 34 +++++++++++ .../GHSA-86fw-gqvv-g24p.json | 36 ++++++++++++ .../GHSA-9xqc-25x2-75vf.json | 36 ++++++++++++ .../GHSA-crg7-mqpm-5qr4.json | 52 +++++++++++++++++ .../GHSA-jm7g-jgq2-cxf3.json | 36 ++++++++++++ .../GHSA-mw8p-6vj4-pvjr.json | 36 ++++++++++++ .../GHSA-pgcw-657p-x286.json | 36 ++++++++++++ .../GHSA-pp6p-hwf9-pcpx.json | 52 +++++++++++++++++ .../GHSA-q543-x74m-r8q9.json | 34 +++++++++++ .../GHSA-qvc7-4wrw-mpgp.json | 36 ++++++++++++ .../GHSA-vfjm-qj84-h7cw.json | 36 ++++++++++++ .../GHSA-w5xc-rm8g-jf7m.json | 36 ++++++++++++ .../GHSA-wprr-57fw-46wj.json | 36 ++++++++++++ 16 files changed, 636 insertions(+) create mode 100644 advisories/unreviewed/2026/02/GHSA-2mxv-4v56-9pp9/GHSA-2mxv-4v56-9pp9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3pj6-82hg-m85c/GHSA-3pj6-82hg-m85c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-74hh-vrfx-9235/GHSA-74hh-vrfx-9235.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json create mode 100644 advisories/unreviewed/2026/02/GHSA-86fw-gqvv-g24p/GHSA-86fw-gqvv-g24p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9xqc-25x2-75vf/GHSA-9xqc-25x2-75vf.json create mode 100644 advisories/unreviewed/2026/02/GHSA-crg7-mqpm-5qr4/GHSA-crg7-mqpm-5qr4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jm7g-jgq2-cxf3/GHSA-jm7g-jgq2-cxf3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mw8p-6vj4-pvjr/GHSA-mw8p-6vj4-pvjr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-pgcw-657p-x286/GHSA-pgcw-657p-x286.json create mode 100644 advisories/unreviewed/2026/02/GHSA-pp6p-hwf9-pcpx/GHSA-pp6p-hwf9-pcpx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qvc7-4wrw-mpgp/GHSA-qvc7-4wrw-mpgp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vfjm-qj84-h7cw/GHSA-vfjm-qj84-h7cw.json create mode 100644 advisories/unreviewed/2026/02/GHSA-w5xc-rm8g-jf7m/GHSA-w5xc-rm8g-jf7m.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wprr-57fw-46wj/GHSA-wprr-57fw-46wj.json diff --git a/advisories/unreviewed/2026/02/GHSA-2mxv-4v56-9pp9/GHSA-2mxv-4v56-9pp9.json b/advisories/unreviewed/2026/02/GHSA-2mxv-4v56-9pp9/GHSA-2mxv-4v56-9pp9.json new file mode 100644 index 0000000000000..171dc4f1232eb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2mxv-4v56-9pp9/GHSA-2mxv-4v56-9pp9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2mxv-4v56-9pp9", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-62183" + ], + "details": "Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62183" + }, + { + "type": "WEB", + "url": "https://support.pega.com/support-doc/pega-security-advisory-n25-vulnerability-remediation-note" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T23:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3pj6-82hg-m85c/GHSA-3pj6-82hg-m85c.json b/advisories/unreviewed/2026/02/GHSA-3pj6-82hg-m85c/GHSA-3pj6-82hg-m85c.json new file mode 100644 index 0000000000000..6b71510297b7a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3pj6-82hg-m85c/GHSA-3pj6-82hg-m85c.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3pj6-82hg-m85c", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-2629" + ], + "details": "A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2629" + }, + { + "type": "WEB", + "url": "https://github.com/jishi/node-sonos-http-api/issues/915" + }, + { + "type": "WEB", + "url": "https://github.com/jishi/node-sonos-http-api" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346280" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346280" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752762" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:45Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-74hh-vrfx-9235/GHSA-74hh-vrfx-9235.json b/advisories/unreviewed/2026/02/GHSA-74hh-vrfx-9235/GHSA-74hh-vrfx-9235.json new file mode 100644 index 0000000000000..92fda5548369a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-74hh-vrfx-9235/GHSA-74hh-vrfx-9235.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-74hh-vrfx-9235", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-1670" + ], + "details": "The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the \"forgot password\" recovery email address.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1670" + }, + { + "type": "WEB", + "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-048-04.json" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-04" + }, + { + "type": "WEB", + "url": "https://www.honeywell.com/us/en/contact/support" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T23:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json b/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json new file mode 100644 index 0000000000000..0e2e6f0b944ba --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7jfh-hm8h-m5rq", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-23599" + ], + "details": "A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23599" + }, + { + "type": "WEB", + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05012en_us&docLocale=en_US" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T00:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-86fw-gqvv-g24p/GHSA-86fw-gqvv-g24p.json b/advisories/unreviewed/2026/02/GHSA-86fw-gqvv-g24p/GHSA-86fw-gqvv-g24p.json new file mode 100644 index 0000000000000..48ffbcecbccd3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-86fw-gqvv-g24p/GHSA-86fw-gqvv-g24p.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-86fw-gqvv-g24p", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-36348" + ], + "details": "IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36348" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259769" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-209" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9xqc-25x2-75vf/GHSA-9xqc-25x2-75vf.json b/advisories/unreviewed/2026/02/GHSA-9xqc-25x2-75vf/GHSA-9xqc-25x2-75vf.json new file mode 100644 index 0000000000000..7682aac1288f0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9xqc-25x2-75vf/GHSA-9xqc-25x2-75vf.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9xqc-25x2-75vf", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-33135" + ], + "details": "IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33135" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260111" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-crg7-mqpm-5qr4/GHSA-crg7-mqpm-5qr4.json b/advisories/unreviewed/2026/02/GHSA-crg7-mqpm-5qr4/GHSA-crg7-mqpm-5qr4.json new file mode 100644 index 0000000000000..9a50208f8df34 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-crg7-mqpm-5qr4/GHSA-crg7-mqpm-5qr4.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-crg7-mqpm-5qr4", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-2623" + ], + "details": "A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path traversal. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2623" + }, + { + "type": "WEB", + "url": "https://fx4tqqfvdw4.feishu.cn/docx/WmA3dzNfto3AxlxoFlqcu5amnXe" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346274" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346274" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.751988" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:45Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jm7g-jgq2-cxf3/GHSA-jm7g-jgq2-cxf3.json b/advisories/unreviewed/2026/02/GHSA-jm7g-jgq2-cxf3/GHSA-jm7g-jgq2-cxf3.json new file mode 100644 index 0000000000000..ba39801f9c8d2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jm7g-jgq2-cxf3/GHSA-jm7g-jgq2-cxf3.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jm7g-jgq2-cxf3", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-13333" + ], + "details": "IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13333" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260217" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-358" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T23:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-mw8p-6vj4-pvjr/GHSA-mw8p-6vj4-pvjr.json b/advisories/unreviewed/2026/02/GHSA-mw8p-6vj4-pvjr/GHSA-mw8p-6vj4-pvjr.json new file mode 100644 index 0000000000000..cc13fff277ba4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mw8p-6vj4-pvjr/GHSA-mw8p-6vj4-pvjr.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mw8p-6vj4-pvjr", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-36183" + ], + "details": "IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36183" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260118" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pgcw-657p-x286/GHSA-pgcw-657p-x286.json b/advisories/unreviewed/2026/02/GHSA-pgcw-657p-x286/GHSA-pgcw-657p-x286.json new file mode 100644 index 0000000000000..df52a38062973 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pgcw-657p-x286/GHSA-pgcw-657p-x286.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pgcw-657p-x286", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-1344" + ], + "details": "Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1344" + }, + { + "type": "WEB", + "url": "https://security.tanium.com/TAN-2026-003" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T00:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pp6p-hwf9-pcpx/GHSA-pp6p-hwf9-pcpx.json b/advisories/unreviewed/2026/02/GHSA-pp6p-hwf9-pcpx/GHSA-pp6p-hwf9-pcpx.json new file mode 100644 index 0000000000000..2a1ec8942870d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pp6p-hwf9-pcpx/GHSA-pp6p-hwf9-pcpx.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pp6p-hwf9-pcpx", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-2627" + ], + "details": "A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\\Program Files\\Common Files\\microsoft shared\\ink\\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2627" + }, + { + "type": "WEB", + "url": "https://github.com/thezdi/PoC/tree/main/FilesystemEoPs" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346279" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346279" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752050" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-59" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:45Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json b/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json new file mode 100644 index 0000000000000..0242e02b8a189 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q543-x74m-r8q9", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-22048" + ], + "details": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an authenticated attacker with low privileges to delete configuration data or deny access to some resources.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22048" + }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/NTAP-20260217-0001" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T00:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qvc7-4wrw-mpgp/GHSA-qvc7-4wrw-mpgp.json b/advisories/unreviewed/2026/02/GHSA-qvc7-4wrw-mpgp/GHSA-qvc7-4wrw-mpgp.json new file mode 100644 index 0000000000000..d45661ae5dd5e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qvc7-4wrw-mpgp/GHSA-qvc7-4wrw-mpgp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qvc7-4wrw-mpgp", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2023-38005" + ], + "details": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38005" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259955" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vfjm-qj84-h7cw/GHSA-vfjm-qj84-h7cw.json b/advisories/unreviewed/2026/02/GHSA-vfjm-qj84-h7cw/GHSA-vfjm-qj84-h7cw.json new file mode 100644 index 0000000000000..d7ab563087612 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfjm-qj84-h7cw/GHSA-vfjm-qj84-h7cw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfjm-qj84-h7cw", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-33088" + ], + "details": "IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33088" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7260161" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-732" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T22:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w5xc-rm8g-jf7m/GHSA-w5xc-rm8g-jf7m.json b/advisories/unreviewed/2026/02/GHSA-w5xc-rm8g-jf7m/GHSA-w5xc-rm8g-jf7m.json new file mode 100644 index 0000000000000..fefbd0aca2b05 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w5xc-rm8g-jf7m/GHSA-w5xc-rm8g-jf7m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w5xc-rm8g-jf7m", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2026-26119" + ], + "details": "Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26119" + }, + { + "type": "WEB", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T23:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wprr-57fw-46wj/GHSA-wprr-57fw-46wj.json b/advisories/unreviewed/2026/02/GHSA-wprr-57fw-46wj/GHSA-wprr-57fw-46wj.json new file mode 100644 index 0000000000000..231ed8ee9fb52 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wprr-57fw-46wj/GHSA-wprr-57fw-46wj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wprr-57fw-46wj", + "modified": "2026-02-18T00:30:16Z", + "published": "2026-02-18T00:30:16Z", + "aliases": [ + "CVE-2025-13689" + ], + "details": "IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13689" + }, + { + "type": "WEB", + "url": "https://www.ibm.com/support/pages/node/7259958" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-17T23:16:18Z" + } +} \ No newline at end of file From a0993d7818d2f88564971574361b9791fc564ecf Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 00:35:10 +0000 Subject: [PATCH 077/222] Publish GHSA-pv58-549p-qh99 --- .../GHSA-pv58-549p-qh99.json | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-pv58-549p-qh99/GHSA-pv58-549p-qh99.json diff --git a/advisories/github-reviewed/2026/02/GHSA-pv58-549p-qh99/GHSA-pv58-549p-qh99.json b/advisories/github-reviewed/2026/02/GHSA-pv58-549p-qh99/GHSA-pv58-549p-qh99.json new file mode 100644 index 0000000000000..99305b3a46463 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-pv58-549p-qh99/GHSA-pv58-549p-qh99.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pv58-549p-qh99", + "modified": "2026-02-18T00:33:35Z", + "published": "2026-02-18T00:33:35Z", + "aliases": [ + "CVE-2026-26327" + ], + "summary": "OpenClaw allows unauthenticated discovery TXT records could steer routing and TLS pinning", + "details": "## Summary\n\nDiscovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated.\n\nPrior to the fix, some clients treated TXT values as authoritative routing/pinning inputs:\n\n- iOS and macOS: used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL.\n- iOS and Android: allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin.\n\nOn a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection.\n\n## Distribution / Exposure\n\nThe iOS and Android apps are currently alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN.\n\nCVSS can still be used for the technical (base) severity of the bug; limited distribution primarily affects environmental risk.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.2.13` (latest published on npm as of 2026-02-14)\n- Patched: planned for `>= 2026.2.14` (not yet published at time of writing)\n\n## Fix\n\n- Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints.\n- Discovery-provided fingerprints no longer override stored TLS pins.\n- iOS/Android: first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU).\n- iOS/Android: discovery-based direct connects are TLS-only.\n- Android: hostname verification is no longer globally disabled (only bypassed when pinning).\n\n## Fix Commit(s)\n\n- d583782ee322a6faa1fe87ae52455e0d349de586\n\n## Credits\n\nThanks @simecek for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pv58-549p-qh99" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/d583782ee322a6faa1fe87ae52455e0d349de586" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-345" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:33:35Z", + "nvd_published_at": null + } +} \ No newline at end of file From d3a1d6252329c176679746176992d9f2b1cf4b70 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 00:45:53 +0000 Subject: [PATCH 078/222] Publish GHSA-g34w-4xqq-h79m --- .../GHSA-g34w-4xqq-h79m.json | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-g34w-4xqq-h79m/GHSA-g34w-4xqq-h79m.json diff --git a/advisories/github-reviewed/2026/02/GHSA-g34w-4xqq-h79m/GHSA-g34w-4xqq-h79m.json b/advisories/github-reviewed/2026/02/GHSA-g34w-4xqq-h79m/GHSA-g34w-4xqq-h79m.json new file mode 100644 index 0000000000000..baed442e321ac --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-g34w-4xqq-h79m/GHSA-g34w-4xqq-h79m.json @@ -0,0 +1,85 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g34w-4xqq-h79m", + "modified": "2026-02-18T00:43:54Z", + "published": "2026-02-18T00:43:54Z", + "aliases": [ + "CVE-2026-26328" + ], + "summary": "OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities", + "details": "## Summary\nUnder iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts.\n\n## Details\nAffected component: `src/imessage/monitor/monitor-provider.ts`.\n\nVulnerable logic derived `effectiveGroupAllowFrom` using both the static group allowlist and DM pairing-store identities (`storeAllowFrom`). This allowed a sender approved via DM pairing to satisfy group authorization in groups even if the sender/chat was not explicitly present in `groupAllowFrom`.\n\nThis weakens boundary separation between DM pairing and group allowlist authorization.\n\n## Affected Packages / Versions\n- `openclaw` (npm): affected `<= 2026.2.13`\n- `clawdbot` (npm): affected `<= 2026.1.24-3`\n\n## Fix Commit(s)\n- `openclaw/openclaw@872079d42fe105ece2900a1dd6ab321b92da2d59`\n- `openclaw/openclaw@90d1e9cd71419168b2faa54a759b124a3eacfae7`\n\nThanks @vincentkoc for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "clawdbot" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g34w-4xqq-h79m" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/872079d42fe105ece2900a1dd6ab321b92da2d59" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284", + "CWE-863" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:43:54Z", + "nvd_published_at": null + } +} \ No newline at end of file From 472841114a6ab4ea962d3dd18a30d614fc1838e9 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 00:48:39 +0000 Subject: [PATCH 079/222] Publish Advisories GHSA-cv7m-c9jx-vg7q GHSA-m7x8-2w3w-pr42 --- .../GHSA-cv7m-c9jx-vg7q.json | 65 +++++++++++++++++++ .../GHSA-m7x8-2w3w-pr42.json | 65 +++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-cv7m-c9jx-vg7q/GHSA-cv7m-c9jx-vg7q.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-m7x8-2w3w-pr42/GHSA-m7x8-2w3w-pr42.json diff --git a/advisories/github-reviewed/2026/02/GHSA-cv7m-c9jx-vg7q/GHSA-cv7m-c9jx-vg7q.json b/advisories/github-reviewed/2026/02/GHSA-cv7m-c9jx-vg7q/GHSA-cv7m-c9jx-vg7q.json new file mode 100644 index 0000000000000..13049c6558246 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-cv7m-c9jx-vg7q/GHSA-cv7m-c9jx-vg7q.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cv7m-c9jx-vg7q", + "modified": "2026-02-18T00:46:49Z", + "published": "2026-02-18T00:46:49Z", + "aliases": [ + "CVE-2026-26329" + ], + "summary": "OpenClaw has a path traversal in browser upload allows local file read", + "details": "## Summary\n\nAuthenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's `upload` action. The server passed these paths to Playwright's `setInputFiles()` APIs without restricting them to a safe root.\n\nSeverity remains **High** due to the impact (arbitrary local file read on the Gateway host), even though exploitation requires authenticated access.\n\n## Exploitability / Preconditions\n\nThis is not a \"drive-by\" issue.\n\nAn attacker must:\n\n- Reach the Gateway HTTP surface (or otherwise invoke the same browser control hook endpoints).\n- Present valid Gateway auth (bearer token / password), as required by the Gateway configuration.\n - In common default setups, the Gateway binds to loopback and the onboarding wizard generates a gateway token even for loopback.\n- Have the `browser` tool permitted by tool policy for the target session/context (and have browser support enabled).\n\nIf an operator exposes the Gateway beyond loopback (LAN/tailnet/custom bind, reverse proxy, tunnels, etc.), the impact increases accordingly.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Vulnerable: `< 2026.2.14` (includes latest published `2026.2.13`)\n- Patched: `>= 2026.2.14` (planned next release)\n\n## Details\n\n**Entry points**:\n\n- `POST /tools/invoke` with `{\"tool\":\"browser\",\"action\":\"upload\",...}`\n- `POST /hooks/file-chooser` (browser control hook)\n\nWhen the upload paths are not validated, Playwright reads the referenced files from the local filesystem and attaches them to a page-level ``. Contents can then be exfiltrated by page JavaScript (e.g. via `FileReader`) or via agent/browser snapshots.\n\nImpact: arbitrary local file read on the Gateway host (confidentiality impact).\n\n## Fix\n\nUpload paths are now confined to OpenClaw's temp uploads root (`DEFAULT_UPLOAD_DIR`) and traversal/escape paths are rejected.\n\nThis fix was implemented internally; the reporter provided a clear reproduction and impact analysis.\n\nFix commit(s):\n\n- 3aa94afcfd12104c683c9cad81faf434d0dadf87\n\nThanks @p80n-sec for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cv7m-c9jx-vg7q" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/3aa94afcfd12104c683c9cad81faf434d0dadf87" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:46:49Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-m7x8-2w3w-pr42/GHSA-m7x8-2w3w-pr42.json b/advisories/github-reviewed/2026/02/GHSA-m7x8-2w3w-pr42/GHSA-m7x8-2w3w-pr42.json new file mode 100644 index 0000000000000..c9d8eb065fc3b --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-m7x8-2w3w-pr42/GHSA-m7x8-2w3w-pr42.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m7x8-2w3w-pr42", + "modified": "2026-02-18T00:46:55Z", + "published": "2026-02-18T00:46:54Z", + "aliases": [ + "CVE-2026-26323" + ], + "summary": "OpenClaw has a command injection in maintainer clawtributors updater", + "details": "### Summary\nCommand injection in the maintainer/dev script `scripts/update-clawtributors.ts`.\n\n### Impact\nAffects contributors/maintainers (or CI) who run `bun scripts/update-clawtributors.ts` in a source checkout that contains a malicious commit author email (e.g. crafted `@users.noreply.github.com` values).\n\nNormal CLI usage is not affected (`npm i -g openclaw`): this script is not part of the shipped CLI and is not executed during routine operation.\n\n### Affected Versions\n- Source checkouts: tags `v2026.1.8` through `v2026.2.13` (inclusive)\n- Version range (structured): `>= 2026.1.8, < 2026.2.14`\n\n### Details\nThe script derived a GitHub login from `git log` author metadata and interpolated it into a shell command (via `execSync`). A malicious commit record could inject shell metacharacters and execute arbitrary commands when the script is run.\n\n### Fix\n- Fix commit: `a429380e337152746031d290432a4b93aa553d55`\n- Planned patched version: `2026.2.14`\n\n### Credits\nThanks @scanleale and @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.8" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m7x8-2w3w-pr42" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/a429380e337152746031d290432a4b93aa553d55" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:46:54Z", + "nvd_published_at": null + } +} \ No newline at end of file From acf99cc477597df3901d4074a43116284ef17097 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 00:52:58 +0000 Subject: [PATCH 080/222] Publish Advisories GHSA-j27p-hq53-9wgc GHSA-v773-r54f-q32w GHSA-xvhf-x56f-2hpp --- .../GHSA-j27p-hq53-9wgc.json | 59 +++++++++++++++++ .../GHSA-v773-r54f-q32w.json | 63 +++++++++++++++++++ .../GHSA-xvhf-x56f-2hpp.json | 63 +++++++++++++++++++ 3 files changed, 185 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-j27p-hq53-9wgc/GHSA-j27p-hq53-9wgc.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-v773-r54f-q32w/GHSA-v773-r54f-q32w.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-xvhf-x56f-2hpp/GHSA-xvhf-x56f-2hpp.json diff --git a/advisories/github-reviewed/2026/02/GHSA-j27p-hq53-9wgc/GHSA-j27p-hq53-9wgc.json b/advisories/github-reviewed/2026/02/GHSA-j27p-hq53-9wgc/GHSA-j27p-hq53-9wgc.json new file mode 100644 index 0000000000000..761f54b1f60d6 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-j27p-hq53-9wgc/GHSA-j27p-hq53-9wgc.json @@ -0,0 +1,59 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j27p-hq53-9wgc", + "modified": "2026-02-18T00:51:37Z", + "published": "2026-02-18T00:51:37Z", + "aliases": [], + "summary": "OpenClaw affected by denial of service via unbounded URL-backed media fetch", + "details": "### Summary\nURL-backed media fetch handling allocated the entire response payload in memory (`arrayBuffer`) before enforcing `maxBytes`, allowing oversized responses to cause memory exhaustion.\n\n### Affected Versions\n- `openclaw` (npm): < `2026.2.14`\n- `clawdbot` (npm): <= `2026.1.24-3`\n\n### Patched Versions\n- `openclaw` (npm): `2026.2.14`\n\n### Fix Commit\n- `openclaw/openclaw` `main`: `00a08908892d1743d1fc52e5cbd9499dd5da2fe0`\n\n### Details\nAffected component:\n- `src/media/input-files.ts` (`fetchWithGuard`)\n\nWhen `content-length` is missing or incorrect, reading the body via `response.arrayBuffer()` buffers the full payload before a size check can run.\n\n### Proof of Concept\n1. Configure URL-based media input.\n2. Serve a response larger than `maxBytes` (chunked transfer / no `content-length`).\n3. Trigger the `fetchWithGuard` URL fetch path.\n\nExample local server (large response):\n```bash\nnode -e 'require(\"http\").createServer((_,res)=>{res.writeHead(200,{\"content-type\":\"application/octet-stream\"});for(let i=0;i<1024;i++)res.write(Buffer.alloc(1024*64));res.end();}).listen(18888)'\n```\n\n### Impact\nAvailability loss via memory pressure from attacker-controlled remote media responses.\n\n### Mitigation\nUntil a patched release is available, disable URL-backed media inputs (or restrict to a tight hostname allowlist) and use conservative `maxBytes` limits.\n\n### Credits\nReported by @vincentkoc.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j27p-hq53-9wgc" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/00a08908892d1743d1fc52e5cbd9499dd5da2fe0" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-400" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:51:37Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-v773-r54f-q32w/GHSA-v773-r54f-q32w.json b/advisories/github-reviewed/2026/02/GHSA-v773-r54f-q32w/GHSA-v773-r54f-q32w.json new file mode 100644 index 0000000000000..17926bd58524d --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-v773-r54f-q32w/GHSA-v773-r54f-q32w.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v773-r54f-q32w", + "modified": "2026-02-18T00:51:03Z", + "published": "2026-02-18T00:51:03Z", + "aliases": [], + "summary": "OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands", + "details": "## Summary\n\nWhen Slack DMs are configured with `dmPolicy=open`, the Slack slash-command handler incorrectly treated any DM sender as command-authorized. This allowed any Slack user who could DM the bot to execute privileged slash commands via DM, bypassing intended allowlist/access-group restrictions.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.13`\n- Affected configuration: Slack DMs enabled with `channels.slack.dm.policy: open` (aka `dmPolicy=open`)\n\n## Impact\n\nAny Slack user in the workspace who can DM the bot could invoke privileged slash commands via DM.\n\n## Fix\n\nThe slash-command path now computes `CommandAuthorized` for DMs using the same allowlist/access-group gating logic as other inbound paths.\n\nFix commit(s):\n- f19eabee54c49e9a2e264b4965edf28a2f92e657\n\n## Release Process Note\n\n`patched_versions` is set to the planned next release (`2026.2.14`). Once that npm release is published, this advisory should be published.\n\nThanks @christos-eth for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v773-r54f-q32w" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/f19eabee54c49e9a2e264b4965edf28a2f92e657" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-285" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:51:03Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-xvhf-x56f-2hpp/GHSA-xvhf-x56f-2hpp.json b/advisories/github-reviewed/2026/02/GHSA-xvhf-x56f-2hpp/GHSA-xvhf-x56f-2hpp.json new file mode 100644 index 0000000000000..68ab4a7057642 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-xvhf-x56f-2hpp/GHSA-xvhf-x56f-2hpp.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xvhf-x56f-2hpp", + "modified": "2026-02-18T00:50:47Z", + "published": "2026-02-18T00:50:47Z", + "aliases": [], + "summary": "OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion", + "details": "## Summary\n\nOpenClaw's exec-approvals allowlist supports a small set of \"safe bins\" intended to be stdin-only (no positional file arguments) when running `tools.exec.host=gateway|node` with `security=allowlist`.\n\nIn affected configurations, the allowlist validation checked pre-expansion argv tokens, but execution used a real shell (`sh -c`) which expands globs and environment variables. This allowed safe bins like `head`, `tail`, or `grep` to read arbitrary local files via tokens such as `*` or `$HOME/...` without triggering approvals.\n\nThis issue is configuration-dependent and is not exercised by default settings (default `tools.exec.host` is `sandbox`).\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.2.13`\n- Patched: `>= 2026.2.14` (planned; publish the advisory after the npm release is out)\n\n## Impact\n\nAn authorized but untrusted caller (or prompt-injection) could cause the gateway/node process to disclose files readable by that process when host execution is enabled in allowlist mode.\n\n## Fix\n\nSafe-bins executions now force argv tokens to be treated as literal text at execution time (single-quoted), preventing globbing and `$VARS` expansion from turning \"safe\" tokens into file paths.\n\n## Fix Commit(s)\n\n- 77b89719d5b7e271f48b6f49e334a8b991468c3b\n\n## Release Process Note\n\n`patched_versions` is pre-set for the next planned release (`>= 2026.2.14`) so publishing is a single click once that npm version is available.\n\nThanks @christos-eth for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xvhf-x56f-2hpp" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/77b89719d5b7e271f48b6f49e334a8b991468c3b" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:50:47Z", + "nvd_published_at": null + } +} \ No newline at end of file From 676a0daefa24ed8b896da3aa7297d5a904ef0703 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 00:55:52 +0000 Subject: [PATCH 081/222] Publish Advisories GHSA-3fqr-4cg8-h96q GHSA-c37p-4qqg-3p76 GHSA-h89v-j3x9-8wqj GHSA-mj5r-hh7j-4gxf GHSA-pg2v-8xwh-qhcc GHSA-q447-rj3r-2cgh GHSA-rq6g-px6m-c248 GHSA-w2cg-vxx6-5xjg --- .../GHSA-3fqr-4cg8-h96q.json | 84 ++++++++++++++++++ .../GHSA-c37p-4qqg-3p76.json | 63 ++++++++++++++ .../GHSA-h89v-j3x9-8wqj.json | 86 ++++++++++++++++++ .../GHSA-mj5r-hh7j-4gxf.json | 87 +++++++++++++++++++ .../GHSA-pg2v-8xwh-qhcc.json | 63 ++++++++++++++ .../GHSA-q447-rj3r-2cgh.json | 74 ++++++++++++++++ .../GHSA-rq6g-px6m-c248.json | 83 ++++++++++++++++++ .../GHSA-w2cg-vxx6-5xjg.json | 82 +++++++++++++++++ 8 files changed, 622 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-3fqr-4cg8-h96q/GHSA-3fqr-4cg8-h96q.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-c37p-4qqg-3p76/GHSA-c37p-4qqg-3p76.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-h89v-j3x9-8wqj/GHSA-h89v-j3x9-8wqj.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-mj5r-hh7j-4gxf/GHSA-mj5r-hh7j-4gxf.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-pg2v-8xwh-qhcc/GHSA-pg2v-8xwh-qhcc.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-q447-rj3r-2cgh/GHSA-q447-rj3r-2cgh.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-rq6g-px6m-c248/GHSA-rq6g-px6m-c248.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-w2cg-vxx6-5xjg/GHSA-w2cg-vxx6-5xjg.json diff --git a/advisories/github-reviewed/2026/02/GHSA-3fqr-4cg8-h96q/GHSA-3fqr-4cg8-h96q.json b/advisories/github-reviewed/2026/02/GHSA-3fqr-4cg8-h96q/GHSA-3fqr-4cg8-h96q.json new file mode 100644 index 0000000000000..54ea267f43b37 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-3fqr-4cg8-h96q/GHSA-3fqr-4cg8-h96q.json @@ -0,0 +1,84 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3fqr-4cg8-h96q", + "modified": "2026-02-18T00:53:59Z", + "published": "2026-02-18T00:53:59Z", + "aliases": [ + "CVE-2026-26317" + ], + "summary": "OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints", + "details": "## Summary\nBrowser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins.\n\n## Impact\nA malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context.\n\n## Affected Packages / Versions\n- openclaw (npm): <= 2026.2.13\n- clawdbot (npm): <= 2026.1.24-3\n\n## Details\nThe browser control servers bind to loopback but exposed mutating HTTP endpoints without a CSRF-style guard. Browsers may send cross-origin requests to loopback addresses; without explicit validation, state-changing operations could be triggered from a non-loopback Origin/Referer.\n\n## Fix\nMutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`).\n\n## Fix Commit(s)\n- openclaw/openclaw: b566b09f81e2b704bf9398d8d97d5f7a90aa94c3\n\n## Workarounds / Mitigations\n- Enable browser control auth (token/password) and avoid running with auth disabled.\n- Upgrade to a release that includes the fix.\n\n## Credits\n- Reporter: @vincentkoc\n\n## Release Process Note\n`patched_versions` is set to the planned next release version. Once that npm release is published, the advisory should be ready to publish with no further edits.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "clawdbot" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "2026.1.24-3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3fqr-4cg8-h96q" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/b566b09f81e2b704bf9398d8d97d5f7a90aa94c3" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:53:59Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-c37p-4qqg-3p76/GHSA-c37p-4qqg-3p76.json b/advisories/github-reviewed/2026/02/GHSA-c37p-4qqg-3p76/GHSA-c37p-4qqg-3p76.json new file mode 100644 index 0000000000000..8ac7f8bac2fa1 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-c37p-4qqg-3p76/GHSA-c37p-4qqg-3p76.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c37p-4qqg-3p76", + "modified": "2026-02-18T00:54:48Z", + "published": "2026-02-18T00:54:48Z", + "aliases": [], + "summary": "OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled", + "details": "## Summary\n\nA Twilio webhook signature-verification bypass in the voice-call extension could allow unauthenticated webhook requests when a specific ngrok free-tier compatibility option is enabled.\n\n## Impact\n\nThis issue is limited to configurations that explicitly enable and expose the voice-call webhook endpoint.\n\nNot affected by default:\n- The voice-call extension is optional and disabled by default.\n- The bypass only applied when `tunnel.allowNgrokFreeTierLoopbackBypass` was explicitly enabled.\n- Exploitation required the webhook to be reachable (typically via a public ngrok URL during development).\n\nWorst case (when exposed and the option was enabled):\n- An external attacker could send forged requests to the publicly reachable webhook endpoint that would be accepted without a valid `X-Twilio-Signature`.\n- This could result in unauthorized webhook event handling (integrity) and request flooding (availability).\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.13` (latest published as of 2026-02-14)\n- Patched versions: `>= 2026.2.14` (planned next release; pending publish)\n\n## Fix\n\n`allowNgrokFreeTierLoopbackBypass` no longer bypasses signature verification. It only enables trusting forwarded headers on loopback so the public ngrok URL can be reconstructed for correct signature validation.\n\nFix commit(s):\n- ff11d8793b90c52f8d84dae3fbb99307da51b5c9\n\nThanks @p80n-sec for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c37p-4qqg-3p76" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/ff11d8793b90c52f8d84dae3fbb99307da51b5c9" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:54:48Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-h89v-j3x9-8wqj/GHSA-h89v-j3x9-8wqj.json b/advisories/github-reviewed/2026/02/GHSA-h89v-j3x9-8wqj/GHSA-h89v-j3x9-8wqj.json new file mode 100644 index 0000000000000..4ad12588dd3b4 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-h89v-j3x9-8wqj/GHSA-h89v-j3x9-8wqj.json @@ -0,0 +1,86 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h89v-j3x9-8wqj", + "modified": "2026-02-18T00:52:54Z", + "published": "2026-02-18T00:52:54Z", + "aliases": [], + "summary": "OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)", + "details": "## Summary\nArchive extraction lacked strict resource budgets, allowing high-expansion ZIP/TAR archives to consume excessive CPU/memory/disk during install/update flows.\n\n## Affected Packages / Versions\n- openclaw (npm): <= 2026.2.13\n- clawdbot (npm): <= 2026.1.24-3\n\n## Details\nAffected component: `src/infra/archive.ts` (`extractArchive`).\n\nThe extractor now enforces resource budgets (entry count and extracted byte limits; ZIP also enforces a compressed archive size limit) and rejects over-budget archives.\n\n## Fix Commit(s)\n- openclaw/openclaw@d3ee5deb87ee2ad0ab83c92c365611165423cb71\n- openclaw/openclaw@5f4b29145c236d124524c2c9af0f8acd048fbdea\n\n## Release Process Note\nThis advisory will be updated with patched versions once the next npm release containing the fix is published.\n\n## Credits\nThanks @vincentkoc for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "clawdbot" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "2026.1.24-3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h89v-j3x9-8wqj" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/5f4b29145c236d124524c2c9af0f8acd048fbdea" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/d3ee5deb87ee2ad0ab83c92c365611165423cb71" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-400" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:52:54Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-mj5r-hh7j-4gxf/GHSA-mj5r-hh7j-4gxf.json b/advisories/github-reviewed/2026/02/GHSA-mj5r-hh7j-4gxf/GHSA-mj5r-hh7j-4gxf.json new file mode 100644 index 0000000000000..5040d01d53fb9 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-mj5r-hh7j-4gxf/GHSA-mj5r-hh7j-4gxf.json @@ -0,0 +1,87 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mj5r-hh7j-4gxf", + "modified": "2026-02-18T00:54:32Z", + "published": "2026-02-18T00:54:32Z", + "aliases": [], + "summary": "OpenClaw Telegram allowlist authorization accepted mutable usernames", + "details": "## Summary\nTelegram allowlist authorization could match on `@username` (mutable/recyclable) instead of immutable numeric sender IDs.\n\n## Impact\nOperators who treat Telegram allowlists as strict identity controls could unintentionally grant access if a username changes hands (identity rebinding/spoof risk). This can allow an unauthorized sender to interact with the bot in allowlist mode.\n\n## Affected Packages / Versions\n- npm `openclaw`: <= 2026.2.13\n- npm `clawdbot`: <= 2026.1.24-3\n\n## Fix\nTelegram allowlist authorization now requires numeric Telegram sender IDs only. `@username` allowlist principals are rejected.\n\nA security audit warning was added to flag legacy configs that still contain non-numeric Telegram allowlist entries.\n\n`openclaw doctor --fix` now attempts to resolve `@username` allowFrom entries to numeric IDs (best-effort; requires a Telegram bot token).\n\n## Fix Commit(s)\n- e3b432e481a96b8fd41b91273818e514074e05c3\n- 9e147f00b48e63e7be6964e0e2a97f2980854128\n\nThanks @vincentkoc for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "clawdbot" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "2026.1.24-3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mj5r-hh7j-4gxf" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/9e147f00b48e63e7be6964e0e2a97f2980854128" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/e3b432e481a96b8fd41b91273818e514074e05c3" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284", + "CWE-290" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:54:32Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-pg2v-8xwh-qhcc/GHSA-pg2v-8xwh-qhcc.json b/advisories/github-reviewed/2026/02/GHSA-pg2v-8xwh-qhcc/GHSA-pg2v-8xwh-qhcc.json new file mode 100644 index 0000000000000..ce557dffda10f --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-pg2v-8xwh-qhcc/GHSA-pg2v-8xwh-qhcc.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pg2v-8xwh-qhcc", + "modified": "2026-02-18T00:55:00Z", + "published": "2026-02-18T00:55:00Z", + "aliases": [], + "summary": "OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication", + "details": "## Summary\nThe optional Tlon (Urbit) extension previously accepted a user-provided base URL for authentication and used it to construct an outbound HTTP request, enabling server-side request forgery (SSRF) in affected deployments.\n\n## Impact\nThis only affects deployments that have installed and configured the Tlon (Urbit) extension, and where an attacker can influence the configured Urbit URL. Under those conditions, the gateway could be induced to make HTTP requests to attacker-chosen hosts (including internal addresses).\n\nDeployments that do not use the Tlon extension, or where untrusted users cannot change the Urbit URL, are not impacted.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.13`\n\n## Fixed Versions\n- `2026.2.14` (planned next release)\n\n## Fix Commit(s)\n- `bfa7d21e997baa8e3437657d59b1e296815cc1b1`\n\n## Details\nUrbit authentication now validates and normalizes the base URL and uses an SSRF guard that blocks private/internal hosts by default (opt-in: `channels.tlon.allowPrivateNetwork`).\n\n## Release Process Note\nThis advisory is pre-populated with the planned patched version (`2026.2.14`). After `openclaw@2026.2.14` is published to npm, publish this advisory without further edits.\n\nThanks @p80n-sec for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pg2v-8xwh-qhcc" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/bfa7d21e997baa8e3437657d59b1e296815cc1b1" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:55:00Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-q447-rj3r-2cgh/GHSA-q447-rj3r-2cgh.json b/advisories/github-reviewed/2026/02/GHSA-q447-rj3r-2cgh/GHSA-q447-rj3r-2cgh.json new file mode 100644 index 0000000000000..3c7230e120e3d --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-q447-rj3r-2cgh/GHSA-q447-rj3r-2cgh.json @@ -0,0 +1,74 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q447-rj3r-2cgh", + "modified": "2026-02-18T00:53:07Z", + "published": "2026-02-18T00:53:07Z", + "aliases": [], + "summary": "OpenClaw affected by denial of service via unbounded webhook request body buffering", + "details": "### Summary\nMultiple webhook handlers accepted and buffered request bodies without a strict unified byte/time limit. A remote unauthenticated attacker could send oversized payloads and cause memory pressure, degrading availability.\n\n### Details\nAffected packages:\n- `openclaw` (npm): `<2026.2.12`\n- `clawdbot` (npm): `<=2026.1.24-3`\n\nRoot cause:\n- Webhook code paths buffered request payloads without consistent `maxBytes` + `timeoutMs` enforcement.\n- Some SDK-backed handlers parse request bodies internally and needed stream-level guards.\n\nAttack shape:\n- Send very large JSON payloads or slow/incomplete uploads to webhook endpoints.\n- Observe elevated memory usage and request handler pressure.\n\n### Impact\nRemote unauthenticated availability impact (DoS) via request body amplification/memory pressure.\n\n### Patch details (implemented)\n- Added shared bounded request-body helper in `src/infra/http-body.ts`.\n- Exported helper in `src/plugin-sdk/index.ts` for extension reuse.\n- Migrated webhook body readers to shared helper for:\n - LINE\n - Nextcloud Talk\n - Google Chat\n - Zalo\n - BlueBubbles\n - Nostr profile HTTP\n - Voice-call\n - Gateway hooks\n- Added stream guards for SDK handlers that parse request bodies internally:\n - Slack\n - Telegram\n - Feishu\n- Added explicit Express JSON body limit handling for MS Teams webhook path.\n- Standardized failure responses:\n - `413 Payload Too Large`\n - `408 Request Timeout`\n\n### Tests\n- Added regression tests:\n - `src/infra/http-body.test.ts`\n - `src/line/monitor.read-body.test.ts`\n - `extensions/nextcloud-talk/src/monitor.read-body.test.ts`\n- Focused webhook/security test suite passes for patched paths.\n\n### Remediation\nUpgrade to the first release containing this patch.\n\n## Credits\nThanks @vincentkoc for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.13" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "clawdbot" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "2026.1.24-3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q447-rj3r-2cgh" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-400" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:53:07Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-rq6g-px6m-c248/GHSA-rq6g-px6m-c248.json b/advisories/github-reviewed/2026/02/GHSA-rq6g-px6m-c248/GHSA-rq6g-px6m-c248.json new file mode 100644 index 0000000000000..0b9c970854551 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-rq6g-px6m-c248/GHSA-rq6g-px6m-c248.json @@ -0,0 +1,83 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rq6g-px6m-c248", + "modified": "2026-02-18T00:54:14Z", + "published": "2026-02-18T00:54:14Z", + "aliases": [], + "summary": "OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting", + "details": "## Summary\nWhen multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting.\n\n## Affected Packages / Versions\n- npm: `openclaw` <= 2026.2.13\n- npm: `clawdbot` <= 2026.1.24-3\n\n## Details\nAffected component: `extensions/googlechat/src/monitor.ts`.\n\nBaseline behavior allowed multiple webhook targets per path and selected the first target that passed `verifyGoogleChatRequest(...)`. In shared-path deployments where multiple targets can verify successfully (for example, equivalent audience validation), inbound events could be processed under the wrong account context (wrong allowlist/session/policy).\n\n## Fix\n- Fix commit (merged to `main`): `61d59a802869177d9cef52204767cd83357ab79e`\n- `openclaw` will be patched in the next planned release: `2026.2.14`.\n\n`clawdbot` is a legacy/deprecated package name; no patched version is currently planned. Migrate to `openclaw` and upgrade to `openclaw >= 2026.2.14`.\n\n## Workaround\nEnsure each Google Chat webhook target uses a unique webhook path so routing is never ambiguous.\n\n## Release Process Note\nThe advisory is pre-populated with the planned patched version. After the npm release is published, the remaining action should be to publish the advisory.\n\nThanks @vincentkoc for reporting.\n\n---\n\nFix commit 61d59a802869177d9cef52204767cd83357ab79e confirmed on main and in v2026.2.14. Upgrade to `openclaw >= 2026.2.14`.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "clawdbot" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "2026.1.24-3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rq6g-px6m-c248" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/61d59a802869177d9cef52204767cd83357ab79e" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284", + "CWE-639" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:54:14Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-w2cg-vxx6-5xjg/GHSA-w2cg-vxx6-5xjg.json b/advisories/github-reviewed/2026/02/GHSA-w2cg-vxx6-5xjg/GHSA-w2cg-vxx6-5xjg.json new file mode 100644 index 0000000000000..0164267c92b92 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-w2cg-vxx6-5xjg/GHSA-w2cg-vxx6-5xjg.json @@ -0,0 +1,82 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2cg-vxx6-5xjg", + "modified": "2026-02-18T00:52:36Z", + "published": "2026-02-18T00:52:36Z", + "aliases": [], + "summary": "OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks", + "details": "## Summary\n\nBase64-backed media inputs could be decoded into Buffers before enforcing decoded-size budgets. An attacker supplying oversized base64 payloads can force large allocations, causing memory pressure and denial of service.\n\n## Attack Scenario Notes\n\n- Recommended deployments bind the gateway to loopback by default and require gateway auth for HTTP endpoints. In that configuration, this is best modeled as a local/authorized DoS.\n- If an operator exposes the gateway to untrusted networks (or disables/weakens auth and rate limits), treat this as a higher-severity network DoS risk.\n\n## Affected Packages / Versions\n\n- openclaw (npm): <= 2026.2.13\n- clawdbot (npm): <= 2026.1.24-3\n\n## Fixed In\n\n- openclaw (npm): 2026.2.14 (planned)\n- clawdbot (npm): no patched release planned; migrate to openclaw\n\n## Fix Commit(s)\n\n- 31791233d60495725fa012745dde8d6ee69e9595\n\n## Credits\nThanks @vincentkoc for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "clawdbot" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "2026.1.24-3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w2cg-vxx6-5xjg" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/31791233d60495725fa012745dde8d6ee69e9595" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-400" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:52:36Z", + "nvd_published_at": null + } +} \ No newline at end of file From 4c83c82c1a288397c6cf8ed3a4e02e78d8a87c96 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 00:58:59 +0000 Subject: [PATCH 082/222] Publish Advisories GHSA-2x45-7fc3-mxwq GHSA-5xfq-5mr7-426q GHSA-83g3-92jg-28cx GHSA-jqpq-mgvm-f9r6 GHSA-v6c6-vqqg-w888 GHSA-w5c7-9qqw-6645 GHSA-wgm6-9rvv-3438 GHSA-2x45-7fc3-mxwq --- .../GHSA-2x45-7fc3-mxwq.json | 81 +++++++++++++++++++ .../GHSA-5xfq-5mr7-426q.json | 63 +++++++++++++++ .../GHSA-83g3-92jg-28cx.json | 65 +++++++++++++++ .../GHSA-jqpq-mgvm-f9r6.json | 65 +++++++++++++++ .../GHSA-v6c6-vqqg-w888.json | 67 +++++++++++++++ .../GHSA-w5c7-9qqw-6645.json | 63 +++++++++++++++ .../GHSA-wgm6-9rvv-3438.json | 62 ++++++++++++++ .../GHSA-2x45-7fc3-mxwq.json | 44 ---------- 8 files changed, 466 insertions(+), 44 deletions(-) create mode 100644 advisories/github-reviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-5xfq-5mr7-426q/GHSA-5xfq-5mr7-426q.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-83g3-92jg-28cx/GHSA-83g3-92jg-28cx.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-jqpq-mgvm-f9r6/GHSA-jqpq-mgvm-f9r6.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-v6c6-vqqg-w888/GHSA-v6c6-vqqg-w888.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-w5c7-9qqw-6645/GHSA-w5c7-9qqw-6645.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-wgm6-9rvv-3438/GHSA-wgm6-9rvv-3438.json delete mode 100644 advisories/unreviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json diff --git a/advisories/github-reviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json b/advisories/github-reviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json new file mode 100644 index 0000000000000..2fb23983bab69 --- /dev/null +++ b/advisories/github-reviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json @@ -0,0 +1,81 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2x45-7fc3-mxwq", + "modified": "2026-02-18T00:55:29Z", + "published": "2025-07-31T21:31:53Z", + "aliases": [ + "CVE-2025-45769" + ], + "summary": "php-jwt contains weak encryption", + "details": "php-jwt v6.11.0 was discovered to contain weak encryption.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "firebase/php-jwt" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "7.0.0" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45769" + }, + { + "type": "WEB", + "url": "https://github.com/firebase/php-jwt/issues/611" + }, + { + "type": "WEB", + "url": "https://github.com/firebase/php-jwt/issues/618" + }, + { + "type": "WEB", + "url": "https://github.com/firebase/php-jwt/pull/613" + }, + { + "type": "WEB", + "url": "https://github.com/firebase/php-jwt/commit/6b80341bf57838ea2d011487917337901cd71576" + }, + { + "type": "WEB", + "url": "https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3" + }, + { + "type": "PACKAGE", + "url": "https://github.com/firebase/php-jwt" + }, + { + "type": "WEB", + "url": "https://github.com/firebase/php-jwt/releases/tag/v7.0.0" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-326" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:55:29Z", + "nvd_published_at": "2025-07-31T20:15:33Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-5xfq-5mr7-426q/GHSA-5xfq-5mr7-426q.json b/advisories/github-reviewed/2026/02/GHSA-5xfq-5mr7-426q/GHSA-5xfq-5mr7-426q.json new file mode 100644 index 0000000000000..8d5832619f640 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-5xfq-5mr7-426q/GHSA-5xfq-5mr7-426q.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5xfq-5mr7-426q", + "modified": "2026-02-18T00:57:30Z", + "published": "2026-02-18T00:57:30Z", + "aliases": [], + "summary": "OpenClaw's unsanitized session ID enables path traversal in transcript file operations", + "details": "## Description\n\nOpenClaw versions **<= 2026.2.9** construct transcript file paths using an unsanitized `sessionId` and also accept `sessionFile` paths without enforcing that they stay within the agent sessions directory.\n\nA crafted `sessionId` and/or `sessionFile` (example: `../../etc/passwd`) can cause path traversal when the gateway performs transcript file read/write operations.\n\n**Preconditions:** an attacker must be able to authenticate to the gateway (gateway token/password). By default the gateway binds to `loopback` (local-only); configurations that expose the gateway widen the attack surface.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.2.9`\n- Fixed: `>= 2026.2.12`\n\n## Fix\n\nFixed by validating session IDs (rejecting path separators / traversal sequences) and enforcing sessions-directory containment for session transcript file operations.\n\n### Fix Commit(s)\n\n- `4199f9889f0c307b77096a229b9e085b8d856c26`\n\n### Additional Hardening\n\n- `cab0abf52ac91e12ea7a0cf04fff315cf0c94d64`\n\n## Mitigation\n\nUpgrade to `openclaw >= 2026.2.12`.\n\nThanks @akhmittra for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.12" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5xfq-5mr7-426q" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.12" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:57:30Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-83g3-92jg-28cx/GHSA-83g3-92jg-28cx.json b/advisories/github-reviewed/2026/02/GHSA-83g3-92jg-28cx/GHSA-83g3-92jg-28cx.json new file mode 100644 index 0000000000000..9ca7ca5d742ad --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-83g3-92jg-28cx/GHSA-83g3-92jg-28cx.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-83g3-92jg-28cx", + "modified": "2026-02-18T00:57:13Z", + "published": "2026-02-18T00:57:13Z", + "aliases": [ + "CVE-2026-26960" + ], + "summary": "Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction", + "details": "### Summary\n`tar.extract()` in Node `tar` allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options.\n\nThis enables **arbitrary file read and write** as the extracting user (no root, no chmod, no `preservePaths`).\n\nSeverity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive.\n\n### Details\nThe bypass chain uses two symlinks plus one hardlink:\n\n1. `a/b/c/up -> ../..`\n2. `a/b/escape -> c/up/../..`\n3. `exfil` (hardlink) -> `a/b/escape/`\n\nWhy this works:\n\n- Linkpath checks are string-based and do not resolve symlinks on disk for hardlink target safety.\n - See `STRIPABSOLUTEPATH` logic in:\n - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:255`\n - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:268`\n - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:281`\n\n- Hardlink extraction resolves target as `path.resolve(cwd, entry.linkpath)` and then calls `fs.link(target, destination)`.\n - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:566`\n - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:567`\n - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:703`\n\n- Parent directory safety checks (`mkdir` + symlink detection) are applied to the destination path of the extracted entry, not to the resolved hardlink target path.\n - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:617`\n - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:619`\n - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/mkdir.js:27`\n - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/mkdir.js:101`\n\nAs a result, `exfil` is created inside extraction root but linked to an external file. The PoC confirms shared inode and successful read+write via `exfil`.\n\n### PoC\n[hardlink.js](https://github.com/user-attachments/files/25240082/hardlink.js)\nEnvironment used for validation:\n\n- Node: `v25.4.0`\n- tar: `7.5.7`\n- OS: macOS Darwin 25.2.0\n- Extract options: defaults (`tar.extract({ file, cwd })`)\n\nSteps:\n\n1. Prepare/locate a `tar` module. If `require('tar')` is not available locally, set `TAR_MODULE` to an absolute path to a tar package directory.\n\n2. Run:\n\n```bash\nTAR_MODULE=\"$(cd '../tar-audit-setuid - CVE/node_modules/tar' && pwd)\" node hardlink.js\n```\n\n3. Expected vulnerable output (key lines):\n\n```text\nsame_inode=true\nread_ok=true\nwrite_ok=true\nresult=VULNERABLE\n```\n\nInterpretation:\n\n- `same_inode=true`: extracted `exfil` and external secret are the same file object.\n- `read_ok=true`: reading `exfil` leaks external content.\n- `write_ok=true`: writing `exfil` modifies external file.\n\n### Impact\nVulnerability type:\n\n- Arbitrary file read/write via archive extraction path confusion and link resolution.\n\nWho is impacted:\n\n- Any application/service that extracts attacker-controlled tar archives with Node `tar` defaults.\n- Impact scope is the privileges of the extracting process user.\n\nPotential outcomes:\n\n- Read sensitive files reachable by the process user.\n- Overwrite writable files outside extraction root.\n- Escalate impact depending on deployment context (keys, configs, scripts, app data).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "tar" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "7.5.8" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx" + }, + { + "type": "WEB", + "url": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384" + }, + { + "type": "WEB", + "url": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f" + }, + { + "type": "PACKAGE", + "url": "https://github.com/isaacs/node-tar" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:57:13Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-jqpq-mgvm-f9r6/GHSA-jqpq-mgvm-f9r6.json b/advisories/github-reviewed/2026/02/GHSA-jqpq-mgvm-f9r6/GHSA-jqpq-mgvm-f9r6.json new file mode 100644 index 0000000000000..d0ca2bb515887 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-jqpq-mgvm-f9r6/GHSA-jqpq-mgvm-f9r6.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jqpq-mgvm-f9r6", + "modified": "2026-02-18T00:55:50Z", + "published": "2026-02-18T00:55:50Z", + "aliases": [], + "summary": "OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)", + "details": "# Command hijacking via PATH handling\n\n**Discovered:** 2026-02-04\n**Reporter:** @akhmittra\n\n## Summary\n\nOpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary (\"command hijacking\") when running host commands.\n\nThis issue primarily matters when OpenClaw is relying on allowlist/safe-bin protections and expects `PATH` to be trustworthy.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `< 2026.2.14`\n- Patched: `>= 2026.2.14` (planned next release)\n\n## What Is Required To Trigger This\n\n### A) Node Host PATH override (remote command hijack)\n\nAn attacker needs all of the following:\n\n- Authenticated/authorized access to an execution surface that can invoke node-host execution (for example, a compromised gateway or a caller that can issue `system.run`).\n- A node host connected and exposing `system.run`.\n- A configuration where allowlist/safe-bins are expected to restrict execution (this is not meaningful if full arbitrary exec is already allowed).\n- The ability to pass request-scoped environment overrides (specifically `PATH`) into `system.run`.\n- A way to place an attacker-controlled executable earlier in `PATH` (for example, a writable directory on the node host), with a name that matches an allowlisted/safe-bin command that OpenClaw will run.\n\nNotes:\n\n- OpenClaw deployments commonly require a gateway token/password (or equivalent transport authentication). This should not be treated as unauthenticated Internet RCE.\n- This scenario typically depends on **non-standard / misconfigured deployments** (for example, granting untrusted parties access to invoke node-host execution or otherwise exposing a privileged execution surface beyond the intended trust boundary).\n\n### B) Project-local PATH bootstrapping (local command hijack)\n\nAn attacker needs all of the following:\n\n- The victim runs OpenClaw from within an attacker-controlled working directory (for example, cloning and running inside a malicious repository).\n- That directory contains a `node_modules/.bin/openclaw` and additional attacker-controlled executables in the same directory.\n- OpenClaw subsequently executes a command by name (resolved via `PATH`) that matches one of those attacker-controlled executables.\n\n## Fix\n\n- Project-local `node_modules/.bin` PATH bootstrapping is now **disabled by default**. If explicitly enabled, it is **append-only** (never prepended) via `OPENCLAW_ALLOW_PROJECT_LOCAL_BIN=1`.\n- Node Host now ignores request-scoped `PATH` overrides.\n\n## Fix Commit(s)\n\n- 013e8f6b3be3333a229a066eef26a45fec47ffcc\n\nThanks @akhmittra for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jqpq-mgvm-f9r6" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/013e8f6b3be3333a229a066eef26a45fec47ffcc" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-427", + "CWE-78", + "CWE-807" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:55:50Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-v6c6-vqqg-w888/GHSA-v6c6-vqqg-w888.json b/advisories/github-reviewed/2026/02/GHSA-v6c6-vqqg-w888/GHSA-v6c6-vqqg-w888.json new file mode 100644 index 0000000000000..62070785cdb68 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-v6c6-vqqg-w888/GHSA-v6c6-vqqg-w888.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v6c6-vqqg-w888", + "modified": "2026-02-18T00:57:48Z", + "published": "2026-02-18T00:57:48Z", + "aliases": [], + "summary": "OpenClaw affected by potential code execution via unsafe hook module path handling in Gateway", + "details": "## Summary\n\nOpenClaw Gateway supports hook mappings with optional JavaScript/TypeScript transform modules. In affected versions, the gateway did not sufficiently constrain configured module paths before passing them to dynamic `import()`. Under some configurations, a user who can modify gateway configuration could cause the gateway process to load and execute an unintended local module.\n\n## Impact\n\nPotential code execution in the OpenClaw gateway Node.js process.\n\nThis requires access that can modify gateway configuration (for example via the gateway config endpoints). Treat such access as high privilege.\n\n## Affected Packages / Versions\n\n- npm package: `openclaw`\n- Affected: `>= 2026.1.5` and `<= 2026.2.13`\n\n## Patched Versions\n\n- `>= 2026.2.14`\n\n## Fix Commit(s)\n\n- `a0361b8ba959e8506dc79d638b6e6a00d12887e4` (restrict hook transform module loading)\n- `35c0e66ed057f1a9f7ad2515fdcef516bd6584ce` (harden hooks module loading)\n\n## Mitigation\n\n- Upgrade to `2026.2.14` or newer.\n- Avoid exposing gateway configuration endpoints to untrusted networks.\n- Review config for unsafe values:\n - `hooks.mappings[].transform.module`\n - `hooks.internal.handlers[].module`\n\nThanks @222n5 for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.5" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v6c6-vqqg-w888" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/35c0e66ed057f1a9f7ad2515fdcef516bd6584ce" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/a0361b8ba959e8506dc79d638b6e6a00d12887e4" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:57:48Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-w5c7-9qqw-6645/GHSA-w5c7-9qqw-6645.json b/advisories/github-reviewed/2026/02/GHSA-w5c7-9qqw-6645/GHSA-w5c7-9qqw-6645.json new file mode 100644 index 0000000000000..2a26f52c37895 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-w5c7-9qqw-6645/GHSA-w5c7-9qqw-6645.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w5c7-9qqw-6645", + "modified": "2026-02-18T00:56:51Z", + "published": "2026-02-18T00:56:51Z", + "aliases": [], + "summary": "OpenClaw inter-session prompts could be treated as direct user instructions", + "details": "## Summary\n\nInter-session messages sent via `sessions_send` could be interpreted as direct end-user instructions because they were persisted as `role: \"user\"` without provenance metadata.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.12` (i.e. `< 2026.2.13`)\n- Fixed in: `2026.2.13` (patched versions `>= 2026.2.13`)\n\n## Impact\n\nA delegated or internal session could inject instructions into another session that appeared equivalent to externally-originated user input.\n\nThis is an instruction-provenance confusion issue (confused-deputy style), which can lead to unintended privileged behavior in workflows that trust `role: \"user\"` as a sole authority signal.\n\n## Technical details\n\nBefore the fix, routed inter-session prompts were stored as regular user turns without a verifiable source marker.\n\nAs a result, downstream workers and transcript readers could not distinguish:\n- External user input\n- Internal inter-session routed input\n\n## Fix\n\nOpenClaw now carries explicit input provenance end-to-end for routed prompts.\n\nKey changes:\n- Added structured provenance model (`inputProvenance`) with `kind` values including `inter_session`.\n- `sessions_send` and agent-to-agent steps now set inter-session provenance when invoking target runs.\n- Provenance is persisted on user messages as `message.provenance.kind = \"inter_session\"` (role remains `user` for provider compatibility).\n- Transcript readers and memory helpers were updated to respect provenance and avoid treating inter-session prompts as external user-originated input.\n- Runtime context rebuilding now annotates inter-session turns with an explicit in-memory marker (`[Inter-session message]`) for clearer model-side disambiguation.\n- Regression tests were added for transcript parsing, session tools flow, runner sanitization, and memory hook behavior.\n\n## Fix Commit(s)\n\n- `85409e401b6586f83954cb53552395d7aab04797`\n\n## Workarounds\n\nIf immediate upgrade is not possible:\n- Disable or restrict `sessions_send` in affected environments.\n- Do not use role alone as an authority boundary; require provenance-aware checks in orchestration logic.\n\n## Credit\n\nReported by @anbecker.\n\nThanks @anbecker for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.13" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w5c7-9qqw-6645" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/85409e401b6586f83954cb53552395d7aab04797" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.12" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-345" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:56:51Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-wgm6-9rvv-3438/GHSA-wgm6-9rvv-3438.json b/advisories/github-reviewed/2026/02/GHSA-wgm6-9rvv-3438/GHSA-wgm6-9rvv-3438.json new file mode 100644 index 0000000000000..796e7ea500aaa --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-wgm6-9rvv-3438/GHSA-wgm6-9rvv-3438.json @@ -0,0 +1,62 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wgm6-9rvv-3438", + "modified": "2026-02-18T00:56:30Z", + "published": "2026-02-18T00:56:30Z", + "aliases": [ + "CVE-2026-26957" + ], + "summary": "Libredesk has a SSRF Vulnerability in Webhooks", + "details": "**Date:** 2025-12-07\n**Vulnerability:** Server-Side Request Forgery (SSRF)\n**Component:** Webhooks Module\n\n## Executive Summary\nA critical security vulnerability exists in the LibreDesk Webhooks module that allows an authenticated \"Application Admin\" to compromise the underlying cloud infrastructure or internal corporate network where this service is being hosted.\n\nThe application fails to validate destination URLs for webhooks. This allows an attacker to force the server to make HTTP requests to arbitrary internal destinations.\n\n## Confirmed Attack Vectors\n\n### 1. Internal Port Scanning (Network Mapping)\nAttackers can map the internal network by observing the difference between successful connections and connection errors. This works even if the response body is not returned.\n\n**Proof of Exploitation (from Server Logs):**\n* **Open Port (8890)**: The server connects successfully.\n ```text\n timestamp=... level=info message=\"webhook delivered successfully\" ... status_code=200\n ```\n* **Closed Port (8891)**: The server fails to connect.\n ```text\n timestamp=... level=error message=\"webhook delivery failed\" ... error=\"... connect: connection refused\"\n ```\n\n**Impact**: An attacker can identify running services (databases, caches, internal apps) on the local network (e.g., `localhost`, `192.168.x.x`).\n\n### 2. Information Leakage (Error-Based)\nIf the internal service returns a non-2xx response (e.g., 403 Forbidden, 404 Not Found, 500 Error), the application **logs the full response body**.\n\n**Proof of Exploitation (from Server Logs):**\n```text\ntimestamp=... level=error message=\"webhook delivery failed\" ... \nresponse=\"{\\\"secret_key\\\": \\\"xxx123\\\", \\\"role\\\": \\\"admin\\\"}\"\n```\n\n**Impact**: An attacker can extract sensitive data by targeting endpoints that return errors or by forcing errors on internal services.\n\n## Technical Root Cause\n1. **Missing Input Validation**: `cmd/webhooks.go` only checks if the URL is empty, not if it resolves to a private IP.\n2. **Unrestricted HTTP Client**: `internal/webhook/webhook.go` uses a default `http.Client` that follows redirects and connects to any IP.\n3. **Verbose Error Logging**: The application logs the full response body on failure, creating a side-channel for data exfiltration.\n\n## Remediation Required\nTo prevent this, the application must implement **Defense in Depth**:\n\n1. **Input Validation**: Block URLs resolving to private IP ranges (RFC 1918) and Link-Local addresses.\n2. **Safe HTTP Client**: Use a custom `http.Transport` that verifies the destination IP address *after* DNS resolution to prevent DNS rebinding attacks.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/abhinavxd/libredesk" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.2-0.20260215211005-727213631ce6" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/abhinavxd/libredesk/security/advisories/GHSA-wgm6-9rvv-3438" + }, + { + "type": "WEB", + "url": "https://github.com/abhinavxd/libredesk/commit/727213631ce6a36bcb06f50ce542155e78f51316" + }, + { + "type": "PACKAGE", + "url": "https://github.com/abhinavxd/libredesk" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-209", + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T00:56:30Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json b/advisories/unreviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json deleted file mode 100644 index 9f2d0a3d1768a..0000000000000 --- a/advisories/unreviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-2x45-7fc3-mxwq", - "modified": "2025-07-31T21:31:53Z", - "published": "2025-07-31T21:31:53Z", - "aliases": [ - "CVE-2025-45769" - ], - "details": "php-jwt v6.11.0 was discovered to contain weak encryption.", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" - } - ], - "affected": [], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45769" - }, - { - "type": "WEB", - "url": "https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3" - }, - { - "type": "WEB", - "url": "https://github.com/firebase" - }, - { - "type": "WEB", - "url": "https://github.com/firebase/php-jwt" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-326" - ], - "severity": "HIGH", - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2025-07-31T20:15:33Z" - } -} \ No newline at end of file From 7203f6466f8d054a3b4130f47f2191774069c112 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 06:31:37 +0000 Subject: [PATCH 083/222] Advisory Database Sync --- .../GHSA-354p-69pj-7hrh.json | 25 ++++++ .../GHSA-3gjc-g73c-46x5.json | 25 ++++++ .../GHSA-4292-3qv2-cv3v.json | 40 ++++++++++ .../GHSA-43j7-cmcw-j9hr.json | 52 ++++++++++++ .../GHSA-4r69-36rj-xggj.json | 40 ++++++++++ .../GHSA-4wq4-57x2-fmhv.json | 44 ++++++++++ .../GHSA-568p-hhxc-vvx8.json | 29 +++++++ .../GHSA-5g55-5vv7-848g.json | 40 ++++++++++ .../GHSA-69fg-c96p-c6fq.json | 60 ++++++++++++++ .../GHSA-763r-9v7r-f8fj.json | 25 ++++++ .../GHSA-7f6r-mp5f-rh8r.json | 48 +++++++++++ .../GHSA-cpmc-9298-xjhp.json | 48 +++++++++++ .../GHSA-fv33-cj5h-48j8.json | 44 ++++++++++ .../GHSA-fvjg-wx7c-4qc5.json | 48 +++++++++++ .../GHSA-fx3v-rgv7-qq3x.json | 44 ++++++++++ .../GHSA-g4wh-mv47-2hg5.json | 80 +++++++++++++++++++ .../GHSA-g8mp-px4h-fw43.json | 64 +++++++++++++++ .../GHSA-gcff-gvxv-7jgm.json | 52 ++++++++++++ .../GHSA-ghf8-ggp8-97wj.json | 25 ++++++ .../GHSA-h858-mf2m-8jf4.json | 52 ++++++++++++ .../GHSA-jg87-hjf9-gf64.json | 25 ++++++ .../GHSA-m3jj-4hf6-wgch.json | 25 ++++++ .../GHSA-mcrh-3qmp-x37p.json | 44 ++++++++++ .../GHSA-pj33-46c7-rm7p.json | 52 ++++++++++++ .../GHSA-qph2-xm7h-wv73.json | 48 +++++++++++ .../GHSA-qw9p-rfpx-fxh5.json | 40 ++++++++++ .../GHSA-rgq3-q5rc-mjc3.json | 48 +++++++++++ .../GHSA-rj4g-w683-5gq4.json | 48 +++++++++++ .../GHSA-vfcp-69jm-85xv.json | 25 ++++++ .../GHSA-vrm4-h3r4-hh29.json | 25 ++++++ .../GHSA-wpf3-wv8v-2wxj.json | 40 ++++++++++ 31 files changed, 1305 insertions(+) create mode 100644 advisories/unreviewed/2026/02/GHSA-354p-69pj-7hrh/GHSA-354p-69pj-7hrh.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3gjc-g73c-46x5/GHSA-3gjc-g73c-46x5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4292-3qv2-cv3v/GHSA-4292-3qv2-cv3v.json create mode 100644 advisories/unreviewed/2026/02/GHSA-43j7-cmcw-j9hr/GHSA-43j7-cmcw-j9hr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4r69-36rj-xggj/GHSA-4r69-36rj-xggj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4wq4-57x2-fmhv/GHSA-4wq4-57x2-fmhv.json create mode 100644 advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5g55-5vv7-848g/GHSA-5g55-5vv7-848g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-69fg-c96p-c6fq/GHSA-69fg-c96p-c6fq.json create mode 100644 advisories/unreviewed/2026/02/GHSA-763r-9v7r-f8fj/GHSA-763r-9v7r-f8fj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7f6r-mp5f-rh8r/GHSA-7f6r-mp5f-rh8r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cpmc-9298-xjhp/GHSA-cpmc-9298-xjhp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fv33-cj5h-48j8/GHSA-fv33-cj5h-48j8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fvjg-wx7c-4qc5/GHSA-fvjg-wx7c-4qc5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fx3v-rgv7-qq3x/GHSA-fx3v-rgv7-qq3x.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g4wh-mv47-2hg5/GHSA-g4wh-mv47-2hg5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g8mp-px4h-fw43/GHSA-g8mp-px4h-fw43.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gcff-gvxv-7jgm/GHSA-gcff-gvxv-7jgm.json create mode 100644 advisories/unreviewed/2026/02/GHSA-ghf8-ggp8-97wj/GHSA-ghf8-ggp8-97wj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-h858-mf2m-8jf4/GHSA-h858-mf2m-8jf4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jg87-hjf9-gf64/GHSA-jg87-hjf9-gf64.json create mode 100644 advisories/unreviewed/2026/02/GHSA-m3jj-4hf6-wgch/GHSA-m3jj-4hf6-wgch.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mcrh-3qmp-x37p/GHSA-mcrh-3qmp-x37p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json diff --git a/advisories/unreviewed/2026/02/GHSA-354p-69pj-7hrh/GHSA-354p-69pj-7hrh.json b/advisories/unreviewed/2026/02/GHSA-354p-69pj-7hrh/GHSA-354p-69pj-7hrh.json new file mode 100644 index 0000000000000..2f5abda6b669e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-354p-69pj-7hrh/GHSA-354p-69pj-7hrh.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-354p-69pj-7hrh", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27038" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27038" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3gjc-g73c-46x5/GHSA-3gjc-g73c-46x5.json b/advisories/unreviewed/2026/02/GHSA-3gjc-g73c-46x5/GHSA-3gjc-g73c-46x5.json new file mode 100644 index 0000000000000..6ea96b837d889 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3gjc-g73c-46x5/GHSA-3gjc-g73c-46x5.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3gjc-g73c-46x5", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27036" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27036" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4292-3qv2-cv3v/GHSA-4292-3qv2-cv3v.json b/advisories/unreviewed/2026/02/GHSA-4292-3qv2-cv3v/GHSA-4292-3qv2-cv3v.json new file mode 100644 index 0000000000000..f6c829558b061 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4292-3qv2-cv3v/GHSA-4292-3qv2-cv3v.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4292-3qv2-cv3v", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12037" + ], + "details": "The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12037" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/log/wp-404-auto-redirect-to-similar-post" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c20059de-9d81-4318-a015-8e402945828c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-43j7-cmcw-j9hr/GHSA-43j7-cmcw-j9hr.json b/advisories/unreviewed/2026/02/GHSA-43j7-cmcw-j9hr/GHSA-43j7-cmcw-j9hr.json new file mode 100644 index 0000000000000..b5371d7d0af4b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-43j7-cmcw-j9hr/GHSA-43j7-cmcw-j9hr.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-43j7-cmcw-j9hr", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2025-12074" + ], + "details": "The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12074" + }, + { + "type": "WEB", + "url": "https://themes.svn.wordpress.org/context-blog/1.2.1/inc/ajax/modal-popup.php" + }, + { + "type": "WEB", + "url": "https://themes.trac.wordpress.org/changeset/297968" + }, + { + "type": "WEB", + "url": "https://wordpress.org/themes/context-blog" + }, + { + "type": "WEB", + "url": "https://www.postmagthemes.com/downloads/context-blog-free-wordpress-theme" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25552fdb-c55b-4390-a614-7c007c5fe7b1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4r69-36rj-xggj/GHSA-4r69-36rj-xggj.json b/advisories/unreviewed/2026/02/GHSA-4r69-36rj-xggj/GHSA-4r69-36rj-xggj.json new file mode 100644 index 0000000000000..e24a813ced989 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4r69-36rj-xggj/GHSA-4r69-36rj-xggj.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4r69-36rj-xggj", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-11737" + ], + "details": "The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnit_sns_title' parameter in all versions up to, and including, 9.112.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11737" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3402996%40vk-all-in-one-expansion-unit&new=3402996%40vk-all-in-one-expansion-unit&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e7efb39-fada-4167-825c-21cc31948a63?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4wq4-57x2-fmhv/GHSA-4wq4-57x2-fmhv.json b/advisories/unreviewed/2026/02/GHSA-4wq4-57x2-fmhv/GHSA-4wq4-57x2-fmhv.json new file mode 100644 index 0000000000000..e9956057d08ba --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4wq4-57x2-fmhv/GHSA-4wq4-57x2-fmhv.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4wq4-57x2-fmhv", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-6460" + ], + "details": "The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6460" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3455051" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/display-during-conditional-shortcode/#developers" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad39a3b0-5434-4595-a052-4b6e4adb2247?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json b/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json new file mode 100644 index 0000000000000..85d2b669e2761 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-568p-hhxc-vvx8", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1368" + ], + "details": "The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1368" + }, + { + "type": "WEB", + "url": "https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5g55-5vv7-848g/GHSA-5g55-5vv7-848g.json b/advisories/unreviewed/2026/02/GHSA-5g55-5vv7-848g/GHSA-5g55-5vv7-848g.json new file mode 100644 index 0000000000000..b32d5ce03dc02 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5g55-5vv7-848g/GHSA-5g55-5vv7-848g.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5g55-5vv7-848g", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12122" + ], + "details": "The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12122" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3410472%40popup-box&new=3410472%40popup-box&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7eeb557-0528-422a-aae7-3f99154953df?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-69fg-c96p-c6fq/GHSA-69fg-c96p-c6fq.json b/advisories/unreviewed/2026/02/GHSA-69fg-c96p-c6fq/GHSA-69fg-c96p-c6fq.json new file mode 100644 index 0000000000000..d246f61aed11a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-69fg-c96p-c6fq/GHSA-69fg-c96p-c6fq.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-69fg-c96p-c6fq", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-2641" + ], + "details": "A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2641" + }, + { + "type": "WEB", + "url": "https://github.com/universal-ctags/ctags/issues/4369" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0116/blob/main/poc.v" + }, + { + "type": "WEB", + "url": "https://github.com/universal-ctags/ctags" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346397" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346397" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752768" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-404" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-763r-9v7r-f8fj/GHSA-763r-9v7r-f8fj.json b/advisories/unreviewed/2026/02/GHSA-763r-9v7r-f8fj/GHSA-763r-9v7r-f8fj.json new file mode 100644 index 0000000000000..778e6419c3092 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-763r-9v7r-f8fj/GHSA-763r-9v7r-f8fj.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-763r-9v7r-f8fj", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27032" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27032" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7f6r-mp5f-rh8r/GHSA-7f6r-mp5f-rh8r.json b/advisories/unreviewed/2026/02/GHSA-7f6r-mp5f-rh8r/GHSA-7f6r-mp5f-rh8r.json new file mode 100644 index 0000000000000..7f10555e9287f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7f6r-mp5f-rh8r/GHSA-7f6r-mp5f-rh8r.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7f6r-mp5f-rh8r", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1639" + ], + "details": "The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sort_by' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1639" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/projects/projects_list.php#L136" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/projects/projects_list.php#L138" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/projects/projects_list.php#L14" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cfdde5c-f0e3-4597-9789-3ff0347719c6?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cpmc-9298-xjhp/GHSA-cpmc-9298-xjhp.json b/advisories/unreviewed/2026/02/GHSA-cpmc-9298-xjhp/GHSA-cpmc-9298-xjhp.json new file mode 100644 index 0000000000000..24f4fe3bfb7e8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cpmc-9298-xjhp/GHSA-cpmc-9298-xjhp.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cpmc-9298-xjhp", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1296" + ], + "details": "The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_password function. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1296" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/frontend-post-submission-manager-lite/tags/1.2.6/includes/classes/class-fpsml-shortcode.php#L108" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/frontend-post-submission-manager-lite/trunk/includes/classes/class-fpsml-shortcode.php#L108" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3458652%40frontend-post-submission-manager-lite&new=3458652%40frontend-post-submission-manager-lite&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92c52129-7cf5-4a1b-80a1-b01140e6a72b?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fv33-cj5h-48j8/GHSA-fv33-cj5h-48j8.json b/advisories/unreviewed/2026/02/GHSA-fv33-cj5h-48j8/GHSA-fv33-cj5h-48j8.json new file mode 100644 index 0000000000000..9f05303d25898 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fv33-cj5h-48j8/GHSA-fv33-cj5h-48j8.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fv33-cj5h-48j8", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-13959" + ], + "details": "The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13959" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/filepicker-media-uploader/tags/2.0.8/lib/shortcodes.php#L20" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/filepicker-media-uploader/trunk/lib/shortcodes.php#L20" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2777794d-2c0a-4843-bed8-78e607d4e796?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fvjg-wx7c-4qc5/GHSA-fvjg-wx7c-4qc5.json b/advisories/unreviewed/2026/02/GHSA-fvjg-wx7c-4qc5/GHSA-fvjg-wx7c-4qc5.json new file mode 100644 index 0000000000000..b637ccb2b2efb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fvjg-wx7c-4qc5/GHSA-fvjg-wx7c-4qc5.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fvjg-wx7c-4qc5", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1072" + ], + "details": "The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.5. This is due to missing nonce validation when updating plugin settings. This makes it possible for unauthenticated attackers to update the Keybase verification text via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1072" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-keybase-verification/tags/1.4.5/admin/code/write.php#L51" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-keybase-verification/trunk/admin/code/write.php#L51" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3455171%40wp-keybase-verification&new=3455171%40wp-keybase-verification&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4bbf55eb-7738-4c52-ac9d-a67d159e56cf?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fx3v-rgv7-qq3x/GHSA-fx3v-rgv7-qq3x.json b/advisories/unreviewed/2026/02/GHSA-fx3v-rgv7-qq3x/GHSA-fx3v-rgv7-qq3x.json new file mode 100644 index 0000000000000..b2bca67c84fe9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fx3v-rgv7-qq3x/GHSA-fx3v-rgv7-qq3x.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fx3v-rgv7-qq3x", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-1277" + ], + "details": "The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites via a crafted link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1277" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/url-shortify/tags/1.11.4/lite/includes/Promo.php#L64" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3451740%40url-shortify&old=3445491%40url-shortify&sfp_email=&sfph_mail=#file1049" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7c1dc51-47ca-4b2f-9ff9-275bd8b1c106?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g4wh-mv47-2hg5/GHSA-g4wh-mv47-2hg5.json b/advisories/unreviewed/2026/02/GHSA-g4wh-mv47-2hg5/GHSA-g4wh-mv47-2hg5.json new file mode 100644 index 0000000000000..967128fbf512b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g4wh-mv47-2hg5/GHSA-g4wh-mv47-2hg5.json @@ -0,0 +1,80 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g4wh-mv47-2hg5", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1304" + ], + "details": "The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1304" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L896" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L905" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L914" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L923" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L932" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L941" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L950" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L971" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/templates/invoice.php#L271" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/templates/invoice.php#L281" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3448964%40restrict-content&new=3448964%40restrict-content&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdd563b7-a1b9-4d99-9a6e-c8acf9dda619?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g8mp-px4h-fw43/GHSA-g8mp-px4h-fw43.json b/advisories/unreviewed/2026/02/GHSA-g8mp-px4h-fw43/GHSA-g8mp-px4h-fw43.json new file mode 100644 index 0000000000000..1a0c1a1a955a8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g8mp-px4h-fw43/GHSA-g8mp-px4h-fw43.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g8mp-px4h-fw43", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1714" + ], + "details": "The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'send_to', 'product_title', 'wlmessage', and 'wlemail' parameters in the 'woolentor_suggest_price_action' AJAX endpoint. This makes it possible for unauthenticated attackers to send arbitrary emails to any recipient with full control over the subject line, message content, and sender address (via CRLF injection in the 'wlemail' parameter), effectively turning the website into a full email relay for spam or phishing campaigns.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1714" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/3.3.1/classes/class.ajax_actions.php#L170" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/3.3.1/classes/class.ajax_actions.php#L189" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/3.3.1/classes/class.ajax_actions.php#L192" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/classes/class.ajax_actions.php#L170" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/classes/class.ajax_actions.php#L189" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/classes/class.ajax_actions.php#L192" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3461704/woolentor-addons/trunk/classes/class.ajax_actions.php?contextall=1" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf326914-6a38-4984-a2a7-66e05f41a96b?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-93" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gcff-gvxv-7jgm/GHSA-gcff-gvxv-7jgm.json b/advisories/unreviewed/2026/02/GHSA-gcff-gvxv-7jgm/GHSA-gcff-gvxv-7jgm.json new file mode 100644 index 0000000000000..3f58906b72c53 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gcff-gvxv-7jgm/GHSA-gcff-gvxv-7jgm.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gcff-gvxv-7jgm", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1931" + ], + "details": "The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1931" + }, + { + "type": "WEB", + "url": "https://github.com/BrindleDigital/rentfetch/commit/3c7162b24a8be5e5399c1a5bbaf0b949127aca75" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/rentfetch/tags/0.32.4/lib/admin/options-sections/options-general-section.php#L225" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/rentfetch/trunk/lib/admin/options-sections/options-general-section.php#L225" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3458366%40rentfetch&new=3458366%40rentfetch&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3fffdda5-91ed-4b79-bc04-77a1c44e3b67?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ghf8-ggp8-97wj/GHSA-ghf8-ggp8-97wj.json b/advisories/unreviewed/2026/02/GHSA-ghf8-ggp8-97wj/GHSA-ghf8-ggp8-97wj.json new file mode 100644 index 0000000000000..03403a15be506 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ghf8-ggp8-97wj/GHSA-ghf8-ggp8-97wj.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ghf8-ggp8-97wj", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27033" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27033" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-h858-mf2m-8jf4/GHSA-h858-mf2m-8jf4.json b/advisories/unreviewed/2026/02/GHSA-h858-mf2m-8jf4/GHSA-h858-mf2m-8jf4.json new file mode 100644 index 0000000000000..c3403ed1b4840 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-h858-mf2m-8jf4/GHSA-h858-mf2m-8jf4.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h858-mf2m-8jf4", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27171" + ], + "details": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171" + }, + { + "type": "WEB", + "url": "https://github.com/madler/zlib/issues/904" + }, + { + "type": "WEB", + "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit" + }, + { + "type": "WEB", + "url": "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf" + }, + { + "type": "WEB", + "url": "https://github.com/madler/zlib/releases/tag/v1.3.2" + }, + { + "type": "WEB", + "url": "https://ostif.org/zlib-audit-complete" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1284" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jg87-hjf9-gf64/GHSA-jg87-hjf9-gf64.json b/advisories/unreviewed/2026/02/GHSA-jg87-hjf9-gf64/GHSA-jg87-hjf9-gf64.json new file mode 100644 index 0000000000000..49abac32aeac3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jg87-hjf9-gf64/GHSA-jg87-hjf9-gf64.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jg87-hjf9-gf64", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27037" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27037" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m3jj-4hf6-wgch/GHSA-m3jj-4hf6-wgch.json b/advisories/unreviewed/2026/02/GHSA-m3jj-4hf6-wgch/GHSA-m3jj-4hf6-wgch.json new file mode 100644 index 0000000000000..a78a994cc52e4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-m3jj-4hf6-wgch/GHSA-m3jj-4hf6-wgch.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m3jj-4hf6-wgch", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27035" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27035" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-mcrh-3qmp-x37p/GHSA-mcrh-3qmp-x37p.json b/advisories/unreviewed/2026/02/GHSA-mcrh-3qmp-x37p/GHSA-mcrh-3qmp-x37p.json new file mode 100644 index 0000000000000..f6fa77ad5c9c7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mcrh-3qmp-x37p/GHSA-mcrh-3qmp-x37p.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mcrh-3qmp-x37p", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12356" + ], + "details": "The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update post/event statuses.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12356" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/tickera-event-ticketing-system/trunk/tickera.php#L3903" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3422813" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7c08b1a-c73d-488c-96df-cf18acb460bb?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json b/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json new file mode 100644 index 0000000000000..6a94e565ad909 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pj33-46c7-rm7p", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-2023" + ], + "details": "The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajax_save_custom_plugin() function, which is disabled by prefixing the check with 'false &&'. This makes it possible for unauthenticated attackers to create or modify custom plugin entries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2023" + }, + { + "type": "WEB", + "url": "https://github.com/DLXPlugins/wp-plugin-info-card/blob/0fe50d3ccb3d61d5d176fab9e9f280ac8bfd8614/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-plugin-info-card/tags/6.2.0/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-plugin-info-card/trunk/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3454992%40wp-plugin-info-card&new=3454992%40wp-plugin-info-card&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1213a21f-a9c1-4da3-99b5-4a5a0673073f?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json b/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json new file mode 100644 index 0000000000000..de9398f896eab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qph2-xm7h-wv73", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-2576" + ], + "details": "The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2576" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/tags/6.4.21/includes/controllers/pages/class-checkout.php#L126" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/tags/6.4.21/includes/db/class-db-query-set.php#L37" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3463307/business-directory-plugin/trunk/includes/db/class-db-query-set.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8ec7d25-1574-416c-b5fd-3a71b1cc09d2?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json b/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json new file mode 100644 index 0000000000000..465c984583a48 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qw9p-rfpx-fxh5", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12075" + ], + "details": "The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view information pertaining to other user's orders.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12075" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3387820%40woo-order-splitter&new=3387820%40woo-order-splitter&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/627eb000-086e-408a-8123-063fed6364be?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json b/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json new file mode 100644 index 0000000000000..889d69c0fb852 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgq3-q5rc-mjc3", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1906" + ], + "details": "The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order ownership validation. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify Peppol/EDI endpoint identifiers (`peppol_endpoint_id`, `peppol_endpoint_eas`) for any customer by specifying an arbitrary `order_id` parameter on systems using Peppol invoicing. This can affect order routing on the Peppol network and may result in payment disruptions and data leakage.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1906" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.6.0/includes/Admin.php#L72" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.6.0/includes/Admin.php#L895" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/#developers" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e1922c6-e63b-47aa-97de-1e2382fa25d3?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json b/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json new file mode 100644 index 0000000000000..1d82bf0a60c65 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rj4g-w683-5gq4", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1925" + ], + "details": "The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1925" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/emailkit/tags/1.6.2/includes/Admin/EmailKitAjax.php#L150" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/emailkit/trunk/includes/Admin/EmailKitAjax.php#L150" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3456972/emailkit/trunk?contextall=1&old=3419280&old_path=%2Femailkit%2Ftrunk#file1" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f131ea1e-d652-4854-abea-6a307ca8118f?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json b/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json new file mode 100644 index 0000000000000..016f1de2f6a51 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfcp-69jm-85xv", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27034" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27034" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json b/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json new file mode 100644 index 0000000000000..6df91580455d2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vrm4-h3r4-hh29", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27031" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27031" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json b/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json new file mode 100644 index 0000000000000..a6b73996ee3fd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wpf3-wv8v-2wxj", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12071" + ], + "details": "The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary notes that do not belong to them.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12071" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/frontend-user-notes/tags/2.1.1/includes/ajax.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30f2dd33-228d-4942-88d9-78c7ed0b79a1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:16Z" + } +} \ No newline at end of file From d6d6c974b5a7967b6140980bb26d7ef5c03f3d15 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 09:32:25 +0000 Subject: [PATCH 084/222] Publish Advisories GHSA-34f4-7p4v-274v GHSA-53pp-j4fh-wvrr GHSA-5c5v-f747-q7rq GHSA-6mq9-qm49-w244 GHSA-77g9-fwj8-pcwg GHSA-8425-76gw-qxj4 GHSA-8vw7-m4cj-2323 GHSA-9x54-6v7m-8wf2 GHSA-cwvx-vcjx-vqjc GHSA-cxr2-7xvc-hh42 GHSA-g6wj-gw42-4345 GHSA-gch6-cfhh-c44p GHSA-gmgx-8hxg-f53q GHSA-gxvp-w433-832f GHSA-h92c-7ccr-x4hr GHSA-jh7f-pj8r-h37c GHSA-p572-g32f-hp32 GHSA-q7cc-x725-hp7g GHSA-q7wp-4j7p-g4vj GHSA-qfwf-756h-2p4g GHSA-qj9g-q4j9-47hp GHSA-rg7x-c263-823c GHSA-wxhm-86c2-x66c GHSA-xf7v-j2cc-2crf --- .../GHSA-34f4-7p4v-274v.json | 48 ++++++++++++++ .../GHSA-53pp-j4fh-wvrr.json | 48 ++++++++++++++ .../GHSA-5c5v-f747-q7rq.json | 52 +++++++++++++++ .../GHSA-6mq9-qm49-w244.json | 56 ++++++++++++++++ .../GHSA-77g9-fwj8-pcwg.json | 48 ++++++++++++++ .../GHSA-8425-76gw-qxj4.json | 48 ++++++++++++++ .../GHSA-8vw7-m4cj-2323.json | 60 +++++++++++++++++ .../GHSA-9x54-6v7m-8wf2.json | 25 ++++++++ .../GHSA-cwvx-vcjx-vqjc.json | 48 ++++++++++++++ .../GHSA-cxr2-7xvc-hh42.json | 52 +++++++++++++++ .../GHSA-g6wj-gw42-4345.json | 48 ++++++++++++++ .../GHSA-gch6-cfhh-c44p.json | 48 ++++++++++++++ .../GHSA-gmgx-8hxg-f53q.json | 52 +++++++++++++++ .../GHSA-gxvp-w433-832f.json | 52 +++++++++++++++ .../GHSA-h92c-7ccr-x4hr.json | 52 +++++++++++++++ .../GHSA-jh7f-pj8r-h37c.json | 56 ++++++++++++++++ .../GHSA-p572-g32f-hp32.json | 56 ++++++++++++++++ .../GHSA-q7cc-x725-hp7g.json | 48 ++++++++++++++ .../GHSA-q7wp-4j7p-g4vj.json | 48 ++++++++++++++ .../GHSA-qfwf-756h-2p4g.json | 60 +++++++++++++++++ .../GHSA-qj9g-q4j9-47hp.json | 52 +++++++++++++++ .../GHSA-rg7x-c263-823c.json | 56 ++++++++++++++++ .../GHSA-wxhm-86c2-x66c.json | 44 +++++++++++++ .../GHSA-xf7v-j2cc-2crf.json | 64 +++++++++++++++++++ 24 files changed, 1221 insertions(+) create mode 100644 advisories/unreviewed/2026/02/GHSA-34f4-7p4v-274v/GHSA-34f4-7p4v-274v.json create mode 100644 advisories/unreviewed/2026/02/GHSA-53pp-j4fh-wvrr/GHSA-53pp-j4fh-wvrr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5c5v-f747-q7rq/GHSA-5c5v-f747-q7rq.json create mode 100644 advisories/unreviewed/2026/02/GHSA-6mq9-qm49-w244/GHSA-6mq9-qm49-w244.json create mode 100644 advisories/unreviewed/2026/02/GHSA-77g9-fwj8-pcwg/GHSA-77g9-fwj8-pcwg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8425-76gw-qxj4/GHSA-8425-76gw-qxj4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8vw7-m4cj-2323/GHSA-8vw7-m4cj-2323.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9x54-6v7m-8wf2/GHSA-9x54-6v7m-8wf2.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cwvx-vcjx-vqjc/GHSA-cwvx-vcjx-vqjc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cxr2-7xvc-hh42/GHSA-cxr2-7xvc-hh42.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g6wj-gw42-4345/GHSA-g6wj-gw42-4345.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gch6-cfhh-c44p/GHSA-gch6-cfhh-c44p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gmgx-8hxg-f53q/GHSA-gmgx-8hxg-f53q.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gxvp-w433-832f/GHSA-gxvp-w433-832f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-h92c-7ccr-x4hr/GHSA-h92c-7ccr-x4hr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jh7f-pj8r-h37c/GHSA-jh7f-pj8r-h37c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json create mode 100644 advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json diff --git a/advisories/unreviewed/2026/02/GHSA-34f4-7p4v-274v/GHSA-34f4-7p4v-274v.json b/advisories/unreviewed/2026/02/GHSA-34f4-7p4v-274v/GHSA-34f4-7p4v-274v.json new file mode 100644 index 0000000000000..d73bd87cbad3d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-34f4-7p4v-274v/GHSA-34f4-7p4v-274v.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-34f4-7p4v-274v", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2281" + ], + "details": "The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2281" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/private-comment/tags/0.0.3/private-comment.php#L128" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/private-comment/trunk/private-comment.php#L128" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3458294/private-comment/trunk/private-comment.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94d75f18-67ab-4367-982b-73e256d5dbe2?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-53pp-j4fh-wvrr/GHSA-53pp-j4fh-wvrr.json b/advisories/unreviewed/2026/02/GHSA-53pp-j4fh-wvrr/GHSA-53pp-j4fh-wvrr.json new file mode 100644 index 0000000000000..65896427e7875 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-53pp-j4fh-wvrr/GHSA-53pp-j4fh-wvrr.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-53pp-j4fh-wvrr", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1656" + ], + "details": "The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles, content, and email addresses, by directly referencing the listing ID in crafted requests to the wpbdp_ajax AJAX action.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1656" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/tags/6.4.20/includes/helpers/class-authenticated-listing-view.php#L20" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/helpers/class-authenticated-listing-view.php#L20" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3452627/business-directory-plugin/tags/6.4.21/includes/controllers/pages/class-submit-listing.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f894ce75-168c-4baa-8cae-d2e7f1a0a9ab?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5c5v-f747-q7rq/GHSA-5c5v-f747-q7rq.json b/advisories/unreviewed/2026/02/GHSA-5c5v-f747-q7rq/GHSA-5c5v-f747-q7rq.json new file mode 100644 index 0000000000000..e5228cf404a20 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5c5v-f747-q7rq/GHSA-5c5v-f747-q7rq.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5c5v-f747-q7rq", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1666" + ], + "details": "The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect_to' parameter in all versions up to, and including, 3.3.46. This is due to insufficient input sanitization and output escaping on the 'redirect_to' GET parameter in the login form shortcode. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1666" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.46/src/User/Login.php#L137" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.46/src/User/views/login-form.php#L142" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3455081%40download-manager%2Ftrunk&old=3440008%40download-manager%2Ftrunk&sfp_email=&sfph_mail=#file25" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb84ba3-b403-4a9d-b1a7-92aa947310ac?source=cve" + }, + { + "type": "WEB", + "url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_login_form-user-login-form-short-code" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6mq9-qm49-w244/GHSA-6mq9-qm49-w244.json b/advisories/unreviewed/2026/02/GHSA-6mq9-qm49-w244/GHSA-6mq9-qm49-w244.json new file mode 100644 index 0000000000000..7aef7673f85d8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-6mq9-qm49-w244/GHSA-6mq9-qm49-w244.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6mq9-qm49-w244", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2127" + ], + "details": "The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the `siteorigin_widget_preview_widget_action()` function which is registered via the `wp_ajax_so_widgets_preview` AJAX action. The function only verifies a nonce (`widgets_action`) but does not check user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes by invoking the `SiteOrigin_Widget_Editor_Widget` via the preview endpoint. The required nonce is exposed on the public frontend when the Post Carousel widget is present on a page, embedded in the `data-ajax-url` HTML attribute.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2127" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/base/inc/actions.php#L6" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/base/inc/actions.php#L75" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/widgets/editor/editor.php#L120" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/widgets/post-carousel/post-carousel.php#L590" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3460939%40so-widgets-bundle%2Ftrunk&old=3434183%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf92c64b-ca76-4af7-a1e4-585a60b03153?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-77g9-fwj8-pcwg/GHSA-77g9-fwj8-pcwg.json b/advisories/unreviewed/2026/02/GHSA-77g9-fwj8-pcwg/GHSA-77g9-fwj8-pcwg.json new file mode 100644 index 0000000000000..e0d470e5fbab3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-77g9-fwj8-pcwg/GHSA-77g9-fwj8-pcwg.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-77g9-fwj8-pcwg", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1937" + ], + "details": "The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the `yaymail_import_state` AJAX action in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1937" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Models/MigrationModel.php#L143" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/Models/MigrationModel.php#L143" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a17ded3-340d-494f-be7e-2550dab360bc?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8425-76gw-qxj4/GHSA-8425-76gw-qxj4.json b/advisories/unreviewed/2026/02/GHSA-8425-76gw-qxj4/GHSA-8425-76gw-qxj4.json new file mode 100644 index 0000000000000..99a3c7283332e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8425-76gw-qxj4/GHSA-8425-76gw-qxj4.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8425-76gw-qxj4", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1857" + ], + "details": "The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the `endpoint` parameter in the `get_items()` function of the GetResponse REST API handler. The endpoint's permission check only requires `edit_posts` capability (Contributor role) rather than `manage_options` (Administrator). This makes it possible for authenticated attackers, with Contributor-level access and above, to make server-side requests to arbitrary endpoints on the configured GetResponse API server, retrieving sensitive data such as contacts, campaigns, and mailing lists using the site's stored API credentials. The stored API key is also leaked in the request headers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1857" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/advanced-form/getresponse-rest-api.php#L57" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/advanced-form/getresponse-rest-api.php#L77" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3454881%40kadence-blocks%2Ftrunk&old=3453204%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea8d38a-f5ce-40dd-a015-f56d60579e05?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8vw7-m4cj-2323/GHSA-8vw7-m4cj-2323.json b/advisories/unreviewed/2026/02/GHSA-8vw7-m4cj-2323/GHSA-8vw7-m4cj-2323.json new file mode 100644 index 0000000000000..5d13751701bc9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8vw7-m4cj-2323/GHSA-8vw7-m4cj-2323.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8vw7-m4cj-2323", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2642" + ], + "details": "A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2642" + }, + { + "type": "WEB", + "url": "https://github.com/ggreer/the_silver_searcher/issues/1558" + }, + { + "type": "WEB", + "url": "https://github.com/ggreer/the_silver_searcher" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0119/blob/main/segv1" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346398" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346398" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752769" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-404" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9x54-6v7m-8wf2/GHSA-9x54-6v7m-8wf2.json b/advisories/unreviewed/2026/02/GHSA-9x54-6v7m-8wf2/GHSA-9x54-6v7m-8wf2.json new file mode 100644 index 0000000000000..a4b70b7c5882b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9x54-6v7m-8wf2/GHSA-9x54-6v7m-8wf2.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9x54-6v7m-8wf2", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-25421" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25421" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cwvx-vcjx-vqjc/GHSA-cwvx-vcjx-vqjc.json b/advisories/unreviewed/2026/02/GHSA-cwvx-vcjx-vqjc/GHSA-cwvx-vcjx-vqjc.json new file mode 100644 index 0000000000000..0c1143260740c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cwvx-vcjx-vqjc/GHSA-cwvx-vcjx-vqjc.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cwvx-vcjx-vqjc", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2019" + ], + "details": "The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute arbitrary PHP code on the server.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2019" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-cart-all-in-one/tags/1.1.21/includes/frontend/sidebar-cart-icon.php#L245" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-cart-all-in-one/trunk/includes/frontend/sidebar-cart-icon.php#L245" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3455202" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25bdb89f-3478-4a1a-8bf0-46e88207eb21?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cxr2-7xvc-hh42/GHSA-cxr2-7xvc-hh42.json b/advisories/unreviewed/2026/02/GHSA-cxr2-7xvc-hh42/GHSA-cxr2-7xvc-hh42.json new file mode 100644 index 0000000000000..595643344c0d5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cxr2-7xvc-hh42/GHSA-cxr2-7xvc-hh42.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cxr2-7xvc-hh42", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1649" + ], + "details": "The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ce_venue_name' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1649" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/community-events/tags/1.5.7/community-events.php#L1403" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/community-events/tags/1.5.7/community-events.php#L779" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/community-events/trunk/community-events.php#L1403" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3456114%40community-events&new=3456114%40community-events&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c44232a9-7b97-449c-b584-ca3c26d63581?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g6wj-gw42-4345/GHSA-g6wj-gw42-4345.json b/advisories/unreviewed/2026/02/GHSA-g6wj-gw42-4345/GHSA-g6wj-gw42-4345.json new file mode 100644 index 0000000000000..29943494063e7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g6wj-gw42-4345/GHSA-g6wj-gw42-4345.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g6wj-gw42-4345", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1938" + ], + "details": "The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the `/yaymail-license/v1/license/delete` REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to delete the plugin's license key via the '/yaymail-license/v1/license/delete' endpoint granted they can obtain the REST API nonce.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1938" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/License/RestAPI.php#L142" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/License/RestAPI.php#L142" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3460087" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ce57b12-2241-416b-b466-aa06ca8c7551?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gch6-cfhh-c44p/GHSA-gch6-cfhh-c44p.json b/advisories/unreviewed/2026/02/GHSA-gch6-cfhh-c44p/GHSA-gch6-cfhh-c44p.json new file mode 100644 index 0000000000000..fd16389e309a2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gch6-cfhh-c44p/GHSA-gch6-cfhh-c44p.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gch6-cfhh-c44p", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2633" + ], + "details": "The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function's authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction that prevents Contributors from uploading files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2633" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/class-kadence-blocks-prebuilt-library.php#L1177" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/class-kadence-blocks-prebuilt-library.php#L789" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3454881%40kadence-blocks%2Ftrunk&old=3453204%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c06e0a9-a13a-4cee-a1a5-c43c114b2dbf?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gmgx-8hxg-f53q/GHSA-gmgx-8hxg-f53q.json b/advisories/unreviewed/2026/02/GHSA-gmgx-8hxg-f53q/GHSA-gmgx-8hxg-f53q.json new file mode 100644 index 0000000000000..5bafb011047c5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gmgx-8hxg-f53q/GHSA-gmgx-8hxg-f53q.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gmgx-8hxg-f53q", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1943" + ], + "details": "The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1943" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Controllers/TemplateController.php#L194" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/templates/elements/order-details.php#L123" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/templates/elements/text.php#L38" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/73b4e5a2-bf75-4df9-a816-2cc858947c39?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gxvp-w433-832f/GHSA-gxvp-w433-832f.json b/advisories/unreviewed/2026/02/GHSA-gxvp-w433-832f/GHSA-gxvp-w433-832f.json new file mode 100644 index 0000000000000..0677cdb9d52e9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gxvp-w433-832f/GHSA-gxvp-w433-832f.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gxvp-w433-832f", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1831" + ], + "details": "The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and `/yaymail/v1/addons/activate` REST endpoint in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install and activate the YaySMTP plugin.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1831" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Ajax.php#L183" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Controllers/AddonController.php#L76" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/Ajax.php#L183" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=#file11" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a568162a-5a2d-47ab-9dfe-2f2f5f324f0d?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-h92c-7ccr-x4hr/GHSA-h92c-7ccr-x4hr.json b/advisories/unreviewed/2026/02/GHSA-h92c-7ccr-x4hr/GHSA-h92c-7ccr-x4hr.json new file mode 100644 index 0000000000000..67544cd09a67d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-h92c-7ccr-x4hr/GHSA-h92c-7ccr-x4hr.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h92c-7ccr-x4hr", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1860" + ], + "details": "The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the `get_items_permissions_check()` permission callback on the `/kaliforms/v1/forms/{id}` REST API endpoint only checking for the `edit_posts` capability without verifying that the requesting user has ownership or authorization over the specific form resource. This makes it possible for authenticated attackers, with Contributor-level access and above, to read form configuration data belonging to other users (including administrators) by enumerating form IDs. Exposed data includes form field structures, Google reCAPTCHA secret keys (if configured), email notification templates, and server paths.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1860" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kali-forms/tags/2.4.8/Inc/Backend/Rest/class-forms-rest-controller.php#L116" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kali-forms/tags/2.4.8/Inc/Backend/Rest/class-forms-rest-controller.php#L251" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kali-forms/tags/2.4.8/Inc/Backend/Rest/class-forms-rest-controller.php#L62" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3460047/kali-forms/trunk?contextall=1&old=3435823&old_path=%2Fkali-forms%2Ftrunk" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1529c89-5c5e-4a2d-be31-b55d2907c9b6?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jh7f-pj8r-h37c/GHSA-jh7f-pj8r-h37c.json b/advisories/unreviewed/2026/02/GHSA-jh7f-pj8r-h37c/GHSA-jh7f-pj8r-h37c.json new file mode 100644 index 0000000000000..529876aa4f7e3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jh7f-pj8r-h37c/GHSA-jh7f-pj8r-h37c.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jh7f-pj8r-h37c", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1655" + ], + "details": "The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and updating the corresponding event post without enforcing ownership or capability checks. This makes it possible for authenticated (Customer+) attackers to modify posts created by administrators by manipulating the event_id parameter granted they can obtain a valid nonce.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1655" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.2.8.1/includes/class-ep-ajax.php#L741" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.2.8.1/includes/class-ep-ajax.php#L798" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/trunk/includes/class-ep-ajax.php#L741" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/trunk/includes/class-ep-ajax.php#L798" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3455239%40eventprime-event-calendar-management%2Ftrunk&old=3452796%40eventprime-event-calendar-management%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e2a2769-1309-4aad-8411-4445efea2b66?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json b/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json new file mode 100644 index 0000000000000..0a3cb7dbead1e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p572-g32f-hp32", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2296" + ], + "details": "The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions() function, which passes unsanitized user input directly to PHP's eval() function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject and execute arbitrary PHP code on the server via the conditional logic 'operator' parameter when saving addon form field rules.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2296" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/tags/3.0.19/includes/process/conditional-logic.php#L104" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/tags/3.0.19/includes/process/conditional-logic.php#L84" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/trunk/includes/process/conditional-logic.php#L104" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/trunk/includes/process/conditional-logic.php#L84" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3458823%40woo-custom-product-addons&new=3458823%40woo-custom-product-addons&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c1edd7-2421-4dfa-8775-ca0497759d52?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json b/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json new file mode 100644 index 0000000000000..454dd1a293821 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q7cc-x725-hp7g", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1807" + ], + "details": "The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1807" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/interactivecalculator/tags/1.0.1/interactivecalculator.php#L44" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3456849%40interactivecalculator&new=3456849%40interactivecalculator&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3456870%40interactivecalculator&new=3456870%40interactivecalculator&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c38f080-59c7-4201-9e87-87ee9ab6b97b?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json b/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json new file mode 100644 index 0000000000000..0c1f57574dbb5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q7wp-4j7p-g4vj", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2419" + ], + "details": "The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the WP_CONTENT_DIR prefix check. This makes it possible for authenticated attackers, with Administrator-level access and above, to configure the plugin to list and access arbitrary files on the server by exploiting the file browser functionality.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2419" + }, + { + "type": "WEB", + "url": "https://github.com/lesterchan/wp-downloadmanager/commit/416b9f5459496166c0395f9e055d4c4cf872404a" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/tags/1.69/download-options.php#L42" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0bb96da1-9c17-4264-ac29-b5ff8dec745d?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json b/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json new file mode 100644 index 0000000000000..8b16527cca469 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qfwf-756h-2p4g", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2644" + ], + "details": "A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2644" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat/issues/55" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat/issues/55#issue-3832527387" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346406" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346406" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752775" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json b/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json new file mode 100644 index 0000000000000..7321ce7053113 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qj9g-q4j9-47hp", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2112" + ], + "details": "The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pending comments via a forged request granted they can trick an admin into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2112" + }, + { + "type": "WEB", + "url": "https://github.com/webguyio/dam-spam/blob/52e12fb455e7b670af2e0713f9da84d2d1d309ac/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dam-spam/tags/1.0.6/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dam-spam/trunk/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3457369%40dam-spam&new=3457369%40dam-spam&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e336dc27-4a76-4197-929c-b221f42bfe69?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json b/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json new file mode 100644 index 0000000000000..1ce5960d7bf73 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rg7x-c263-823c", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2495" + ], + "details": "The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2495" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/tags/0.6.5/inc/class-wpnakama-api.php#L209" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/tags/0.6.5/inc/class-wpnakama.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/trunk/inc/class-wpnakama-api.php#L209" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/trunk/inc/class-wpnakama.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3461315%40wpnakama&new=3461315%40wpnakama&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ffa92be-9d38-40d9-954d-d890136b5aa1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json b/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json new file mode 100644 index 0000000000000..2364f3a755ee7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wxhm-86c2-x66c", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1640" + ], + "details": "The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions (AJAX actions: wppm_submit_proj_comment and wppm_submit_task_comment). This makes it possible for authenticated attackers, with subscriber-level access and above, to create comments on any project or task (including private projects they cannot view or are not assigned to), and inject arbitrary HTML and CSS via the insufficiently sanitized comment_body parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1640" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/projects/open_project/wppm_submit_project_comment.php#L6" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/tasks/open_task/wppm_submit_task_comment.php#L6" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66095908-875f-486d-ae77-6015671872de?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json b/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json new file mode 100644 index 0000000000000..be96604f860ee --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xf7v-j2cc-2crf", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1941" + ], + "details": "The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_events' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1941" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L56" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L567" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L761" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L56" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L567" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L761" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3455440/wp-event-aggregator#file18" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50d8f1e0-2022-4fe1-b384-ca762a032d3c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:58Z" + } +} \ No newline at end of file From 624ae4cb87ec63f45622fd36ef58c9a94b7a2d4d Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 12:32:38 +0000 Subject: [PATCH 085/222] Publish Advisories GHSA-23h7-68rq-jgvf GHSA-2pc4-pm2m-q53r GHSA-3vq8-64jx-f882 GHSA-9pr5-g9xr-gp22 GHSA-fq68-cwcx-p92f GHSA-pm8v-w3f2-2hxx GHSA-vcj6-96x2-26j3 GHSA-w2w8-j4gc-v26q --- .../GHSA-23h7-68rq-jgvf.json | 56 ++++++++++++++++ .../GHSA-2pc4-pm2m-q53r.json | 48 ++++++++++++++ .../GHSA-3vq8-64jx-f882.json | 44 +++++++++++++ .../GHSA-9pr5-g9xr-gp22.json | 48 ++++++++++++++ .../GHSA-fq68-cwcx-p92f.json | 52 +++++++++++++++ .../GHSA-pm8v-w3f2-2hxx.json | 48 ++++++++++++++ .../GHSA-vcj6-96x2-26j3.json | 64 +++++++++++++++++++ .../GHSA-w2w8-j4gc-v26q.json | 48 ++++++++++++++ 8 files changed, 408 insertions(+) create mode 100644 advisories/unreviewed/2026/02/GHSA-23h7-68rq-jgvf/GHSA-23h7-68rq-jgvf.json create mode 100644 advisories/unreviewed/2026/02/GHSA-2pc4-pm2m-q53r/GHSA-2pc4-pm2m-q53r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3vq8-64jx-f882/GHSA-3vq8-64jx-f882.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9pr5-g9xr-gp22/GHSA-9pr5-g9xr-gp22.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fq68-cwcx-p92f/GHSA-fq68-cwcx-p92f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json diff --git a/advisories/unreviewed/2026/02/GHSA-23h7-68rq-jgvf/GHSA-23h7-68rq-jgvf.json b/advisories/unreviewed/2026/02/GHSA-23h7-68rq-jgvf/GHSA-23h7-68rq-jgvf.json new file mode 100644 index 0000000000000..5630e02bd42b0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-23h7-68rq-jgvf/GHSA-23h7-68rq-jgvf.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-23h7-68rq-jgvf", + "modified": "2026-02-18T12:31:10Z", + "published": "2026-02-18T12:31:10Z", + "aliases": [ + "CVE-2025-13727" + ], + "details": "The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13727" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/video-share-vod/tags/2.7.11/inc/shortcodes.php#L2226" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/video-share-vod/tags/2.7.11/inc/shortcodes.php#L748" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/video-share-vod/trunk/inc/shortcodes.php#L2226" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/video-share-vod/trunk/inc/shortcodes.php#L748" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3463296" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/776a441b-1bb8-46ea-9884-4abf562f6e5c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T10:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-2pc4-pm2m-q53r/GHSA-2pc4-pm2m-q53r.json b/advisories/unreviewed/2026/02/GHSA-2pc4-pm2m-q53r/GHSA-2pc4-pm2m-q53r.json new file mode 100644 index 0000000000000..e79fa4e9211d6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2pc4-pm2m-q53r/GHSA-2pc4-pm2m-q53r.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2pc4-pm2m-q53r", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2025-14799" + ], + "details": "The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings by sending a boolean `true` value for the `id` parameter, which bypasses the authorization check through PHP type juggling.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14799" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/mailin/tags/3.2.9/sendinblue.php#L1795" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/mailin/tags/3.2.9/sendinblue.php#L1833" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3448639" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f29e5b19-2505-4b02-92c7-071833de6bc2?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-843" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T12:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3vq8-64jx-f882/GHSA-3vq8-64jx-f882.json b/advisories/unreviewed/2026/02/GHSA-3vq8-64jx-f882/GHSA-3vq8-64jx-f882.json new file mode 100644 index 0000000000000..bb163125f7acc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3vq8-64jx-f882/GHSA-3vq8-64jx-f882.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3vq8-64jx-f882", + "modified": "2026-02-18T12:31:10Z", + "published": "2026-02-18T12:31:10Z", + "aliases": [ + "CVE-2025-11185" + ], + "details": "The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11185" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/complianz-gdpr/tags/7.4.2/documents/class-document.php#L1174" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/complianz-gdpr/tags/7.4.2/documents/class-document.php#L21" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0533fca-a4de-44f0-bea0-1df6a41709ca?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T10:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9pr5-g9xr-gp22/GHSA-9pr5-g9xr-gp22.json b/advisories/unreviewed/2026/02/GHSA-9pr5-g9xr-gp22/GHSA-9pr5-g9xr-gp22.json new file mode 100644 index 0000000000000..e0d8672576c9d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9pr5-g9xr-gp22/GHSA-9pr5-g9xr-gp22.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9pr5-g9xr-gp22", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2026-1942" + ], + "details": "The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s_curation_draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft() function only verifies current_user_can('read') without checking whether the user has edit_post permission for the target post. Combined with the plugin granting UI access and nonce exposure to all roles, this makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the title and content of arbitrary posts and pages by supplying a target post ID via the 'b2s-draft-id' parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1942" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.7.3/includes/Ajax/Post.php#L159" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.7.3/includes/B2S/Curation/Save.php#L39" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php?rev=3462464" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/930e7fd6-ae0b-465a-aa93-04ef80011d32?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fq68-cwcx-p92f/GHSA-fq68-cwcx-p92f.json b/advisories/unreviewed/2026/02/GHSA-fq68-cwcx-p92f/GHSA-fq68-cwcx-p92f.json new file mode 100644 index 0000000000000..079d7a6c660d4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fq68-cwcx-p92f/GHSA-fq68-cwcx-p92f.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fq68-cwcx-p92f", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:10Z", + "aliases": [ + "CVE-2025-14444" + ], + "details": "The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all versions up to, and including, 6.0.6.9. This is due to the plugin trusting client-supplied values for payment verification without validating that the payment actually went through PayPal. This makes it possible for unauthenticated attackers to bypass paid registration by manipulating payment status and activating their account without completing a real PayPal payment.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14444" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.6.7/includes/class_registration_magic.php#L232" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.6.7/services/class_rm_paypal_service.php#L324" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/services/class_rm_paypal_service.php#L324" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3426151" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0633bf06-6580-4feb-b98a-c465df3e2bed?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-345" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json b/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json new file mode 100644 index 0000000000000..fac368002aa55 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pm8v-w3f2-2hxx", + "modified": "2026-02-18T12:31:10Z", + "published": "2026-02-18T12:31:10Z", + "aliases": [ + "CVE-2026-2126" + ], + "details": "The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the `usp_get_submitted_category()` function accepting user-submitted category IDs from the POST body without validating them against the admin-configured allowed categories stored in `usp_options['categories']`. This makes it possible for unauthenticated attackers to assign submitted posts to arbitrary categories, including restricted ones, by crafting a direct POST request with manipulated `user-submitted-category[]` values, bypassing the frontend category restrictions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2126" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/user-submitted-posts/tags/20260113/user-submitted-posts.php#L1431" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/user-submitted-posts/tags/20260113/user-submitted-posts.php#L298" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3463696%40user-submitted-posts%2Ftrunk&old=3456521%40user-submitted-posts%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02c5e3ad-5cc3-40b1-a15a-10d53383abe6?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T10:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json b/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json new file mode 100644 index 0000000000000..9a1c8c221619a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vcj6-96x2-26j3", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2026-2653" + ], + "details": "A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. It looks like this product is not really maintained anymore.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2653" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh/issues/65" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh/issues/65#issuecomment-3804571402" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh" + }, + { + "type": "WEB", + "url": "https://github.com/user-attachments/files/24878279/id.000035.sig.06.src.000550.time.910126.execs.241742.op.havoc.rep.5.zip" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346450" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346450" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752596" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json b/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json new file mode 100644 index 0000000000000..a744ef0b04dbf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2w8-j4gc-v26q", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2026-2426" + ], + "details": "The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can lead to remote code execution when critical files like wp-config.php are deleted.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2426" + }, + { + "type": "WEB", + "url": "https://github.com/lesterchan/wp-downloadmanager/commit/d3470a8971d9043438c8aad281cf37d14fefa208" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/tags/1.69/download-manager.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f791dd-7c24-45e3-b4f6-b8d7e594c568?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:32Z" + } +} \ No newline at end of file From 0be8ae264144d278ce4b2506bc750e2337001b9f Mon Sep 17 00:00:00 2001 From: Maksim Moiseikin Date: Wed, 18 Feb 2026 16:14:41 +0100 Subject: [PATCH 086/222] Improve GHSA-xfhx-r7ww-5995 --- .../GHSA-xfhx-r7ww-5995.json | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json b/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json index c5bfb830d442c..2911ab16e66df 100644 --- a/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json +++ b/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-xfhx-r7ww-5995", - "modified": "2026-01-15T20:11:41Z", + "modified": "2026-01-15T20:11:51Z", "published": "2026-01-15T15:31:19Z", "aliases": [ "CVE-2026-0897" @@ -36,6 +36,28 @@ "database_specific": { "last_known_affected_version_range": "<= 3.13.0" } + }, + { + "package": { + "ecosystem": "PyPI", + "name": "keras" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "3.0.0" + }, + { + "fixed": "3.12.1" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 3.12.0" + } } ], "references": [ @@ -47,6 +69,10 @@ "type": "WEB", "url": "https://github.com/keras-team/keras/pull/21880" }, + { + "type": "WEB", + "url": "https://github.com/keras-team/keras/pull/22081" + }, { "type": "WEB", "url": "https://github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6" From 4ef3aa115961db820ee061dc512929b90bd4c052 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 15:26:18 +0000 Subject: [PATCH 087/222] Publish Advisories GHSA-9f29-v6mm-pw6w GHSA-9p44-j4g5-cfx5 --- .../GHSA-9f29-v6mm-pw6w.json | 68 +++++++++++++++++++ .../GHSA-9p44-j4g5-cfx5.json | 65 ++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-9f29-v6mm-pw6w/GHSA-9f29-v6mm-pw6w.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-9p44-j4g5-cfx5/GHSA-9p44-j4g5-cfx5.json diff --git a/advisories/github-reviewed/2026/02/GHSA-9f29-v6mm-pw6w/GHSA-9f29-v6mm-pw6w.json b/advisories/github-reviewed/2026/02/GHSA-9f29-v6mm-pw6w/GHSA-9f29-v6mm-pw6w.json new file mode 100644 index 0000000000000..0808e742888aa --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-9f29-v6mm-pw6w/GHSA-9f29-v6mm-pw6w.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9f29-v6mm-pw6w", + "modified": "2026-02-18T15:25:04Z", + "published": "2026-02-18T15:25:04Z", + "aliases": [ + "CVE-2026-26205" + ], + "summary": "opa-envoy-plugin has a Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path", + "details": "A security vulnerability has been discovered in how the `input.parsed_path` field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes (`//`) as [authority](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2) components, and therefore dropping them from the parsed path. This creates a path interpretation mismatch between authorization policies and backend servers, enabling attackers to bypass access controls by crafting requests where the authorization filter evaluates a different path than the one ultimately served.\n\n#### Attack example\n\n**HTTP request:**\n\n```\nGET //admin/users HTTP/1.1\nHost: example.com\n```\n\n**Policy sees:**\n\nThe leading `//admin` path segment is interpreted as an authority component, and dropped from `input.parsed_path` field:\n\n\n```json\n{\n \"parsed_path\": [\"users\"]\n}\n```\n\n**Backend receives:**\n\n`//admin/users` path, normalized to `/admin/users`.\n\n#### Affected Request Pattern Examples\n\n| Request path | `input.parsed_path` | `input.attributes.request.http.path` | Discrepancy |\n| - | - | - | - |\n| / | [\"\"] | / | ✅ None |\n| //foo | [\"\"] | //foo| ❌ Mismatch |\n| /admin | [\"admin\"] | /admin | ✅ None |\n| /admin/users | [\"admin\", \"users\"] | /admin/users | ✅ None |\n| //admin/users | [\"users\"] | //admin/users | ❌ Mismatch |\n\n### Impact\n\nUsers are impacted if all the following conditions apply:\n\n1. Protected resources are path-hierarchical (e.g., `/admin/users` vs `/users`)\n2. Authorization policies use `input.parsed_path` for path-based decisions\n3. Backend servers apply lenient path normalization\n\n### Patches\n\nGo: `v1.13.2-envoy-2`\nDocker: `1.13.2-envoy-2`, `1.13.2-envoy-2-static`\n\n### Workarounds\n\nUsers who cannot immediately upgrade opa-envoy-plugin are recommended to apply one, or more, of the workarrounds described below.\n\n#### 1. Enable the `merge_slashes` Envoy configuration option\n\nAs per [Envoy best practices](https://www.envoyproxy.io/docs/envoy/v1.37.0/configuration/best_practices/edge.html), enabling the [merge_slashes](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-merge-slashes) configuration option in Envoy will remove redundant slashes from the request path before filtering is applied, effectively mitigating the `input.parsed_path` issue described in this advisory.\n\n\n#### 2. Use `input.attributes.request.http.path` instead of `input.parsed_path` in policies\n\nThe `input.attributes.request.http.path` field contains the unprocessed, raw request path. Users are recommended to update any policy using `input.parsed_path` to instead use the `input.attributes.request.http.path` field.\n\n##### Example ####\n\n```rego\npackage example\n\n# Use instead of input.parsed_path\nparsed_path := split( # tokenize into array\n\ttrim_left( # drop leading slashes\n\t\turlquery.decode(input.attributes.request.http.path), # url-decode the path\n\t\t\"/\",\n\t),\n\t\"/\",\n)\n```", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/open-policy-agent/opa-envoy-plugin" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.13.2-envoy-2" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 1.13.1-envoy" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/open-policy-agent/opa-envoy-plugin/security/advisories/GHSA-9f29-v6mm-pw6w" + }, + { + "type": "WEB", + "url": "https://github.com/open-policy-agent/opa-envoy-plugin/commit/58c44d4ec408d5852d1d0287599e7d5c5e2bc5c3" + }, + { + "type": "PACKAGE", + "url": "https://github.com/open-policy-agent/opa-envoy-plugin" + }, + { + "type": "WEB", + "url": "https://github.com/open-policy-agent/opa-envoy-plugin/releases/tag/v1.13.2-envoy-2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T15:25:04Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-9p44-j4g5-cfx5/GHSA-9p44-j4g5-cfx5.json b/advisories/github-reviewed/2026/02/GHSA-9p44-j4g5-cfx5/GHSA-9p44-j4g5-cfx5.json new file mode 100644 index 0000000000000..7fb49ffd749a1 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-9p44-j4g5-cfx5/GHSA-9p44-j4g5-cfx5.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9p44-j4g5-cfx5", + "modified": "2026-02-18T15:24:43Z", + "published": "2026-02-18T15:24:43Z", + "aliases": [ + "CVE-2026-26189" + ], + "summary": "Trivy Action has a script injection via sourced env file in composite action", + "details": "Command Injection in aquasecurity/trivy-action via Unsanitized Environment Variable Export\n\n\nA command injection vulnerability exists in `aquasecurity/trivy-action` due to improper handling of action inputs when exporting environment variables. The action writes `export VAR=` lines to `trivy_envs.txt` based on user-supplied inputs and subsequently sources this file in `entrypoint.sh`.\n\nBecause input values are written without appropriate shell escaping, attacker-controlled input containing shell metacharacters (e.g., `$(...)`, backticks, or other command substitution syntax) may be evaluated during the sourcing process. This can result in arbitrary command execution within the GitHub Actions runner context.\n\n**Severity:**\n\nModerate\n\nCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N\n\nCWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)\n\n**Impact:**\n\nSuccessful exploitation may lead to arbitrary command execution in the CI runner environment.\n\n\n**Affected Versions:**\n\n* Versions >= 0.31.0 and <= 0.33.1\n* Introduced in commit `7aca5ac`\n\n**Affected Conditions:**\n\nThe vulnerability is exploitable when a consuming workflow passes attacker-controlled data into any action input that is written to `trivy_envs.txt`. Access to user input is required by the malicious actor.\n\nA representative exploitation pattern involves incorporating untrusted pull request metadata into an action parameter. For example:\n\n```yaml\n- uses: aquasecurity/trivy-action@0.33.1\n with:\n output: \"trivy-${{ github.event.pull_request.title }}.sarif\"\n```\n\nIf the pull request title contains shell syntax, it may be executed when the generated environment file is sourced.\n\n**Not Affected:**\n\n* Workflows that do not pass attacker-controlled data into `trivy-action` inputs\n* Workflows that upgrade to a patched version that properly escapes shell values or eliminates the `source ./trivy_envs.txt` pattern\n* Workflows where user input is not accessible.\n\n**Call Sites:**\n\n* `action.yaml:188` — `set_env_var_if_provided` writes unescaped `export` lines\n* `entrypoint.sh:9` — sources `./trivy_envs.txt`", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "GitHub Actions", + "name": "aquasecurity/trivy-action" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.31.0" + }, + { + "fixed": "0.34.0" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-9p44-j4g5-cfx5" + }, + { + "type": "WEB", + "url": "https://github.com/aquasecurity/trivy-action/commit/7aca5acc9500b463826cc47a47a65ad7d404b045" + }, + { + "type": "WEB", + "url": "https://github.com/aquasecurity/trivy-action/commit/bc61dc55704e2d5704760f3cdab0d09acf16e4ca" + }, + { + "type": "PACKAGE", + "url": "https://github.com/aquasecurity/trivy-action" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T15:24:43Z", + "nvd_published_at": null + } +} \ No newline at end of file From 0a0ba0fbbcef82bb8162806cb464536c5fcecc15 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 15:33:14 +0000 Subject: [PATCH 088/222] Advisory Database Sync --- .../GHSA-65c5-j3wr-v7fh.json | 6 +- .../GHSA-8jj6-9qc9-r5x4.json | 3 +- .../GHSA-25w3-5rm9-v4wm.json | 40 +++++++++++++ .../GHSA-2cpx-h862-rqm6.json | 40 +++++++++++++ .../GHSA-3crm-x896-j73p.json | 36 +++++++++++ .../GHSA-47m2-7g75-xvrp.json | 36 +++++++++++ .../GHSA-49xw-73mm-8fw9.json | 36 +++++++++++ .../GHSA-4m8q-p6h8-x2wj.json | 4 +- .../GHSA-54p7-3rpx-pjfc.json | 48 +++++++++++++++ .../GHSA-568p-hhxc-vvx8.json | 15 +++-- .../GHSA-5fc6-h8m7-2wfc.json | 4 +- .../GHSA-5g82-gg27-r8vp.json | 15 +++-- .../GHSA-5hp8-hwcv-h225.json | 36 +++++++++++ .../GHSA-5rm9-pcp8-m6v8.json | 40 +++++++++++++ .../GHSA-6jg9-x4w8-gj7j.json | 4 +- .../GHSA-6qr6-c44j-c793.json | 60 +++++++++++++++++++ .../GHSA-74jq-6q38-p5wf.json | 4 +- .../GHSA-77vx-jc7r-586m.json | 37 ++++++++++++ .../GHSA-787p-86v4-hhfg.json | 33 ++++++++++ .../GHSA-78p6-wh6m-9r9w.json | 36 +++++++++++ .../GHSA-7jfh-hm8h-m5rq.json | 4 +- .../GHSA-85h6-5m3v-gx37.json | 29 +++++++++ .../GHSA-87ff-rq35-47jj.json | 36 +++++++++++ .../GHSA-8rh3-rvv2-3mr4.json | 4 +- .../GHSA-933h-c422-j33j.json | 40 +++++++++++++ .../GHSA-9379-mwvr-7wxx.json | 40 +++++++++++++ .../GHSA-964f-vc2f-ch6j.json | 15 +++-- .../GHSA-c5gg-v573-hv7f.json | 33 ++++++++++ .../GHSA-cf26-rj67-f4wr.json | 36 +++++++++++ .../GHSA-cw7v-qx8m-563q.json | 36 +++++++++++ .../GHSA-f7cx-4c4g-9g59.json | 36 +++++++++++ .../GHSA-f86v-54pm-58q4.json | 40 +++++++++++++ .../GHSA-ff7j-jwgr-hgxp.json | 36 +++++++++++ .../GHSA-fjxh-qxr5-g7j4.json | 45 ++++++++++++++ .../GHSA-fqmg-pv5x-v55p.json | 40 +++++++++++++ .../GHSA-g5pw-hppv-79r6.json | 37 ++++++++++++ .../GHSA-gcr4-23wm-438x.json | 40 +++++++++++++ .../GHSA-ghfm-hghj-9j75.json | 15 +++-- .../GHSA-h85r-3jrw-9546.json | 37 ++++++++++++ .../GHSA-hr8m-gc74-4f7w.json | 4 +- .../GHSA-hr98-gm7c-926r.json | 37 ++++++++++++ .../GHSA-hvjw-vp7g-39h5.json | 40 +++++++++++++ .../GHSA-j9p7-7ww6-3mjx.json | 40 +++++++++++++ .../GHSA-jfq5-qg8x-7rmp.json | 53 ++++++++++++++++ .../GHSA-jxgv-6j54-wwc7.json | 56 +++++++++++++++++ .../GHSA-m8v3-m8mg-rrc7.json | 33 ++++++++++ .../GHSA-mx8g-qc6m-wcmf.json | 33 ++++++++++ .../GHSA-p4q3-g549-vvfc.json | 44 ++++++++++++++ .../GHSA-pc38-57g8-39gg.json | 15 +++-- .../GHSA-phqg-p332-q7vc.json | 45 ++++++++++++++ .../GHSA-q543-x74m-r8q9.json | 4 +- .../GHSA-qq2v-q6qr-p5vx.json | 40 +++++++++++++ .../GHSA-qq7g-427f-cm2r.json | 56 +++++++++++++++++ .../GHSA-r264-whc7-wwfw.json | 33 ++++++++++ .../GHSA-r4m3-cm43-fxrj.json | 48 +++++++++++++++ .../GHSA-r77x-pqm4-6252.json | 36 +++++++++++ .../GHSA-rgjw-pqcr-56gf.json | 36 +++++++++++ .../GHSA-rjm5-gmfm-6cp4.json | 60 +++++++++++++++++++ .../GHSA-rv75-v2gv-p54c.json | 40 +++++++++++++ .../GHSA-rvhp-mghq-8mvw.json | 15 +++-- .../GHSA-vfmw-4jmp-wmrw.json | 36 +++++++++++ .../GHSA-vqcj-rgfw-jjcq.json | 37 ++++++++++++ .../GHSA-vw84-mx3m-hw5p.json | 48 +++++++++++++++ .../GHSA-vwcq-x7gx-g26f.json | 36 +++++++++++ .../GHSA-wfhp-qgm8-5p5c.json | 29 +++++++++ .../GHSA-whmh-gx62-v47m.json | 36 +++++++++++ .../GHSA-wq2g-h2h9-v8x3.json | 36 +++++++++++ .../GHSA-wvvh-pcq5-hc6f.json | 40 +++++++++++++ .../GHSA-ww2j-3p54-3m69.json | 44 ++++++++++++++ .../GHSA-x536-g6fc-g963.json | 36 +++++++++++ 70 files changed, 2244 insertions(+), 34 deletions(-) create mode 100644 advisories/unreviewed/2026/02/GHSA-25w3-5rm9-v4wm/GHSA-25w3-5rm9-v4wm.json create mode 100644 advisories/unreviewed/2026/02/GHSA-2cpx-h862-rqm6/GHSA-2cpx-h862-rqm6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-54p7-3rpx-pjfc/GHSA-54p7-3rpx-pjfc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5rm9-pcp8-m6v8/GHSA-5rm9-pcp8-m6v8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-6qr6-c44j-c793/GHSA-6qr6-c44j-c793.json create mode 100644 advisories/unreviewed/2026/02/GHSA-77vx-jc7r-586m/GHSA-77vx-jc7r-586m.json create mode 100644 advisories/unreviewed/2026/02/GHSA-787p-86v4-hhfg/GHSA-787p-86v4-hhfg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-78p6-wh6m-9r9w/GHSA-78p6-wh6m-9r9w.json create mode 100644 advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json create mode 100644 advisories/unreviewed/2026/02/GHSA-87ff-rq35-47jj/GHSA-87ff-rq35-47jj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-933h-c422-j33j/GHSA-933h-c422-j33j.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9379-mwvr-7wxx/GHSA-9379-mwvr-7wxx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-c5gg-v573-hv7f/GHSA-c5gg-v573-hv7f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json create mode 100644 advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json create mode 100644 advisories/unreviewed/2026/02/GHSA-f86v-54pm-58q4/GHSA-f86v-54pm-58q4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fjxh-qxr5-g7j4/GHSA-fjxh-qxr5-g7j4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fqmg-pv5x-v55p/GHSA-fqmg-pv5x-v55p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g5pw-hppv-79r6/GHSA-g5pw-hppv-79r6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gcr4-23wm-438x/GHSA-gcr4-23wm-438x.json create mode 100644 advisories/unreviewed/2026/02/GHSA-h85r-3jrw-9546/GHSA-h85r-3jrw-9546.json create mode 100644 advisories/unreviewed/2026/02/GHSA-hr98-gm7c-926r/GHSA-hr98-gm7c-926r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-hvjw-vp7g-39h5/GHSA-hvjw-vp7g-39h5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-j9p7-7ww6-3mjx/GHSA-j9p7-7ww6-3mjx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jfq5-qg8x-7rmp/GHSA-jfq5-qg8x-7rmp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jxgv-6j54-wwc7/GHSA-jxgv-6j54-wwc7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-m8v3-m8mg-rrc7/GHSA-m8v3-m8mg-rrc7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mx8g-qc6m-wcmf/GHSA-mx8g-qc6m-wcmf.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p4q3-g549-vvfc/GHSA-p4q3-g549-vvfc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json create mode 100644 advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json create mode 100644 advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json diff --git a/advisories/unreviewed/2025/12/GHSA-65c5-j3wr-v7fh/GHSA-65c5-j3wr-v7fh.json b/advisories/unreviewed/2025/12/GHSA-65c5-j3wr-v7fh/GHSA-65c5-j3wr-v7fh.json index 01cd958178615..2238032141356 100644 --- a/advisories/unreviewed/2025/12/GHSA-65c5-j3wr-v7fh/GHSA-65c5-j3wr-v7fh.json +++ b/advisories/unreviewed/2025/12/GHSA-65c5-j3wr-v7fh/GHSA-65c5-j3wr-v7fh.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-65c5-j3wr-v7fh", - "modified": "2025-12-15T12:30:27Z", + "modified": "2026-02-18T15:31:23Z", "published": "2025-12-15T12:30:27Z", "aliases": [ "CVE-2025-14714" ], "details": "An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle\n\n\n\n\nBy executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges\n\n\n\n\nIn fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions\n\nThis issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/01/GHSA-8jj6-9qc9-r5x4/GHSA-8jj6-9qc9-r5x4.json b/advisories/unreviewed/2026/01/GHSA-8jj6-9qc9-r5x4/GHSA-8jj6-9qc9-r5x4.json index 903dee9e88dfb..0504fcb51c51b 100644 --- a/advisories/unreviewed/2026/01/GHSA-8jj6-9qc9-r5x4/GHSA-8jj6-9qc9-r5x4.json +++ b/advisories/unreviewed/2026/01/GHSA-8jj6-9qc9-r5x4/GHSA-8jj6-9qc9-r5x4.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-120" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-25w3-5rm9-v4wm/GHSA-25w3-5rm9-v4wm.json b/advisories/unreviewed/2026/02/GHSA-25w3-5rm9-v4wm/GHSA-25w3-5rm9-v4wm.json new file mode 100644 index 0000000000000..2addfc455c227 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-25w3-5rm9-v4wm/GHSA-25w3-5rm9-v4wm.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-25w3-5rm9-v4wm", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33246" + ], + "details": "NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33246" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33246" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-2cpx-h862-rqm6/GHSA-2cpx-h862-rqm6.json b/advisories/unreviewed/2026/02/GHSA-2cpx-h862-rqm6/GHSA-2cpx-h862-rqm6.json new file mode 100644 index 0000000000000..a1c64fdff3b74 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2cpx-h862-rqm6/GHSA-2cpx-h862-rqm6.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2cpx-h862-rqm6", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33243" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33243" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33243" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json b/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json new file mode 100644 index 0000000000000..f16f154739d21 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3crm-x896-j73p", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1435" + ], + "details": "Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers, which remain valid even after multiple consecutive logins by the same user. As a result, a stolen or leaked 'sessionId' can continue to be used to authenticate valid requests. Exploiting this vulnerability would allow an attacker with access to the web service/API network (port 9000 or HTTP/S endpoint of the server) to reuse an old session token to gain unauthorized access to the application, interact with the API/web, and compromise the integrity of the affected account.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1435" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-613" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json b/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json new file mode 100644 index 0000000000000..92410cc1fc832 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-47m2-7g75-xvrp", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1440" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/pipelines/' endpoint.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1440" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json b/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json new file mode 100644 index 0000000000000..3e7b6867826cb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-49xw-73mm-8fw9", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1439" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/\n\nalerts\n\n/' endpoint.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1439" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json b/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json index 406dcef173473..bd3247190334c 100644 --- a/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json +++ b/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json @@ -41,7 +41,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-119" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-54p7-3rpx-pjfc/GHSA-54p7-3rpx-pjfc.json b/advisories/unreviewed/2026/02/GHSA-54p7-3rpx-pjfc/GHSA-54p7-3rpx-pjfc.json new file mode 100644 index 0000000000000..ad028655b3deb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-54p7-3rpx-pjfc/GHSA-54p7-3rpx-pjfc.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-54p7-3rpx-pjfc", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2026-1317" + ], + "details": "The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the `file_name` parameter which is stored in the database during file upload and later used in raw SQL queries without proper sanitization. This makes it possible for authenticated attackers with Subscriber-level access or higher to append additional SQL queries into already existing queries via a malicious filename, which can be used to extract sensitive information from the database. The vulnerability can only be exploited when the 'Single Import/Export' option is enabled, and the server is running a PHP version < 8.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1317" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.34/managerExtensions/LogManager.php#L763" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.34/uploadModules/UrlUpload.php#L181" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3445414" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd80133d-03c7-4ecb-ad2c-98950f788ca6?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json b/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json index 85d2b669e2761..38232cd095362 100644 --- a/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json +++ b/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-568p-hhxc-vvx8", - "modified": "2026-02-18T06:30:19Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-18T06:30:19Z", "aliases": [ "CVE-2026-1368" ], "details": "The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-287" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T06:16:34Z" diff --git a/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json b/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json index 8b64705509c5c..3fe6391c73d04 100644 --- a/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json +++ b/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-5g82-gg27-r8vp/GHSA-5g82-gg27-r8vp.json b/advisories/unreviewed/2026/02/GHSA-5g82-gg27-r8vp/GHSA-5g82-gg27-r8vp.json index d65089f4f0cde..97ce98067f1f6 100644 --- a/advisories/unreviewed/2026/02/GHSA-5g82-gg27-r8vp/GHSA-5g82-gg27-r8vp.json +++ b/advisories/unreviewed/2026/02/GHSA-5g82-gg27-r8vp/GHSA-5g82-gg27-r8vp.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-5g82-gg27-r8vp", - "modified": "2026-02-16T18:31:28Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-16T18:31:28Z", "aliases": [ "CVE-2025-65715" ], "details": "An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-16T16:19:17Z" diff --git a/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json b/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json new file mode 100644 index 0000000000000..57e5554fcf326 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5hp8-hwcv-h225", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1437" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/system/authentication/users/edit/' endpoint.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1437" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5rm9-pcp8-m6v8/GHSA-5rm9-pcp8-m6v8.json b/advisories/unreviewed/2026/02/GHSA-5rm9-pcp8-m6v8/GHSA-5rm9-pcp8-m6v8.json new file mode 100644 index 0000000000000..3a2b3697d87e9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5rm9-pcp8-m6v8/GHSA-5rm9-pcp8-m6v8.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5rm9-pcp8-m6v8", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33240" + ], + "details": "NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33240" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5781" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33240" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6jg9-x4w8-gj7j/GHSA-6jg9-x4w8-gj7j.json b/advisories/unreviewed/2026/02/GHSA-6jg9-x4w8-gj7j/GHSA-6jg9-x4w8-gj7j.json index 0554f3c56725a..08b97d1d07780 100644 --- a/advisories/unreviewed/2026/02/GHSA-6jg9-x4w8-gj7j/GHSA-6jg9-x4w8-gj7j.json +++ b/advisories/unreviewed/2026/02/GHSA-6jg9-x4w8-gj7j/GHSA-6jg9-x4w8-gj7j.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-284" + ], "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-6qr6-c44j-c793/GHSA-6qr6-c44j-c793.json b/advisories/unreviewed/2026/02/GHSA-6qr6-c44j-c793/GHSA-6qr6-c44j-c793.json new file mode 100644 index 0000000000000..32324aa90966f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-6qr6-c44j-c793/GHSA-6qr6-c44j-c793.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6qr6-c44j-c793", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-2655" + ], + "details": "A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2655" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/632" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/632#issue-3827824936" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346453" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346453" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752788" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json index 6e844f0378d15..7b0a56750956f 100644 --- a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json +++ b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-288" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-77vx-jc7r-586m/GHSA-77vx-jc7r-586m.json b/advisories/unreviewed/2026/02/GHSA-77vx-jc7r-586m/GHSA-77vx-jc7r-586m.json new file mode 100644 index 0000000000000..a620971e97821 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-77vx-jc7r-586m/GHSA-77vx-jc7r-586m.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-77vx-jc7r-586m", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23219" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single\n\nWhen CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled, the following warning\nmay be noticed:\n\n[ 3959.023862] ------------[ cut here ]------------\n[ 3959.023891] alloc_tag was not cleared (got tag for lib/xarray.c:378)\n[ 3959.023947] WARNING: ./include/linux/alloc_tag.h:155 at alloc_tag_add+0x128/0x178, CPU#6: mkfs.ntfs/113998\n[ 3959.023978] Modules linked in: dns_resolver tun brd overlay exfat btrfs blake2b libblake2b xor xor_neon raid6_pq loop sctp ip6_udp_tunnel udp_tunnel ext4 crc16 mbcache jbd2 rfkill sunrpc vfat fat sg fuse nfnetlink sr_mod virtio_gpu cdrom drm_client_lib virtio_dma_buf drm_shmem_helper drm_kms_helper ghash_ce drm sm4 backlight virtio_net net_failover virtio_scsi failover virtio_console virtio_blk virtio_mmio dm_mirror dm_region_hash dm_log dm_multipath dm_mod i2c_dev aes_neon_bs aes_ce_blk [last unloaded: hwpoison_inject]\n[ 3959.024170] CPU: 6 UID: 0 PID: 113998 Comm: mkfs.ntfs Kdump: loaded Tainted: G W 6.19.0-rc7+ #7 PREEMPT(voluntary)\n[ 3959.024182] Tainted: [W]=WARN\n[ 3959.024186] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n[ 3959.024192] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 3959.024199] pc : alloc_tag_add+0x128/0x178\n[ 3959.024207] lr : alloc_tag_add+0x128/0x178\n[ 3959.024214] sp : ffff80008b696d60\n[ 3959.024219] x29: ffff80008b696d60 x28: 0000000000000000 x27: 0000000000000240\n[ 3959.024232] x26: 0000000000000000 x25: 0000000000000240 x24: ffff800085d17860\n[ 3959.024245] x23: 0000000000402800 x22: ffff0000c0012dc0 x21: 00000000000002d0\n[ 3959.024257] x20: ffff0000e6ef3318 x19: ffff800085ae0410 x18: 0000000000000000\n[ 3959.024269] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 3959.024281] x14: 0000000000000000 x13: 0000000000000001 x12: ffff600064101293\n[ 3959.024292] x11: 1fffe00064101292 x10: ffff600064101292 x9 : dfff800000000000\n[ 3959.024305] x8 : 00009fff9befed6e x7 : ffff000320809493 x6 : 0000000000000001\n[ 3959.024316] x5 : ffff000320809490 x4 : ffff600064101293 x3 : ffff800080691838\n[ 3959.024328] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000d5bcd640\n[ 3959.024340] Call trace:\n[ 3959.024346] alloc_tag_add+0x128/0x178 (P)\n[ 3959.024355] __alloc_tagging_slab_alloc_hook+0x11c/0x1a8\n[ 3959.024362] kmem_cache_alloc_lru_noprof+0x1b8/0x5e8\n[ 3959.024369] xas_alloc+0x304/0x4f0\n[ 3959.024381] xas_create+0x1e0/0x4a0\n[ 3959.024388] xas_store+0x68/0xda8\n[ 3959.024395] __filemap_add_folio+0x5b0/0xbd8\n[ 3959.024409] filemap_add_folio+0x16c/0x7e0\n[ 3959.024416] __filemap_get_folio_mpol+0x2dc/0x9e8\n[ 3959.024424] iomap_get_folio+0xfc/0x180\n[ 3959.024435] __iomap_get_folio+0x2f8/0x4b8\n[ 3959.024441] iomap_write_begin+0x198/0xc18\n[ 3959.024448] iomap_write_iter+0x2ec/0x8f8\n[ 3959.024454] iomap_file_buffered_write+0x19c/0x290\n[ 3959.024461] blkdev_write_iter+0x38c/0x978\n[ 3959.024470] vfs_write+0x4d4/0x928\n[ 3959.024482] ksys_write+0xfc/0x1f8\n[ 3959.024489] __arm64_sys_write+0x74/0xb0\n[ 3959.024496] invoke_syscall+0xd4/0x258\n[ 3959.024507] el0_svc_common.constprop.0+0xb4/0x240\n[ 3959.024514] do_el0_svc+0x48/0x68\n[ 3959.024520] el0_svc+0x40/0xf8\n[ 3959.024526] el0t_64_sync_handler+0xa0/0xe8\n[ 3959.024533] el0t_64_sync+0x1ac/0x1b0\n[ 3959.024540] ---[ end trace 0000000000000000 ]---\n\nWhen __memcg_slab_post_alloc_hook() fails, there are two different\nfree paths depending on whether size == 1 or size != 1. In the\nkmem_cache_free_bulk() path, we do call alloc_tagging_slab_free_hook().\nHowever, in memcg_alloc_abort_single() we don't, the above warning will be\ntriggered on the next allocation.\n\nTherefore, add alloc_tagging_slab_free_hook() to the\nmemcg_alloc_abort_single() path.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23219" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b8bc72587c79fe52c14732e16a766b6eded00707" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e6c53ead2d8fa73206e0a63e9cd9aea6bc929837" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e8af57e090790983591f6927b3d89ee6383f8c1e" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-787p-86v4-hhfg/GHSA-787p-86v4-hhfg.json b/advisories/unreviewed/2026/02/GHSA-787p-86v4-hhfg/GHSA-787p-86v4-hhfg.json new file mode 100644 index 0000000000000..521a2d425dac0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-787p-86v4-hhfg/GHSA-787p-86v4-hhfg.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-787p-86v4-hhfg", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23217" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: trace: fix snapshot deadlock with sbi ecall\n\nIf sbi_ecall.c's functions are traceable,\n\necho \"__sbi_ecall:snapshot\" > /sys/kernel/tracing/set_ftrace_filter\n\nmay get the kernel into a deadlock.\n\n(Functions in sbi_ecall.c are excluded from tracing if\nCONFIG_RISCV_ALTERNATIVE_EARLY is set.)\n\n__sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code\nraises an IPI interrupt, which results in another call to __sbi_ecall\nand another snapshot...\n\nAll it takes to get into this endless loop is one initial __sbi_ecall.\nOn RISC-V systems without SSTC extension, the clock events in\ntimer-riscv.c issue periodic sbi ecalls, making the problem easy to\ntrigger.\n\nAlways exclude the sbi_ecall.c functions from tracing to fix the\npotential deadlock.\n\nsbi ecalls can easiliy be logged via trace events, excluding ecall\nfunctions from function tracing is not a big limitation.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23217" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b1f8285bc8e3508c1fde23b5205f1270215d4984" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-78p6-wh6m-9r9w/GHSA-78p6-wh6m-9r9w.json b/advisories/unreviewed/2026/02/GHSA-78p6-wh6m-9r9w/GHSA-78p6-wh6m-9r9w.json new file mode 100644 index 0000000000000..d00d13a95da0a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-78p6-wh6m-9r9w/GHSA-78p6-wh6m-9r9w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-78p6-wh6m-9r9w", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60036" + ], + "details": "A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60036" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json b/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json index 0e2e6f0b944ba..d9fc222a6c232 100644 --- a/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json +++ b/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-269" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json b/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json new file mode 100644 index 0000000000000..977856997d094 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-85h6-5m3v-gx37", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-27099" + ], + "details": "Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the \"Mark temporarily offline\" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27099" + }, + { + "type": "WEB", + "url": "https://www.jenkins.io/security/advisory/2026-02-18/#SECURITY-3669" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-87ff-rq35-47jj/GHSA-87ff-rq35-47jj.json b/advisories/unreviewed/2026/02/GHSA-87ff-rq35-47jj/GHSA-87ff-rq35-47jj.json new file mode 100644 index 0000000000000..b8362687aacc6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-87ff-rq35-47jj/GHSA-87ff-rq35-47jj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-87ff-rq35-47jj", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-7630" + ], + "details": "Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.This issue affects Wispotter: from 1.0 before v2025.10.08.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7630" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0070" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json b/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json index c94330561f16b..77e61c9efb6e4 100644 --- a/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json +++ b/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-288" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-933h-c422-j33j/GHSA-933h-c422-j33j.json b/advisories/unreviewed/2026/02/GHSA-933h-c422-j33j/GHSA-933h-c422-j33j.json new file mode 100644 index 0000000000000..aa88979e8a389 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-933h-c422-j33j/GHSA-933h-c422-j33j.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-933h-c422-j33j", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33241" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33241" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33241" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9379-mwvr-7wxx/GHSA-9379-mwvr-7wxx.json b/advisories/unreviewed/2026/02/GHSA-9379-mwvr-7wxx/GHSA-9379-mwvr-7wxx.json new file mode 100644 index 0000000000000..6ec1cf8e8ebf9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9379-mwvr-7wxx/GHSA-9379-mwvr-7wxx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9379-mwvr-7wxx", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33245" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33245" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33245" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-964f-vc2f-ch6j/GHSA-964f-vc2f-ch6j.json b/advisories/unreviewed/2026/02/GHSA-964f-vc2f-ch6j/GHSA-964f-vc2f-ch6j.json index d6e16c284b1e6..aebddea98a329 100644 --- a/advisories/unreviewed/2026/02/GHSA-964f-vc2f-ch6j/GHSA-964f-vc2f-ch6j.json +++ b/advisories/unreviewed/2026/02/GHSA-964f-vc2f-ch6j/GHSA-964f-vc2f-ch6j.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-964f-vc2f-ch6j", - "modified": "2026-02-14T00:32:42Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-14T00:32:42Z", "aliases": [ "CVE-2025-70955" ], "details": "A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -32,8 +37,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-674" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-13T22:16:10Z" diff --git a/advisories/unreviewed/2026/02/GHSA-c5gg-v573-hv7f/GHSA-c5gg-v573-hv7f.json b/advisories/unreviewed/2026/02/GHSA-c5gg-v573-hv7f/GHSA-c5gg-v573-hv7f.json new file mode 100644 index 0000000000000..b00448ac4ffec --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-c5gg-v573-hv7f/GHSA-c5gg-v573-hv7f.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c5gg-v573-hv7f", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-71227" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don't WARN for connections on invalid channels\n\nIt's not clear (to me) how exactly syzbot managed to hit this,\nbut it seems conceivable that e.g. regulatory changed and has\ndisabled a channel between scanning (channel is checked to be\nusable by cfg80211_get_ies_channel_number) and connecting on\nthe channel later.\n\nWith one scenario that isn't covered elsewhere described above,\nthe warning isn't good, replace it with a (more informative)\nerror message.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71227" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/10d3ff7e5812c8d70300f6fa8f524009a06aa7e1" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/99067b58a408a384d2a45c105eb3dce980a862ce" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json b/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json new file mode 100644 index 0000000000000..2120594c9543c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cf26-rj67-f4wr", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1441" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/index_sets/' endpoint.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1441" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json b/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json new file mode 100644 index 0000000000000..4721f7998d570 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cw7v-qx8m-563q", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1438" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/nodes/' endpoint.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1438" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json b/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json new file mode 100644 index 0000000000000..19cf6653aedee --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f7cx-4c4g-9g59", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-61982" + ], + "details": "An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61982" + }, + { + "type": "WEB", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2292" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:39Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-f86v-54pm-58q4/GHSA-f86v-54pm-58q4.json b/advisories/unreviewed/2026/02/GHSA-f86v-54pm-58q4/GHSA-f86v-54pm-58q4.json new file mode 100644 index 0000000000000..2606d106a8a7d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-f86v-54pm-58q4/GHSA-f86v-54pm-58q4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f86v-54pm-58q4", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33236" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33236" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33236" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json b/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json new file mode 100644 index 0000000000000..36804edf5a62e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ff7j-jwgr-hgxp", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1436" + ], + "details": "Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names, email addresses, internal identifiers, and last activity. The endpoint 'http://:12900/users/' does not implement object-level authorization validations.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1436" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fjxh-qxr5-g7j4/GHSA-fjxh-qxr5-g7j4.json b/advisories/unreviewed/2026/02/GHSA-fjxh-qxr5-g7j4/GHSA-fjxh-qxr5-g7j4.json new file mode 100644 index 0000000000000..f45ebc2defe70 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fjxh-qxr5-g7j4/GHSA-fjxh-qxr5-g7j4.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fjxh-qxr5-g7j4", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-71228" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED\n\nFor 32BIT platform _PAGE_PROTNONE is 0, so set a VMA to be VM_NONE or\nVM_SHARED will make pages non-present, then cause Oops with kernel page\nfault.\n\nFix it by set correct protection_map[] for VM_NONE/VM_SHARED, replacing\n_PAGE_PROTNONE with _PAGE_PRESENT.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71228" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/046303283d02c9732a778ccdeea433a899c78cbd" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/380d7c1af4bd3e797692f5410ab374a98e766cd4" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5fbdf95d2575ec53fd4a5c18e789b4d54a0281fe" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9531210f348aa78e260a9e5b0d1a6f7e7aa329e6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d5be446948b379f1d1a8e7bc6656d13f44c5c7b1" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fqmg-pv5x-v55p/GHSA-fqmg-pv5x-v55p.json b/advisories/unreviewed/2026/02/GHSA-fqmg-pv5x-v55p/GHSA-fqmg-pv5x-v55p.json new file mode 100644 index 0000000000000..8b8da0f7c4111 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fqmg-pv5x-v55p/GHSA-fqmg-pv5x-v55p.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fqmg-pv5x-v55p", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33252" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33252" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33252" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g5pw-hppv-79r6/GHSA-g5pw-hppv-79r6.json b/advisories/unreviewed/2026/02/GHSA-g5pw-hppv-79r6/GHSA-g5pw-hppv-79r6.json new file mode 100644 index 0000000000000..36922284a047a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g5pw-hppv-79r6/GHSA-g5pw-hppv-79r6.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g5pw-hppv-79r6", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23215" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmware: Fix hypercall clobbers\n\nFedora QA reported the following panic:\n\n BUG: unable to handle page fault for address: 0000000040003e54\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20251119-3.fc43 11/19/2025\n RIP: 0010:vmware_hypercall4.constprop.0+0x52/0x90\n ..\n Call Trace:\n vmmouse_report_events+0x13e/0x1b0\n psmouse_handle_byte+0x15/0x60\n ps2_interrupt+0x8a/0xd0\n ...\n\nbecause the QEMU VMware mouse emulation is buggy, and clears the top 32\nbits of %rdi that the kernel kept a pointer in.\n\nThe QEMU vmmouse driver saves and restores the register state in a\n\"uint32_t data[6];\" and as a result restores the state with the high\nbits all cleared.\n\nRDI originally contained the value of a valid kernel stack address\n(0xff5eeb3240003e54). After the vmware hypercall it now contains\n0x40003e54, and we get a page fault as a result when it is dereferenced.\n\nThe proper fix would be in QEMU, but this works around the issue in the\nkernel to keep old setups working, when old kernels had not happened to\nkeep any state in %rdi over the hypercall.\n\nIn theory this same issue exists for all the hypercalls in the vmmouse\ndriver; in practice it has only been seen with vmware_hypercall3() and\nvmware_hypercall4(). For now, just mark RDI/RSI as clobbered for those\ntwo calls. This should have a minimal effect on code generation overall\nas it should be rare for the compiler to want to make RDI/RSI live\nacross hypercalls.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23215" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2687c848e57820651b9f69d30c4710f4219f7dbf" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2f467a92df61eb516a4ec36ee16234dd4e5ccf00" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/feb603a69f830acb58f78d604f0c29e63cd38f87" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gcr4-23wm-438x/GHSA-gcr4-23wm-438x.json b/advisories/unreviewed/2026/02/GHSA-gcr4-23wm-438x/GHSA-gcr4-23wm-438x.json new file mode 100644 index 0000000000000..fb67f20527cec --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gcr4-23wm-438x/GHSA-gcr4-23wm-438x.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gcr4-23wm-438x", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2026-2386" + ], + "details": "The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 6.4.7. This is due to the tpae_create_page() AJAX handler authorizing users only with current_user_can('edit_posts') while accepting a user-controlled 'post_type' value passed directly to wp_insert_post() without post-type-specific capability checks. This makes it possible for authenticated attackers, with Author-level access and above, to create arbitrary draft posts for restricted post types (e.g., 'page' and 'nxt_builder') via the 'post_type' parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2386" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3463156/the-plus-addons-for-elementor-page-builder" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4fc3e24a-8b51-4b6f-bacf-665ceb03bc05?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ghfm-hghj-9j75/GHSA-ghfm-hghj-9j75.json b/advisories/unreviewed/2026/02/GHSA-ghfm-hghj-9j75/GHSA-ghfm-hghj-9j75.json index 2f46e7efbfcc7..6afefb367e23a 100644 --- a/advisories/unreviewed/2026/02/GHSA-ghfm-hghj-9j75/GHSA-ghfm-hghj-9j75.json +++ b/advisories/unreviewed/2026/02/GHSA-ghfm-hghj-9j75/GHSA-ghfm-hghj-9j75.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-ghfm-hghj-9j75", - "modified": "2026-02-12T18:30:24Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-12T18:30:24Z", "aliases": [ "CVE-2025-69806" ], "details": "p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-125" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-12T18:16:08Z" diff --git a/advisories/unreviewed/2026/02/GHSA-h85r-3jrw-9546/GHSA-h85r-3jrw-9546.json b/advisories/unreviewed/2026/02/GHSA-h85r-3jrw-9546/GHSA-h85r-3jrw-9546.json new file mode 100644 index 0000000000000..a8f98507e8d9f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-h85r-3jrw-9546/GHSA-h85r-3jrw-9546.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h85r-3jrw-9546", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23213" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Disable MMIO access during SMU Mode 1 reset\n\nDuring Mode 1 reset, the ASIC undergoes a reset cycle and becomes\ntemporarily inaccessible via PCIe. Any attempt to access MMIO registers\nduring this window (e.g., from interrupt handlers or other driver threads)\ncan result in uncompleted PCIe transactions, leading to NMI panics or\nsystem hangs.\n\nTo prevent this, set the `no_hw_access` flag to true immediately after\ntriggering the reset. This signals other driver components to skip\nregister accesses while the device is offline.\n\nA memory barrier `smp_mb()` is added to ensure the flag update is\nglobally visible to all cores before the driver enters the sleep/wait\nstate.\n\n(cherry picked from commit 7edb503fe4b6d67f47d8bb0dfafb8e699bb0f8a4)", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23213" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0de604d0357d0d22cbf03af1077d174b641707b6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c1853ebbec980d5c05d431bfd6ded73b1363fd00" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/cd7ff7fd3e4b77f0b5a292e0926532eaa07c5162" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hr8m-gc74-4f7w/GHSA-hr8m-gc74-4f7w.json b/advisories/unreviewed/2026/02/GHSA-hr8m-gc74-4f7w/GHSA-hr8m-gc74-4f7w.json index a8930d6998337..c464106558174 100644 --- a/advisories/unreviewed/2026/02/GHSA-hr8m-gc74-4f7w/GHSA-hr8m-gc74-4f7w.json +++ b/advisories/unreviewed/2026/02/GHSA-hr8m-gc74-4f7w/GHSA-hr8m-gc74-4f7w.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-284" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-hr98-gm7c-926r/GHSA-hr98-gm7c-926r.json b/advisories/unreviewed/2026/02/GHSA-hr98-gm7c-926r/GHSA-hr98-gm7c-926r.json new file mode 100644 index 0000000000000..2ed94c898f5de --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-hr98-gm7c-926r/GHSA-hr98-gm7c-926r.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hr98-gm7c-926r", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-71225" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: suspend array while updating raid_disks via sysfs\n\nIn raid1_reshape(), freeze_array() is called before modifying the r1bio\nmemory pool (conf->r1bio_pool) and conf->raid_disks, and\nunfreeze_array() is called after the update is completed.\n\nHowever, freeze_array() only waits until nr_sync_pending and\n(nr_pending - nr_queued) of all buckets reaches zero. When an I/O error\noccurs, nr_queued is increased and the corresponding r1bio is queued to\neither retry_list or bio_end_io_list. As a result, freeze_array() may\nunblock before these r1bios are released.\n\nThis can lead to a situation where conf->raid_disks and the mempool have\nalready been updated while queued r1bios, allocated with the old\nraid_disks value, are later released. Consequently, free_r1bio() may\naccess memory out of bounds in put_all_bios() and release r1bios of the\nwrong size to the new mempool, potentially causing issues with the\nmempool as well.\n\nSince only normal I/O might increase nr_queued while an I/O error occurs,\nsuspending the array avoids this issue.\n\nNote: Updating raid_disks via ioctl SET_ARRAY_INFO already suspends\nthe array. Therefore, we suspend the array when updating raid_disks\nvia sysfs to avoid this issue too.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71225" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0107b18cd8ac17eb3e54786adc05a85cdbb6ef22" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/165d1359f945b72c5f90088f60d48ff46115269e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2cc583653bbe050bacd1cadcc9776d39bf449740" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hvjw-vp7g-39h5/GHSA-hvjw-vp7g-39h5.json b/advisories/unreviewed/2026/02/GHSA-hvjw-vp7g-39h5/GHSA-hvjw-vp7g-39h5.json new file mode 100644 index 0000000000000..7228d86753e3b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-hvjw-vp7g-39h5/GHSA-hvjw-vp7g-39h5.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hvjw-vp7g-39h5", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-33253" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33253" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33253" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-j9p7-7ww6-3mjx/GHSA-j9p7-7ww6-3mjx.json b/advisories/unreviewed/2026/02/GHSA-j9p7-7ww6-3mjx/GHSA-j9p7-7ww6-3mjx.json new file mode 100644 index 0000000000000..86315bba8ad57 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-j9p7-7ww6-3mjx/GHSA-j9p7-7ww6-3mjx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j9p7-7ww6-3mjx", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33249" + ], + "details": "NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33249" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33249" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jfq5-qg8x-7rmp/GHSA-jfq5-qg8x-7rmp.json b/advisories/unreviewed/2026/02/GHSA-jfq5-qg8x-7rmp/GHSA-jfq5-qg8x-7rmp.json new file mode 100644 index 0000000000000..f6b45d7ec529b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jfq5-qg8x-7rmp/GHSA-jfq5-qg8x-7rmp.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jfq5-qg8x-7rmp", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23216" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()\n\nIn iscsit_dec_conn_usage_count(), the function calls complete() while\nholding the conn->conn_usage_lock. As soon as complete() is invoked, the\nwaiter (such as iscsit_close_connection()) may wake up and proceed to free\nthe iscsit_conn structure.\n\nIf the waiter frees the memory before the current thread reaches\nspin_unlock_bh(), it results in a KASAN slab-use-after-free as the function\nattempts to release a lock within the already-freed connection structure.\n\nFix this by releasing the spinlock before calling complete().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23216" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jxgv-6j54-wwc7/GHSA-jxgv-6j54-wwc7.json b/advisories/unreviewed/2026/02/GHSA-jxgv-6j54-wwc7/GHSA-jxgv-6j54-wwc7.json new file mode 100644 index 0000000000000..d4eebd331c726 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jxgv-6j54-wwc7/GHSA-jxgv-6j54-wwc7.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jxgv-6j54-wwc7", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-2654" + ], + "details": "A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2654" + }, + { + "type": "WEB", + "url": "https://github.com/CH0ico/CVE_choco_smolagent/blob/main/report.md#proof-of-concept-execution" + }, + { + "type": "WEB", + "url": "https://github.com/CH0ico/CVE_choco_smolagent/tree/main" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346451" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346451" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752774" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m8v3-m8mg-rrc7/GHSA-m8v3-m8mg-rrc7.json b/advisories/unreviewed/2026/02/GHSA-m8v3-m8mg-rrc7/GHSA-m8v3-m8mg-rrc7.json new file mode 100644 index 0000000000000..a480dfcae2b72 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-m8v3-m8mg-rrc7/GHSA-m8v3-m8mg-rrc7.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m8v3-m8mg-rrc7", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23211" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, swap: restore swap_space attr aviod kernel panic\n\ncommit 8b47299a411a (\"mm, swap: mark swap address space ro and add context\ndebug check\") made the swap address space read-only. It may lead to\nkernel panic if arch_prepare_to_swap returns a failure under heavy memory\npressure as follows,\n\nel1_abort+0x40/0x64\nel1h_64_sync_handler+0x48/0xcc\nel1h_64_sync+0x84/0x88\nerrseq_set+0x4c/0xb8 (P)\n__filemap_set_wb_err+0x20/0xd0\nshrink_folio_list+0xc20/0x11cc\nevict_folios+0x1520/0x1be4\ntry_to_shrink_lruvec+0x27c/0x3dc\nshrink_one+0x9c/0x228\nshrink_node+0xb3c/0xeac\ndo_try_to_free_pages+0x170/0x4f0\ntry_to_free_pages+0x334/0x534\n__alloc_pages_direct_reclaim+0x90/0x158\n__alloc_pages_slowpath+0x334/0x588\n__alloc_frozen_pages_noprof+0x224/0x2fc\n__folio_alloc_noprof+0x14/0x64\nvma_alloc_zeroed_movable_folio+0x34/0x44\ndo_pte_missing+0xad4/0x1040\nhandle_mm_fault+0x4a4/0x790\ndo_page_fault+0x288/0x5f8\ndo_translation_fault+0x38/0x54\ndo_mem_abort+0x54/0xa8\n\nRestore swap address space as not ro to avoid the panic.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23211" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a0f3c0845a4ff68d403c568266d17e9cc553e561" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b0020cbd26380177b9fb8b7e75a8f7bdba79db20" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-mx8g-qc6m-wcmf/GHSA-mx8g-qc6m-wcmf.json b/advisories/unreviewed/2026/02/GHSA-mx8g-qc6m-wcmf/GHSA-mx8g-qc6m-wcmf.json new file mode 100644 index 0000000000000..f20f485158a3d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mx8g-qc6m-wcmf/GHSA-mx8g-qc6m-wcmf.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mx8g-qc6m-wcmf", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23218" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc()\n\nFix incorrect NULL check in loongson_gpio_init_irqchip().\nThe function checks chip->parent instead of chip->irq.parents.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23218" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e34f77b09080c86c929153e2a72da26b4f8947ff" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e71e3fa90a15134113f61343392e887cd1f4bf7c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p4q3-g549-vvfc/GHSA-p4q3-g549-vvfc.json b/advisories/unreviewed/2026/02/GHSA-p4q3-g549-vvfc/GHSA-p4q3-g549-vvfc.json new file mode 100644 index 0000000000000..ebb7bcea28c29 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p4q3-g549-vvfc/GHSA-p4q3-g549-vvfc.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p4q3-g549-vvfc", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2026-1582" + ], + "details": "The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using \"magic hash\" values when the expected MD5 hash prefix happens to be numeric-looking (matching pattern ^0e\\d+$), allowing download of sensitive export files containing PII, business data, or database information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1582" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-all-export/tags/1.4.14/actions/wp_loaded.php#L19" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3455775" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92c682-b8b3-4d23-bd84-97d7440ee525?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json b/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json index 2d40cf4763f91..edb136c8f66c1 100644 --- a/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json +++ b/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-pc38-57g8-39gg", - "modified": "2026-02-12T18:30:23Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-12T18:30:23Z", "aliases": [ "CVE-2025-69752" ], "details": "An issue in the \"My Details\" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-12T16:16:05Z" diff --git a/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json b/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json new file mode 100644 index 0000000000000..4bcf8b83f90d0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-phqg-p332-q7vc", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23212" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: annotate data-races around slave->last_rx\n\nslave->last_rx and slave->target_last_arp_rx[...] can be read and written\nlocklessly. Add READ_ONCE() and WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1:\n bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n netif_receive_skb_internal net/core/dev.c:6351 [inline]\n netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n...\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0:\n bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n netif_receive_skb_internal net/core/dev.c:6351 [inline]\n netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n br_netif_receive_skb net/bridge/br_input.c:30 [inline]\n NF_HOOK include/linux/netfilter.h:318 [inline]\n...\n\nvalue changed: 0x0000000100005365 -> 0x0000000100005366", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23212" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json b/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json index 0242e02b8a189..d7850968c5787 100644 --- a/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json +++ b/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-918" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json b/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json new file mode 100644 index 0000000000000..8039ad0742203 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq2v-q6qr-p5vx", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33251" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33251" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33251" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json b/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json new file mode 100644 index 0000000000000..00126b1233e55 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq7g-427f-cm2r", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-1426" + ], + "details": "The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Note: This vulnerability requires the Live Composer plugin to also be installed and active.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1426" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/502.html" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L25" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L28" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L33" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3449344/#file418" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29e76d57-217f-4f21-8bc6-a86290783a19?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:41Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json b/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json new file mode 100644 index 0000000000000..7f5cad051600a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r264-whc7-wwfw", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-71226" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP\n\nSince commit dfb073d32cac (\"ptp: Return -EINVAL on ptp_clock_register if\nrequired ops are NULL\"), PTP clock registered through ptp_clock_register\nis required to have ptp_clock_info.settime64 set, however, neither MVM\nnor MLD's PTP clock implementation sets it, resulting in warnings when\nthe interface starts up, like\n\nWARNING: drivers/ptp/ptp_clock.c:325 at ptp_clock_register+0x2c8/0x6b8, CPU#1: wpa_supplicant/469\nCPU: 1 UID: 0 PID: 469 Comm: wpa_supplicant Not tainted 6.18.0+ #101 PREEMPT(full)\nra: ffff800002732cd4 iwl_mvm_ptp_init+0x114/0x188 [iwlmvm]\nERA: 9000000002fdc468 ptp_clock_register+0x2c8/0x6b8\niwlwifi 0000:01:00.0: Failed to register PHC clock (-22)\n\nI don't find an appropriate firmware interface to implement settime64()\nfor iwlwifi MLD/MVM, thus instead create a stub that returns\n-EOPTNOTSUPP only, suppressing the warning and allowing the PTP clock to\nbe registered.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71226" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/81d90d93d22ca4f61833cba921dce9a0bd82218f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ff6892ea544c4052dd5799f675ebc20419953801" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json b/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json new file mode 100644 index 0000000000000..0c7963d6b7ddd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r4m3-cm43-fxrj", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-2329" + ], + "details": "An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2329" + }, + { + "type": "WEB", + "url": "https://github.com/rapid7/metasploit-framework/pull/20983" + }, + { + "type": "WEB", + "url": "https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf" + }, + { + "type": "WEB", + "url": "https://psirt.grandstream.com" + }, + { + "type": "WEB", + "url": "https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json b/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json new file mode 100644 index 0000000000000..bd2e0e158666f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r77x-pqm4-6252", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60037" + ], + "details": "A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60037" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json b/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json new file mode 100644 index 0000000000000..c577f818717f0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgjw-pqcr-56gf", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-14340" + ], + "details": "Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:X/RE:M/U:Red" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14340" + }, + { + "type": "WEB", + "url": "https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json b/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json new file mode 100644 index 0000000000000..a0dc26782875f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rjm5-gmfm-6cp4", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-2656" + ], + "details": "A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2656" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/636" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346454" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346454" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752790" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json b/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json new file mode 100644 index 0000000000000..da27a8ec09d4a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rv75-v2gv-p54c", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33239" + ], + "details": "NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33239" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5781" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33239" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json b/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json index 819900c824fed..d660ca2f4621d 100644 --- a/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json +++ b/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-rvhp-mghq-8mvw", - "modified": "2026-02-14T00:32:42Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-14T00:32:42Z", "aliases": [ "CVE-2025-70957" ], "details": "A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed \"get methods.\" An attacker can inject a constructed Continuation object (an internal TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This \"free\" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-674" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-13T22:16:10Z" diff --git a/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json b/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json new file mode 100644 index 0000000000000..94425dd4e91d3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfmw-4jmp-wmrw", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60035" + ], + "details": "A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60035" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json b/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json new file mode 100644 index 0000000000000..248e19f7829d5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vqcj-rgfw-jjcq", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23214" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject new transactions if the fs is fully read-only\n\n[BUG]\nThere is a bug report where a heavily fuzzed fs is mounted with all\nrescue mount options, which leads to the following warnings during\nunmount:\n\n BTRFS: Transaction aborted (error -22)\n Modules linked in:\n CPU: 0 UID: 0 PID: 9758 Comm: repro.out Not tainted\n 6.19.0-rc5-00002-gb71e635feefc #7 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:find_free_extent_update_loop fs/btrfs/extent-tree.c:4208 [inline]\n RIP: 0010:find_free_extent+0x52f0/0x5d20 fs/btrfs/extent-tree.c:4611\n Call Trace:\n \n btrfs_reserve_extent+0x2cd/0x790 fs/btrfs/extent-tree.c:4705\n btrfs_alloc_tree_block+0x1e1/0x10e0 fs/btrfs/extent-tree.c:5157\n btrfs_force_cow_block+0x578/0x2410 fs/btrfs/ctree.c:517\n btrfs_cow_block+0x3c4/0xa80 fs/btrfs/ctree.c:708\n btrfs_search_slot+0xcad/0x2b50 fs/btrfs/ctree.c:2130\n btrfs_truncate_inode_items+0x45d/0x2350 fs/btrfs/inode-item.c:499\n btrfs_evict_inode+0x923/0xe70 fs/btrfs/inode.c:5628\n evict+0x5f4/0xae0 fs/inode.c:837\n __dentry_kill+0x209/0x660 fs/dcache.c:670\n finish_dput+0xc9/0x480 fs/dcache.c:879\n shrink_dcache_for_umount+0xa0/0x170 fs/dcache.c:1661\n generic_shutdown_super+0x67/0x2c0 fs/super.c:621\n kill_anon_super+0x3b/0x70 fs/super.c:1289\n btrfs_kill_super+0x41/0x50 fs/btrfs/super.c:2127\n deactivate_locked_super+0xbc/0x130 fs/super.c:474\n cleanup_mnt+0x425/0x4c0 fs/namespace.c:1318\n task_work_run+0x1d4/0x260 kernel/task_work.c:233\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x694/0x22f0 kernel/exit.c:971\n do_group_exit+0x21c/0x2d0 kernel/exit.c:1112\n __do_sys_exit_group kernel/exit.c:1123 [inline]\n __se_sys_exit_group kernel/exit.c:1121 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121\n x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe8/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x44f639\n Code: Unable to access opcode bytes at 0x44f60f.\n RSP: 002b:00007ffc15c4e088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\n RAX: ffffffffffffffda RBX: 00000000004c32f0 RCX: 000000000044f639\n RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\n RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004c32f0\n R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \n\nSince rescue mount options will mark the full fs read-only, there should\nbe no new transaction triggered.\n\nBut during unmount we will evict all inodes, which can trigger a new\ntransaction, and triggers warnings on a heavily corrupted fs.\n\n[CAUSE]\nBtrfs allows new transaction even on a read-only fs, this is to allow\nlog replay happen even on read-only mounts, just like what ext4/xfs do.\n\nHowever with rescue mount options, the fs is fully read-only and cannot\nbe remounted read-write, thus in that case we should also reject any new\ntransactions.\n\n[FIX]\nIf we find the fs has rescue mount options, we should treat the fs as\nerror, so that no new transaction can be started.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23214" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1972f44c189c8aacde308fa9284e474c1a5cbd9f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3228b2eceb6c3d7e237f8a5330113dbd164fb90d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a928eecf030a9a5dc5f5ca98332699f379b91963" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json b/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json new file mode 100644 index 0000000000000..16e327c5f4939 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vw84-mx3m-hw5p", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1404" + ], + "details": "The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters (e.g., 'filter_first_name') in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1404" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/assets/js/um-members.js#L515" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members.php#L348" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3458086" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba62b804-f101-4e29-8304-fb2b7dad333c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json b/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json new file mode 100644 index 0000000000000..30189cc7dbd4c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vwcq-x7gx-g26f", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-8308" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers.This issue affects INFOREX- General Information Management System: from 2025 and before through 18022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8308" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0075" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json b/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json new file mode 100644 index 0000000000000..1ca49c2294cfa --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wfhp-qgm8-5p5c", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-27100" + ], + "details": "Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27100" + }, + { + "type": "WEB", + "url": "https://www.jenkins.io/security/advisory/2026-02-18/#SECURITY-3658" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json b/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json new file mode 100644 index 0000000000000..239db0c71b690 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-whmh-gx62-v47m", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-59920" + ], + "details": "When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdmin user with the sysadmin role enabled, exploiting the vulnerability will allow commands to be executed on the system; if the user does not belong to the sysadmin role, they will still be able to query data from the database.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59920" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-timework-systemswork" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json b/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json new file mode 100644 index 0000000000000..9baadc5170937 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wq2g-h2h9-v8x3", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60038" + ], + "details": "A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60038" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json b/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json new file mode 100644 index 0000000000000..c7882935d1b95 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wvvh-pcq5-hc6f", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33250" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33250" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33250" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json b/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json new file mode 100644 index 0000000000000..e9668086651a4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ww2j-3p54-3m69", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-8781" + ], + "details": "The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8781" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/bookster/trunk/src/Models/Database/QueryBuilder.php#L133" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3434484" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fc5f0ac-3323-4e6c-8900-10e13294ff9a?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json b/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json new file mode 100644 index 0000000000000..e42c5f8bdd069 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x536-g6fc-g963", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-2464" + ], + "details": "Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2464" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/directory-traversal-amr-printer-management-amr" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:07Z" + } +} \ No newline at end of file From 5c0e07c5b0bb7b24fb941ba52871385af18a7e3a Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 16:11:57 +0000 Subject: [PATCH 089/222] Publish GHSA-xfhx-r7ww-5995 --- .../GHSA-xfhx-r7ww-5995.json | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json b/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json index 2911ab16e66df..98074e802f1ca 100644 --- a/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json +++ b/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-xfhx-r7ww-5995", - "modified": "2026-01-15T20:11:51Z", + "modified": "2026-02-18T16:08:35Z", "published": "2026-01-15T15:31:19Z", "aliases": [ "CVE-2026-0897" ], "summary": "Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component", - "details": "Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.", + "details": "Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.12.0 and 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.", "severity": [ { "type": "CVSS_V4", @@ -28,14 +28,11 @@ "introduced": "3.0.0" }, { - "fixed": "3.13.1" + "fixed": "3.12.1" } ] } - ], - "database_specific": { - "last_known_affected_version_range": "<= 3.13.0" - } + ] }, { "package": { @@ -47,17 +44,17 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "3.0.0" + "introduced": "3.13.0" }, { - "fixed": "3.12.1" + "fixed": "3.13.1" } ] } ], - "database_specific": { - "last_known_affected_version_range": "<= 3.12.0" - } + "versions": [ + "3.13.0" + ] } ], "references": [ @@ -77,6 +74,10 @@ "type": "WEB", "url": "https://github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6" }, + { + "type": "WEB", + "url": "https://github.com/keras-team/keras/commit/f704c887bf459b42769bfc8a9182f838009afddb" + }, { "type": "PACKAGE", "url": "https://github.com/keras-team/keras" From 2e5cf78652535edad64ebb74d32eca54d553f9e7 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:16:44 +0000 Subject: [PATCH 090/222] Publish GHSA-43fc-jf86-j433 --- .../GHSA-43fc-jf86-j433.json | 38 ++++++++++++++++++- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json b/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json index a7d9702027908..c42b11fa1c57f 100644 --- a/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json +++ b/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-43fc-jf86-j433", - "modified": "2026-02-09T22:39:32Z", + "modified": "2026-02-18T17:15:11Z", "published": "2026-02-09T17:46:14Z", "aliases": [ "CVE-2026-25639" @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "1.0.0" }, { "fixed": "1.13.5" @@ -36,6 +36,28 @@ "database_specific": { "last_known_affected_version_range": "<= 1.13.4" } + }, + { + "package": { + "ecosystem": "npm", + "name": "axios" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.30.3" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 0.30.2" + } } ], "references": [ @@ -51,14 +73,26 @@ "type": "WEB", "url": "https://github.com/axios/axios/pull/7369" }, + { + "type": "WEB", + "url": "https://github.com/axios/axios/pull/7388" + }, { "type": "WEB", "url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57" }, + { + "type": "WEB", + "url": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e" + }, { "type": "PACKAGE", "url": "https://github.com/axios/axios" }, + { + "type": "WEB", + "url": "https://github.com/axios/axios/releases/tag/v0.30.0" + }, { "type": "WEB", "url": "https://github.com/axios/axios/releases/tag/v1.13.5" From 0bb5d2b0ebfa02dc8ba10c97a461b9018a24ccaf Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:39:15 +0000 Subject: [PATCH 091/222] Publish Advisories GHSA-gq9c-wg68-gwj2 GHSA-xwjm-j929-xq7c --- .../GHSA-gq9c-wg68-gwj2.json | 63 +++++++++++++++++ .../GHSA-xwjm-j929-xq7c.json | 68 +++++++++++++++++++ 2 files changed, 131 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-gq9c-wg68-gwj2/GHSA-gq9c-wg68-gwj2.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-xwjm-j929-xq7c/GHSA-xwjm-j929-xq7c.json diff --git a/advisories/github-reviewed/2026/02/GHSA-gq9c-wg68-gwj2/GHSA-gq9c-wg68-gwj2.json b/advisories/github-reviewed/2026/02/GHSA-gq9c-wg68-gwj2/GHSA-gq9c-wg68-gwj2.json new file mode 100644 index 0000000000000..210f1edb3906b --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-gq9c-wg68-gwj2/GHSA-gq9c-wg68-gwj2.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gq9c-wg68-gwj2", + "modified": "2026-02-18T17:38:39Z", + "published": "2026-02-18T17:38:39Z", + "aliases": [], + "summary": "OpenClaw has a path traversal in browser trace/download output paths may allow arbitrary file writes", + "details": "## Summary\n\n OpenClaw’s browser control API accepted user-supplied output paths for trace/download files without consistently\n constraining writes to OpenClaw-managed temporary directories.\n\n ## Impact\n\n If an attacker can access the browser control API, they could attempt to write trace/download output files outside\n intended temp roots, depending on process filesystem permissions.\n\n ## Affected versions\n\n `openclaw` `< 2026.2.13`\n\n ## Fixed versions\n\n `openclaw` `>= 2026.2.13`\n\n ## Remediation\n\n Upgrade to `2026.2.13` or later.\n\n ## What changed\n\n The fix constrains output paths for:\n\n - `POST /trace/stop`\n - `POST /wait/download`\n - `POST /download`\n\n All three now enforce OpenClaw temp-root boundaries and reject traversal/escape paths.\n\n ## Credits\n\n Thanks to Adnan Jakati (@jackhax) of Praetorian for responsible disclosure.\n\n Fix shipped in PR #15652 and merged to `main` on February 13, 2026 (`7f0489e4731c8d965d78d6eac4a60312e46a9426`).\n\n---\n\nFix commit 7f0489e4731c8d965d78d6eac4a60312e46a9426 confirmed on main and in v2026.2.14. Upgrade to `openclaw >= 2026.2.13`.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.13" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gq9c-wg68-gwj2" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/15652" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/7f0489e4731c8d965d78d6eac4a60312e46a9426" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:38:39Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-xwjm-j929-xq7c/GHSA-xwjm-j929-xq7c.json b/advisories/github-reviewed/2026/02/GHSA-xwjm-j929-xq7c/GHSA-xwjm-j929-xq7c.json new file mode 100644 index 0000000000000..cbafa16a3039d --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-xwjm-j929-xq7c/GHSA-xwjm-j929-xq7c.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xwjm-j929-xq7c", + "modified": "2026-02-18T17:37:53Z", + "published": "2026-02-18T17:37:52Z", + "aliases": [ + "CVE-2026-26972" + ], + "summary": "OpenClaw has a Path Traversal in Browser Download Functionality", + "details": "### Summary\n\nOpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads directory.\n\nThis issue is not exposed via the AI agent tool schema (no `download` action). Exploitation requires authenticated CLI access or an authenticated gateway RPC token.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: >=2026.1.12, <=2026.2.12\n- Fixed: >=2026.2.13\n\n### Details\n\nAffected code: `src/browser/pw-tools-core.downloads.ts` (`waitForDownloadViaPlaywright`, `downloadViaPlaywright`).\n\nFixed entrypoints (as of 2026.2.13):\n- Gateway browser control routes `/wait/download` and `/download` now restrict `path` to `DEFAULT_DOWNLOAD_DIR` via `resolvePathWithinRoot`.\n\n### Fix Commit(s)\n\n- 7f0489e4731c8d965d78d6eac4a60312e46a9426\n\n### Mitigation\n\nUpgrade to `openclaw` >=2026.2.13.\n\nThanks @locus-x64 for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.12" + }, + { + "fixed": "2026.2.13" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2026.2.12" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xwjm-j929-xq7c" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/7f0489e4731c8d965d78d6eac4a60312e46a9426" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.13" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:37:52Z", + "nvd_published_at": null + } +} \ No newline at end of file From 0083c7c33098b09fa9955cedbc145423abd69ad5 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:41:32 +0000 Subject: [PATCH 092/222] Publish Advisories GHSA-4564-pvr2-qq4h GHSA-7rcp-mxpq-72pj --- .../GHSA-4564-pvr2-qq4h.json | 75 +++++++++++++++++++ .../GHSA-7rcp-mxpq-72pj.json | 63 ++++++++++++++++ 2 files changed, 138 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-7rcp-mxpq-72pj/GHSA-7rcp-mxpq-72pj.json diff --git a/advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json b/advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json new file mode 100644 index 0000000000000..48068a265fa55 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json @@ -0,0 +1,75 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4564-pvr2-qq4h", + "modified": "2026-02-18T17:39:00Z", + "published": "2026-02-18T17:39:00Z", + "aliases": [], + "summary": "OpenClaw: Prevent shell injection in macOS keychain credential write", + "details": "## Summary\nOn macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via `security add-generic-password -w ...`. Because OAuth tokens are user-controlled data, this created an OS command injection risk.\n\nThe fix avoids invoking a shell by using `execFileSync(\"security\", argv)` and passing the updated keychain payload as a literal argument.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Platform: macOS only\n- Affected versions: `<= 2026.2.13`\n\n## Fix\n- Patched version: `>= 2026.2.14` (next release)\n- Fix PR: #15924\n- Fix commits (merged to `main`):\n - `9dce3d8bf83f13c067bc3c32291643d2f1f10a06`\n - `66d7178f2d6f9d60abad35797f97f3e61389b70c`\n - `b908388245764fb3586859f44d1dff5372b19caf`\n\nThanks @aether-ai-agent for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/15924" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389b70c" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f10a06" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b19caf" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:39:00Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-7rcp-mxpq-72pj/GHSA-7rcp-mxpq-72pj.json b/advisories/github-reviewed/2026/02/GHSA-7rcp-mxpq-72pj/GHSA-7rcp-mxpq-72pj.json new file mode 100644 index 0000000000000..ef9734b768201 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-7rcp-mxpq-72pj/GHSA-7rcp-mxpq-72pj.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7rcp-mxpq-72pj", + "modified": "2026-02-18T17:41:00Z", + "published": "2026-02-18T17:41:00Z", + "aliases": [], + "summary": "OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution", + "details": "## Summary\n\nThe manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution.\n\n## Impact\n\nIf an attacker can convince a user to paste attacker-provided OAuth callback data during the manual login prompt, OpenClaw may exchange an attacker-obtained authorization code and persist tokens for the wrong Chutes account.\n\nThe automatic local callback flow is not affected (it validates state in the local HTTP callback handler).\n\n## Affected Packages / Versions\n\n- `openclaw` (npm): `<= 2026.2.13` when using the manual Chutes OAuth login flow.\n\n## Fix\n\nThe manual flow now requires the full redirect URL (must include `code` and `state`), validates the returned `state` against the expected value, and rejects code-only pastes.\n\n## Fix Commit(s)\n\n- a99ad11a4107ba8eac58f54a3c1a8a0cf5686f47\n\nThanks @aether-ai-agent for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7rcp-mxpq-72pj" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/a99ad11a4107ba8eac58f54a3c1a8a0cf5686f47" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:41:00Z", + "nvd_published_at": null + } +} \ No newline at end of file From 175bf9cac5b7529888405cc533d680f8a7e95f9b Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:43:25 +0000 Subject: [PATCH 093/222] Publish GHSA-jfv4-h8mc-jcp8 --- .../GHSA-jfv4-h8mc-jcp8.json | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-jfv4-h8mc-jcp8/GHSA-jfv4-h8mc-jcp8.json diff --git a/advisories/github-reviewed/2026/02/GHSA-jfv4-h8mc-jcp8/GHSA-jfv4-h8mc-jcp8.json b/advisories/github-reviewed/2026/02/GHSA-jfv4-h8mc-jcp8/GHSA-jfv4-h8mc-jcp8.json new file mode 100644 index 0000000000000..95b14dd073959 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-jfv4-h8mc-jcp8/GHSA-jfv4-h8mc-jcp8.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jfv4-h8mc-jcp8", + "modified": "2026-02-18T17:41:09Z", + "published": "2026-02-18T17:41:09Z", + "aliases": [], + "summary": "OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup", + "details": "## Summary\n\nOpenClaw CLI process cleanup used system-wide process enumeration and pattern matching to terminate processes without verifying they were owned by the current OpenClaw process. On shared hosts, unrelated processes could be terminated if they matched the pattern.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `< 2026.2.14` (including the latest published version `2026.2.13`)\n- Fixed: `2026.2.14` (planned next release)\n\n## Details\n\nThe CLI runner cleanup helpers could kill processes matched by command-line patterns without validating process ownership.\n\n## Fix\n\nProcess cleanup is now scoped to owned processes only by filtering to direct child PIDs of the current process (`ppid == process.pid`) before sending signals.\n\nHardening follow-ups:\n- Prefer graceful termination for resume cleanup (`SIGTERM`, then `SIGKILL` fallback).\n- Reduce false negatives from `ps` argv truncation by preferring wide output (`ps -axww`) with a fallback.\n- Tighten command-line token matching to avoid substring matches.\n\n## Fix Commit(s)\n\n- 6084d13b956119e3cf95daaf9a1cae1670ea3557\n- eb60e2e1b213740c3c587a7ba4dbf10da620ca66\n\n## Release Process Note\n\nThis advisory is pre-set with patched version `2026.2.14`. After `2026.2.14` is published to npm, the remaining step should be to publish this advisory.\n\nThanks @aether-ai-agent for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jfv4-h8mc-jcp8" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/6084d13b956119e3cf95daaf9a1cae1670ea3557" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/eb60e2e1b213740c3c587a7ba4dbf10da620ca66" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-283" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:41:09Z", + "nvd_published_at": null + } +} \ No newline at end of file From 600a0a3c8cbe3424156c908e73c8eebb9b38af90 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:46:16 +0000 Subject: [PATCH 094/222] Publish Advisories GHSA-97f8-7cmv-76j2 GHSA-h9g4-589h-68xv GHSA-rwj8-p9vq-25gv GHSA-x22m-j5qq-j49m --- .../GHSA-97f8-7cmv-76j2.json | 59 +++++++++++++++ .../GHSA-h9g4-589h-68xv.json | 71 +++++++++++++++++++ .../GHSA-rwj8-p9vq-25gv.json | 67 +++++++++++++++++ .../GHSA-x22m-j5qq-j49m.json | 67 +++++++++++++++++ 4 files changed, 264 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-97f8-7cmv-76j2/GHSA-97f8-7cmv-76j2.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-h9g4-589h-68xv/GHSA-h9g4-589h-68xv.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-rwj8-p9vq-25gv/GHSA-rwj8-p9vq-25gv.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-x22m-j5qq-j49m/GHSA-x22m-j5qq-j49m.json diff --git a/advisories/github-reviewed/2026/02/GHSA-97f8-7cmv-76j2/GHSA-97f8-7cmv-76j2.json b/advisories/github-reviewed/2026/02/GHSA-97f8-7cmv-76j2/GHSA-97f8-7cmv-76j2.json new file mode 100644 index 0000000000000..b8af51a354c0f --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-97f8-7cmv-76j2/GHSA-97f8-7cmv-76j2.json @@ -0,0 +1,59 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-97f8-7cmv-76j2", + "modified": "2026-02-18T17:45:52Z", + "published": "2026-02-18T17:45:52Z", + "aliases": [], + "summary": "Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER", + "details": "### Summary\nThis is a scanning bypass to `scan_pytorch` function in `picklescan`. As we can see in the implementation of [get_magic_number()](https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/torch.py#L76C5-L84) that uses `pickletools.genops(data)` to get the `magic_number` with the condition `opcode.name` includes `INT` or `LONG`, but the PyTorch's implemtation simply uses [pickle_module.load()](https://github.com/pytorch/pytorch/blob/134179474539648ba7dee1317959529fbd0e7f89/torch/serialization.py#L1797) to get this `magic_number`. For this implementation difference, we then can embed the `magic_code` into the `PyTorch` file via dynamic `eval` on the `\\_\\_reduce\\_\\_` trick, which can make the `pickletools.genops(data)` cannot get the `magic_code` in `INT` or `LONG` type, but the `pickle_module.load()` can still return the same `magic_code`, eading to a bypass.\n\n### PoC\n#### Attack Step 1\nwe can edit the source code of the function [\\_legacy\\_save()](https://github.com/pytorch/pytorch/blob/134179474539648ba7dee1317959529fbd0e7f89/torch/serialization.py#L1120) as follows:\n```Python\n class payload:\n def __reduce__(self):\n return (eval, ('MAGIC_NUMBER',))\n\n pickle_module.dump(payload(), f, protocol=pickle_protocol)\n```\n#### Attack Step 2\nwith the modified version of `PyTorch`, we run the following PoC to generate the `payload.pt`:\n```Python\nimport torch \n\nclass payload:\n def __reduce__(self):\n return (__import__('os').system, ('touch /tmp/hacked',))\n\ntorch.save(payload(), './payload.pt', _use_new_zipfile_serialization = False)\n```\n\n#### Picklescan result\n```\nERROR: Invalid magic number for file /home/pzhou/bug-bunty/pytorch/PoC/payload.pt: None != 119547037146038801333356\n----------- SCAN SUMMARY -----------\nScanned files: 0\nInfected files: 0\nDangerous globals: 0\n```\n\n#### Victim Step\n```Python\nimport torch\ntorch.load('./payload.pt', weights_only=False)\n```\nthen you can find the illegal file `/tmp/hacked` created in your local system.\n\n### Impact\nCraft malicious `PyTorch` payloads to bypass `picklescan`, then recall ACE/RCE.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "picklescan" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-97f8-7cmv-76j2" + }, + { + "type": "WEB", + "url": "https://github.com/mmaitre314/picklescan/commit/b9997634683a4f4bd0c7e3701e7ce7e90fe70e8c" + }, + { + "type": "PACKAGE", + "url": "https://github.com/mmaitre314/picklescan" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-184" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:45:52Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-h9g4-589h-68xv/GHSA-h9g4-589h-68xv.json b/advisories/github-reviewed/2026/02/GHSA-h9g4-589h-68xv/GHSA-h9g4-589h-68xv.json new file mode 100644 index 0000000000000..5b9c08f0000c3 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-h9g4-589h-68xv/GHSA-h9g4-589h-68xv.json @@ -0,0 +1,71 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h9g4-589h-68xv", + "modified": "2026-02-18T17:45:31Z", + "published": "2026-02-18T17:45:31Z", + "aliases": [], + "summary": "OpenClaw has an authentication bypass in sandbox browser bridge server", + "details": "## Summary\n\nopenclaw could start the sandbox browser bridge server without authentication.\n\nWhen the sandboxed browser is enabled, openclaw runs a local (loopback) HTTP bridge that exposes browser control endpoints (for example `/profiles`, `/tabs`, `/tabs/open`, `/agent/*`). Due to missing auth wiring in the sandbox initialization path, that bridge server accepted requests without requiring gateway auth.\n\n## Impact\n\nA local attacker (any process on the same machine) could access the bridge server port and:\n\n- enumerate open tabs and retrieve CDP WebSocket URLs\n- open/close/navigate tabs\n- execute JavaScript in page contexts via CDP\n- exfiltrate cookies/session data and page contents from authenticated sessions\n\nThis is a localhost-only exposure (CVSS AV:L), but provides full browser-session compromise for sandboxed browser usage.\n\n## Affected Versions\n\n- Introduced in: `2026.1.29-beta.1` (first npm release that shipped the sandbox browser bridge)\n- Affected range: `>=2026.1.29-beta.1 <2026.2.14`\n\n## Patched Versions\n\n- `2026.2.14`\n\n## Mitigation\n\n- Upgrade to `2026.2.14` (recommended).\n- Or disable the sandboxed browser (`agents.defaults.sandbox.browser.enabled=false`).\n\n## Fix Details\n\n- The sandbox browser bridge server now always requires auth and enforces the same gateway browser control auth (token/password) that loopback browser clients already use.\n- Additional hardening: bridge server refuses non-loopback binds; local helper servers are bound to loopback.\n- Added regression tests (including unit coverage for per-port bridge auth fallback).\n\nFix commits:\n\n- openclaw/openclaw@4711a943e30bc58016247152ba06472dab09d0b0\n- openclaw/openclaw@6dd6bce997c48752134f2d6ed89b27de01ced7e3\n- openclaw/openclaw@cd84885a4ac78eadb7bf321aae98db9519426d67\n## Credits\n\nThanks to Adnan Jakati (@jackhax) of [Praetorian](https://www.praetorian.com/) for reporting this issue.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.29-beta.1" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h9g4-589h-68xv" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/4711a943e30bc58016247152ba06472dab09d0b0" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/6dd6bce997c48752134f2d6ed89b27de01ced7e3" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/cd84885a4ac78eadb7bf321aae98db9519426d67" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:45:31Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-rwj8-p9vq-25gv/GHSA-rwj8-p9vq-25gv.json b/advisories/github-reviewed/2026/02/GHSA-rwj8-p9vq-25gv/GHSA-rwj8-p9vq-25gv.json new file mode 100644 index 0000000000000..643dd48b64b4f --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-rwj8-p9vq-25gv/GHSA-rwj8-p9vq-25gv.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwj8-p9vq-25gv", + "modified": "2026-02-18T17:44:58Z", + "published": "2026-02-18T17:44:58Z", + "aliases": [], + "summary": "OpenClaw has a LFI in BlueBubbles media path handling", + "details": "### Summary\nThe BlueBubbles extension accepted attacker-controlled local filesystem paths via `mediaPath` and could read arbitrary local files from disk before sending them as media attachments.\n\n### Details\nWhen `sendBlueBubblesMedia` received a non-HTTP media source, the previous implementation resolved it to a local path and read it directly from disk. There was no required allowlist of safe directories, so values like `/etc/passwd` (or equivalent sensitive paths on other platforms) could be requested and exfiltrated.\n\nThe fix hardens local media loading by requiring explicit configured roots (`channels.bluebubbles.mediaLocalRoots`) and by enforcing canonical-path containment checks before reading local files. Paths outside allowed roots are rejected.\n\nFix PR: https://github.com/openclaw/openclaw/pull/16322\nFix commit: https://github.com/openclaw/openclaw/commit/71f357d9498cebb0efe016b0496d5fbe807539fc\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: `< v2026.2.14`\n- Fixed: `>= v2026.2.14` (planned)\n\n### Impact\nAn attacker able to trigger BlueBubbles media sends could exfiltrate local files accessible to the OpenClaw process.\n\n### Remediation\nUpgrade to a release that includes commit `71f357d9498cebb0efe016b0496d5fbe807539fc` and configure `channels.bluebubbles.mediaLocalRoots` to explicit trusted directories.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rwj8-p9vq-25gv" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/16322" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/71f357d9498cebb0efe016b0496d5fbe807539fc" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:44:58Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-x22m-j5qq-j49m/GHSA-x22m-j5qq-j49m.json b/advisories/github-reviewed/2026/02/GHSA-x22m-j5qq-j49m/GHSA-x22m-j5qq-j49m.json new file mode 100644 index 0000000000000..f469774848c76 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-x22m-j5qq-j49m/GHSA-x22m-j5qq-j49m.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x22m-j5qq-j49m", + "modified": "2026-02-18T17:45:12Z", + "published": "2026-02-18T17:45:12Z", + "aliases": [], + "summary": "OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension", + "details": "### Summary\nThe Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections:\n\n- `sendMediaFeishu(mediaUrl)`\n- Feishu DocX markdown image URLs (write/append -> image processing)\n\n### Affected versions\n- `< 2026.2.14`\n\n### Patched versions\n- `>= 2026.2.14`\n\n### Impact\nIf an attacker can influence tool calls (directly or via prompt injection), they may be able to trigger requests to internal services and re-upload the response as Feishu media.\n\n### Remediation\nUpgrade to OpenClaw `2026.2.14` or newer.\n\n### Notes\nThe fix routes Feishu remote media fetching through hardened runtime helpers that enforce SSRF policies and size limits.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x22m-j5qq-j49m" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/16285" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/5b4121d6011a48c71e747e3c18197f180b872c5d" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:45:12Z", + "nvd_published_at": null + } +} \ No newline at end of file From 51aad82d6223f946c3a0f0dab3ff2852d7b143a9 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:48:30 +0000 Subject: [PATCH 095/222] Publish GHSA-6xw9-2p64-7622 --- .../GHSA-6xw9-2p64-7622.json | 37 +++++++++++++++---- 1 file changed, 29 insertions(+), 8 deletions(-) rename advisories/{unreviewed => github-reviewed}/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json (70%) diff --git a/advisories/unreviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json b/advisories/github-reviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json similarity index 70% rename from advisories/unreviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json rename to advisories/github-reviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json index fad76fe75e122..4b5c170ad0b05 100644 --- a/advisories/unreviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json +++ b/advisories/github-reviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json @@ -1,12 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-6xw9-2p64-7622", - "modified": "2026-02-16T06:31:29Z", + "modified": "2026-02-18T17:47:09Z", "published": "2026-02-16T06:31:29Z", "aliases": [ "CVE-2026-2531" ], - "details": "A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.", + "summary": "MindsDB affected by a SSRF vulnerability", + "details": "A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.", "severity": [ { "type": "CVSS_V3", @@ -14,10 +15,30 @@ }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "MindsDB" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "25.14.1" + } + ] + } + ] } ], - "affected": [], "references": [ { "type": "ADVISORY", @@ -36,7 +57,7 @@ "url": "https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed" }, { - "type": "WEB", + "type": "PACKAGE", "url": "https://github.com/mindsdb/mindsdb" }, { @@ -56,9 +77,9 @@ "cwe_ids": [ "CWE-918" ], - "severity": "MODERATE", - "github_reviewed": false, - "github_reviewed_at": null, + "severity": "LOW", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:47:09Z", "nvd_published_at": "2026-02-16T04:15:51Z" } } \ No newline at end of file From 5b7321cdfff9966c097a7ed8b37fd1220badb3b3 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 18:32:01 +0000 Subject: [PATCH 096/222] Advisory Database Sync --- .../GHSA-4gm2-v7j4-74p8.json | 13 ++- .../GHSA-2764-3pqr-49w6.json | 3 +- .../GHSA-9cmp-2g73-ff98.json | 1 + .../GHSA-qhp7-446p-xq88.json | 1 + .../GHSA-xr9j-c7v6-7542.json | 1 + .../GHSA-v727-f437-6cxx.json | 1 + .../GHSA-prhq-c3gx-jhwg.json | 3 +- .../GHSA-2whf-r4r4-c662.json | 2 +- .../GHSA-365g-rr2h-rx65.json | 37 +++++++ .../GHSA-3cgw-cpcx-p7g4.json | 4 +- .../GHSA-3w2g-4qx3-2mmw.json | 41 ++++++++ .../GHSA-4mcw-fcqm-vqg3.json | 56 +++++++++++ .../GHSA-4v8p-q39m-4pj8.json | 36 +++++++ .../GHSA-4vmx-r9fj-4cm5.json | 36 +++++++ .../GHSA-55vh-w3p8-qq9g.json | 33 +++++++ .../GHSA-5jgq-pv8m-5cx7.json | 33 +++++++ .../GHSA-5pqm-c33h-22jc.json | 33 +++++++ .../GHSA-5q5x-wqxc-vv25.json | 40 ++++++++ .../GHSA-5qf3-3gp9-pjx6.json | 41 ++++++++ .../GHSA-5qq8-6gv4-wmcc.json | 36 +++++++ .../GHSA-636r-hfj8-v9m7.json | 6 +- .../GHSA-64jv-v62f-2xrg.json | 36 +++++++ .../GHSA-6rjp-j8mc-4f57.json | 60 ++++++++++++ .../GHSA-6xrx-3vj8-2rjc.json | 33 +++++++ .../GHSA-74jq-6q38-p5wf.json | 1 + .../GHSA-74rw-28vp-8wh9.json | 6 +- .../GHSA-78xc-39m5-v2c6.json | 37 +++++++ .../GHSA-7fjm-558r-4j8r.json | 38 ++++++++ .../GHSA-7p94-766c-hgjp.json | 36 +++++++ .../GHSA-85h6-5m3v-gx37.json | 15 ++- .../GHSA-876r-52fj-4pxf.json | 41 ++++++++ .../GHSA-8j5g-3q2r-xfjh.json | 37 +++++++ .../GHSA-8rh3-rvv2-3mr4.json | 3 +- .../GHSA-8rqj-9226-cwx7.json | 33 +++++++ .../GHSA-9pjv-cqr5-4xh7.json | 96 +++++++++++++++++++ .../GHSA-9wwr-2jh3-482p.json | 41 ++++++++ .../GHSA-c56r-fcf4-6rp2.json | 10 +- .../GHSA-chpq-fr33-gp2m.json | 40 ++++++++ .../GHSA-f2fg-5m3g-hqwv.json | 36 +++++++ .../GHSA-f5pv-9whq-7mv7.json | 36 +++++++ .../GHSA-f7cx-4c4g-9g59.json | 6 +- .../GHSA-f7pj-q7w5-89fg.json | 41 ++++++++ .../GHSA-fqrv-m9rv-j33j.json | 36 +++++++ .../GHSA-g3vh-wfh4-fp76.json | 33 +++++++ .../GHSA-g4wf-v389-9w53.json | 2 +- .../GHSA-h437-rr98-fx56.json | 37 +++++++ .../GHSA-hcrc-x9p4-f9jh.json | 38 ++++++++ .../GHSA-hxp3-qj63-m9j9.json | 4 +- .../GHSA-j6h2-wr53-6vcg.json | 41 ++++++++ .../GHSA-j87r-wgfm-7fjj.json | 41 ++++++++ .../GHSA-jggw-c47g-3w3q.json | 6 +- .../GHSA-jp99-8xc8-367m.json | 33 +++++++ .../GHSA-m34c-wrf8-mw69.json | 41 ++++++++ .../GHSA-m4f3-qp2w-gwh6.json | 40 ++++++++ .../GHSA-m4v3-95xp-3j5h.json | 33 +++++++ .../GHSA-mc8x-4j6m-qj3r.json | 6 +- .../GHSA-mx4x-pxgm-r77w.json | 37 +++++++ .../GHSA-p525-h9pq-233r.json | 29 ++++++ .../GHSA-p68h-c56f-p3v6.json | 41 ++++++++ .../GHSA-q5q3-fgwr-rr9h.json | 4 +- .../GHSA-v3v9-r7ff-976x.json | 33 +++++++ .../GHSA-v9g2-54rr-mxmg.json | 4 +- .../GHSA-w35p-gjc5-2g6r.json | 44 +++++++++ .../GHSA-w94g-pmcx-r454.json | 41 ++++++++ .../GHSA-wfhp-qgm8-5p5c.json | 15 ++- .../GHSA-wp4v-6rrv-wqv9.json | 4 +- .../GHSA-wxwg-9693-mqg4.json | 4 +- .../GHSA-xfjv-gcf8-3jqc.json | 6 +- .../GHSA-xw73-fccw-fgc4.json | 36 +++++++ .../GHSA-xw8j-p597-rjrj.json | 4 +- 70 files changed, 1803 insertions(+), 29 deletions(-) create mode 100644 advisories/unreviewed/2026/02/GHSA-365g-rr2h-rx65/GHSA-365g-rr2h-rx65.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3w2g-4qx3-2mmw/GHSA-3w2g-4qx3-2mmw.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4mcw-fcqm-vqg3/GHSA-4mcw-fcqm-vqg3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4v8p-q39m-4pj8/GHSA-4v8p-q39m-4pj8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4vmx-r9fj-4cm5/GHSA-4vmx-r9fj-4cm5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5jgq-pv8m-5cx7/GHSA-5jgq-pv8m-5cx7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5q5x-wqxc-vv25/GHSA-5q5x-wqxc-vv25.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5qf3-3gp9-pjx6/GHSA-5qf3-3gp9-pjx6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5qq8-6gv4-wmcc/GHSA-5qq8-6gv4-wmcc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-64jv-v62f-2xrg/GHSA-64jv-v62f-2xrg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json create mode 100644 advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8j5g-3q2r-xfjh/GHSA-8j5g-3q2r-xfjh.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9pjv-cqr5-4xh7/GHSA-9pjv-cqr5-4xh7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9wwr-2jh3-482p/GHSA-9wwr-2jh3-482p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-chpq-fr33-gp2m/GHSA-chpq-fr33-gp2m.json create mode 100644 advisories/unreviewed/2026/02/GHSA-f2fg-5m3g-hqwv/GHSA-f2fg-5m3g-hqwv.json create mode 100644 advisories/unreviewed/2026/02/GHSA-f5pv-9whq-7mv7/GHSA-f5pv-9whq-7mv7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-f7pj-q7w5-89fg/GHSA-f7pj-q7w5-89fg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fqrv-m9rv-j33j/GHSA-fqrv-m9rv-j33j.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g3vh-wfh4-fp76/GHSA-g3vh-wfh4-fp76.json create mode 100644 advisories/unreviewed/2026/02/GHSA-h437-rr98-fx56/GHSA-h437-rr98-fx56.json create mode 100644 advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json create mode 100644 advisories/unreviewed/2026/02/GHSA-j6h2-wr53-6vcg/GHSA-j6h2-wr53-6vcg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-j87r-wgfm-7fjj/GHSA-j87r-wgfm-7fjj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jp99-8xc8-367m/GHSA-jp99-8xc8-367m.json create mode 100644 advisories/unreviewed/2026/02/GHSA-m34c-wrf8-mw69/GHSA-m34c-wrf8-mw69.json create mode 100644 advisories/unreviewed/2026/02/GHSA-m4f3-qp2w-gwh6/GHSA-m4f3-qp2w-gwh6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mx4x-pxgm-r77w/GHSA-mx4x-pxgm-r77w.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p525-h9pq-233r/GHSA-p525-h9pq-233r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json create mode 100644 advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json create mode 100644 advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json diff --git a/advisories/unreviewed/2022/05/GHSA-4gm2-v7j4-74p8/GHSA-4gm2-v7j4-74p8.json b/advisories/unreviewed/2022/05/GHSA-4gm2-v7j4-74p8/GHSA-4gm2-v7j4-74p8.json index 34296f8127264..18992c855b6e2 100644 --- a/advisories/unreviewed/2022/05/GHSA-4gm2-v7j4-74p8/GHSA-4gm2-v7j4-74p8.json +++ b/advisories/unreviewed/2022/05/GHSA-4gm2-v7j4-74p8/GHSA-4gm2-v7j4-74p8.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-4gm2-v7j4-74p8", - "modified": "2022-05-24T19:05:05Z", + "modified": "2026-02-18T18:30:19Z", "published": "2022-05-24T19:05:05Z", "aliases": [ "CVE-2021-22175" ], "details": "When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -25,6 +30,10 @@ { "type": "WEB", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/294178" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22175" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/07/GHSA-2764-3pqr-49w6/GHSA-2764-3pqr-49w6.json b/advisories/unreviewed/2023/07/GHSA-2764-3pqr-49w6/GHSA-2764-3pqr-49w6.json index 9f712b78b0ba9..a6f235ddebcc8 100644 --- a/advisories/unreviewed/2023/07/GHSA-2764-3pqr-49w6/GHSA-2764-3pqr-49w6.json +++ b/advisories/unreviewed/2023/07/GHSA-2764-3pqr-49w6/GHSA-2764-3pqr-49w6.json @@ -59,7 +59,8 @@ "database_specific": { "cwe_ids": [ "CWE-200", - "CWE-362" + "CWE-362", + "CWE-413" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2023/08/GHSA-9cmp-2g73-ff98/GHSA-9cmp-2g73-ff98.json b/advisories/unreviewed/2023/08/GHSA-9cmp-2g73-ff98/GHSA-9cmp-2g73-ff98.json index c5258203a0c0c..bfdaa829a47db 100644 --- a/advisories/unreviewed/2023/08/GHSA-9cmp-2g73-ff98/GHSA-9cmp-2g73-ff98.json +++ b/advisories/unreviewed/2023/08/GHSA-9cmp-2g73-ff98/GHSA-9cmp-2g73-ff98.json @@ -70,6 +70,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-1188", "CWE-843", "CWE-863" ], diff --git a/advisories/unreviewed/2023/11/GHSA-qhp7-446p-xq88/GHSA-qhp7-446p-xq88.json b/advisories/unreviewed/2023/11/GHSA-qhp7-446p-xq88/GHSA-qhp7-446p-xq88.json index 33a6aa0c2b5dc..18eb340f30b73 100644 --- a/advisories/unreviewed/2023/11/GHSA-qhp7-446p-xq88/GHSA-qhp7-446p-xq88.json +++ b/advisories/unreviewed/2023/11/GHSA-qhp7-446p-xq88/GHSA-qhp7-446p-xq88.json @@ -46,6 +46,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-366", "CWE-416" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2023/11/GHSA-xr9j-c7v6-7542/GHSA-xr9j-c7v6-7542.json b/advisories/unreviewed/2023/11/GHSA-xr9j-c7v6-7542/GHSA-xr9j-c7v6-7542.json index 363cea0377cd2..6a9fb9133ed39 100644 --- a/advisories/unreviewed/2023/11/GHSA-xr9j-c7v6-7542/GHSA-xr9j-c7v6-7542.json +++ b/advisories/unreviewed/2023/11/GHSA-xr9j-c7v6-7542/GHSA-xr9j-c7v6-7542.json @@ -126,6 +126,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-1341", "CWE-416" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2023/12/GHSA-v727-f437-6cxx/GHSA-v727-f437-6cxx.json b/advisories/unreviewed/2023/12/GHSA-v727-f437-6cxx/GHSA-v727-f437-6cxx.json index c09713c594b15..fe744acbd6aef 100644 --- a/advisories/unreviewed/2023/12/GHSA-v727-f437-6cxx/GHSA-v727-f437-6cxx.json +++ b/advisories/unreviewed/2023/12/GHSA-v727-f437-6cxx/GHSA-v727-f437-6cxx.json @@ -147,6 +147,7 @@ "database_specific": { "cwe_ids": [ "CWE-362", + "CWE-366", "CWE-416" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2024/01/GHSA-prhq-c3gx-jhwg/GHSA-prhq-c3gx-jhwg.json b/advisories/unreviewed/2024/01/GHSA-prhq-c3gx-jhwg/GHSA-prhq-c3gx-jhwg.json index f32e842d8d777..9ea353073359f 100644 --- a/advisories/unreviewed/2024/01/GHSA-prhq-c3gx-jhwg/GHSA-prhq-c3gx-jhwg.json +++ b/advisories/unreviewed/2024/01/GHSA-prhq-c3gx-jhwg/GHSA-prhq-c3gx-jhwg.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-416" + "CWE-416", + "CWE-911" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-2whf-r4r4-c662/GHSA-2whf-r4r4-c662.json b/advisories/unreviewed/2026/02/GHSA-2whf-r4r4-c662/GHSA-2whf-r4r4-c662.json index be50268e17c4d..bcba65ece4f7e 100644 --- a/advisories/unreviewed/2026/02/GHSA-2whf-r4r4-c662/GHSA-2whf-r4r4-c662.json +++ b/advisories/unreviewed/2026/02/GHSA-2whf-r4r4-c662/GHSA-2whf-r4r4-c662.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-2whf-r4r4-c662", - "modified": "2026-02-03T09:30:28Z", + "modified": "2026-02-18T18:30:22Z", "published": "2026-02-03T09:30:28Z", "aliases": [ "CVE-2026-1592" diff --git a/advisories/unreviewed/2026/02/GHSA-365g-rr2h-rx65/GHSA-365g-rr2h-rx65.json b/advisories/unreviewed/2026/02/GHSA-365g-rr2h-rx65/GHSA-365g-rr2h-rx65.json new file mode 100644 index 0000000000000..414c99dc1227c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-365g-rr2h-rx65/GHSA-365g-rr2h-rx65.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-365g-rr2h-rx65", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71234" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add\n\nThe driver does not set hw->sta_data_size, which causes mac80211 to\nallocate insufficient space for driver private station data in\n__sta_info_alloc(). When rtl8xxxu_sta_add() accesses members of\nstruct rtl8xxxu_sta_info through sta->drv_priv, this results in a\nslab-out-of-bounds write.\n\nKASAN report on RISC-V (VisionFive 2) with RTL8192EU adapter:\n\n BUG: KASAN: slab-out-of-bounds in rtl8xxxu_sta_add+0x31c/0x346\n Write of size 8 at addr ffffffd6d3e9ae88 by task kworker/u16:0/12\n\nSet hw->sta_data_size to sizeof(struct rtl8xxxu_sta_info) during\nprobe, similar to how hw->vif_data_size is configured. This ensures\nmac80211 allocates sufficient space for the driver's per-station\nprivate data.\n\nTested on StarFive VisionFive 2 v1.2A board.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71234" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/116f7bd8160c6b37d1c6939385abf90f6f6ed2f5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5d810ba377eddee95d30766d360a14efbb3d1872" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9a0f3fa6ecd0c9c32dbc367a57482bbf7c7d25bf" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3cgw-cpcx-p7g4/GHSA-3cgw-cpcx-p7g4.json b/advisories/unreviewed/2026/02/GHSA-3cgw-cpcx-p7g4/GHSA-3cgw-cpcx-p7g4.json index ed7c19f52426f..1b0108fbfed45 100644 --- a/advisories/unreviewed/2026/02/GHSA-3cgw-cpcx-p7g4/GHSA-3cgw-cpcx-p7g4.json +++ b/advisories/unreviewed/2026/02/GHSA-3cgw-cpcx-p7g4/GHSA-3cgw-cpcx-p7g4.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-377" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-3w2g-4qx3-2mmw/GHSA-3w2g-4qx3-2mmw.json b/advisories/unreviewed/2026/02/GHSA-3w2g-4qx3-2mmw/GHSA-3w2g-4qx3-2mmw.json new file mode 100644 index 0000000000000..b6f90184c3909 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3w2g-4qx3-2mmw/GHSA-3w2g-4qx3-2mmw.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3w2g-4qx3-2mmw", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71232" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Free sp in error path to fix system crash\n\nSystem crash seen during load/unload test in a loop,\n\n[61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.\n[61110.467494] =============================================================================\n[61110.467498] BUG qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown()\n[61110.467501] -----------------------------------------------------------------------------\n\n[61110.467502] Slab 0x000000000ffc8162 objects=51 used=1 fp=0x00000000e25d3d85 flags=0x57ffffc0010200(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[61110.467509] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467513] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467515] Call Trace:\n[61110.467516] \n[61110.467519] dump_stack_lvl+0x34/0x48\n[61110.467526] slab_err.cold+0x53/0x67\n[61110.467534] __kmem_cache_shutdown+0x16e/0x320\n[61110.467540] kmem_cache_destroy+0x51/0x160\n[61110.467544] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467607] ? __do_sys_delete_module.constprop.0+0x178/0x280\n[61110.467613] ? syscall_trace_enter.constprop.0+0x145/0x1d0\n[61110.467616] ? do_syscall_64+0x5c/0x90\n[61110.467619] ? exc_page_fault+0x62/0x150\n[61110.467622] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[61110.467626] \n[61110.467627] Disabling lock debugging due to kernel taint\n[61110.467635] Object 0x0000000026f7e6e6 @offset=16000\n[61110.467639] ------------[ cut here ]------------\n[61110.467639] kmem_cache_destroy qla2xxx_srbs: Slab cache still has objects when called from qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467659] WARNING: CPU: 53 PID: 455206 at mm/slab_common.c:520 kmem_cache_destroy+0x14d/0x160\n[61110.467718] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G B OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467720] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467721] RIP: 0010:kmem_cache_destroy+0x14d/0x160\n[61110.467724] Code: 99 7d 07 00 48 89 ef e8 e1 6a 07 00 eb b3 48 8b 55 60 48 8b 4c 24 20 48 c7 c6 70 fc 66 90 48 c7 c7 f8 ef a1 90 e8 e1 ed 7c 00 <0f> 0b eb 93 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 55 48 89\n[61110.467725] RSP: 0018:ffffa304e489fe80 EFLAGS: 00010282\n[61110.467727] RAX: 0000000000000000 RBX: ffffffffc0d9a860 RCX: 0000000000000027\n[61110.467729] RDX: ffff8fd5ff9598a8 RSI: 0000000000000001 RDI: ffff8fd5ff9598a0\n[61110.467730] RBP: ffff8fb6aaf78700 R08: 0000000000000000 R09: 0000000100d863b7\n[61110.467731] R10: ffffa304e489fd20 R11: ffffffff913bef48 R12: 0000000040002000\n[61110.467731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[61110.467733] FS: 00007f64c89fb740(0000) GS:ffff8fd5ff940000(0000) knlGS:0000000000000000\n[61110.467734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[61110.467735] CR2: 00007f0f02bfe000 CR3: 00000020ad6dc005 CR4: 0000000000770ee0\n[61110.467736] PKRU: 55555554\n[61110.467737] Call Trace:\n[61110.467738] \n[61110.467739] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467755] ? __do_sys_delete_module.constprop.0+0x178/0x280\n\nFree sp in the error path to fix the crash.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71232" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/05fcd590e5fbbb3e9e1b4fc6c23c98a1d38cf256" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/19ac050ef09a2f0a9d9787540f77bb45cf9033e8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/aed16d37696f494288a291b4b477484ed0be774b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f04840512438ac025dea6e357d80a986b28bbe4c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4mcw-fcqm-vqg3/GHSA-4mcw-fcqm-vqg3.json b/advisories/unreviewed/2026/02/GHSA-4mcw-fcqm-vqg3/GHSA-4mcw-fcqm-vqg3.json new file mode 100644 index 0000000000000..d86d7cbb0aaa8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4mcw-fcqm-vqg3/GHSA-4mcw-fcqm-vqg3.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4mcw-fcqm-vqg3", + "modified": "2026-02-18T18:30:41Z", + "published": "2026-02-18T18:30:41Z", + "aliases": [ + "CVE-2026-2659" + ], + "details": "A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument _target_stack can lead to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2659" + }, + { + "type": "WEB", + "url": "https://github.com/albertodemichelis/squirrel/issues/311" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i311/repro" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346457" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346457" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753163" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4v8p-q39m-4pj8/GHSA-4v8p-q39m-4pj8.json b/advisories/unreviewed/2026/02/GHSA-4v8p-q39m-4pj8/GHSA-4v8p-q39m-4pj8.json new file mode 100644 index 0000000000000..9197d31f0a4f7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4v8p-q39m-4pj8/GHSA-4v8p-q39m-4pj8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4v8p-q39m-4pj8", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-20137" + ], + "details": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \"admin\" or \"power\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20137" + }, + { + "type": "WEB", + "url": "https://advisory.splunk.com/advisories/SVD-2026-0202" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4vmx-r9fj-4cm5/GHSA-4vmx-r9fj-4cm5.json b/advisories/unreviewed/2026/02/GHSA-4vmx-r9fj-4cm5/GHSA-4vmx-r9fj-4cm5.json new file mode 100644 index 0000000000000..81c8fc769fd04 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4vmx-r9fj-4cm5/GHSA-4vmx-r9fj-4cm5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4vmx-r9fj-4cm5", + "modified": "2026-02-18T18:30:41Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-20139" + ], + "details": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20139" + }, + { + "type": "WEB", + "url": "https://advisory.splunk.com/advisories/SVD-2026-0204" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-400" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json b/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json new file mode 100644 index 0000000000000..5f43ff3dcbfb9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-55vh-w3p8-qq9g", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70141" + ], + "details": "SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An unauthenticated remote attacker can perform sensitive operations such as creating customers and deleting users (including the admin account), as well as modifying or deleting other application records (tickets, departments, comments), resulting in unauthorized data modification.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70141" + }, + { + "type": "WEB", + "url": "https://www.sourcecodester.com/download-code?nid=14587&title=Customer+Support+System+using+PHP%2FMySQLi+with+Source+Code" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70141-Customer-Support-BAC" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5jgq-pv8m-5cx7/GHSA-5jgq-pv8m-5cx7.json b/advisories/unreviewed/2026/02/GHSA-5jgq-pv8m-5cx7/GHSA-5jgq-pv8m-5cx7.json new file mode 100644 index 0000000000000..95597dbc48090 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5jgq-pv8m-5cx7/GHSA-5jgq-pv8m-5cx7.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5jgq-pv8m-5cx7", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23226" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add chann_lock to protect ksmbd_chann_list xarray\n\nksmbd_chann_list xarray lacks synchronization, allowing use-after-free in\nmulti-channel sessions (between lookup_chann_list() and ksmbd_chann_del).\n\nAdds rw_semaphore chann_lock to struct ksmbd_session and protects\nall xa_load/xa_store/xa_erase accesses.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23226" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/36ef605c0395b94b826a8c8d6f2697071173de6e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e4a8a96a93d08570e0405cfd989a8a07e5b6ff33" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json b/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json new file mode 100644 index 0000000000000..89bf8cfaa988e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5pqm-c33h-22jc", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70146" + ], + "details": "Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70146" + }, + { + "type": "WEB", + "url": "https://projectworlds.com/online-time-table-generator-php-mysql" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70146-OTTTG-Unauth-Deletion" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5q5x-wqxc-vv25/GHSA-5q5x-wqxc-vv25.json b/advisories/unreviewed/2026/02/GHSA-5q5x-wqxc-vv25/GHSA-5q5x-wqxc-vv25.json new file mode 100644 index 0000000000000..5ae2cdead35c8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5q5x-wqxc-vv25/GHSA-5q5x-wqxc-vv25.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5q5x-wqxc-vv25", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70150" + ], + "details": "CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70150" + }, + { + "type": "WEB", + "url": "https://www.phpscriptsonline.com/product/membership-management-software" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70150-Membership-Unauth-Delete" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5qf3-3gp9-pjx6/GHSA-5qf3-3gp9-pjx6.json b/advisories/unreviewed/2026/02/GHSA-5qf3-3gp9-pjx6/GHSA-5qf3-3gp9-pjx6.json new file mode 100644 index 0000000000000..9c236c4a9f1b4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5qf3-3gp9-pjx6/GHSA-5qf3-3gp9-pjx6.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5qf3-3gp9-pjx6", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23222" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly\n\nThe existing allocation of scatterlists in omap_crypto_copy_sg_lists()\nwas allocating an array of scatterlist pointers, not scatterlist objects,\nresulting in a 4x too small allocation.\n\nUse sizeof(*new_sg) to get the correct object size.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23222" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2ed27b5a1174351148c3adbfc0cd86d54072ba2e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/6edf8df4bd29f7bfd245b67b2c31d905f1cfc14b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c184341920ed78b6466360ed7b45b8922586c38f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d1836c628cb72734eb5f7dfd4c996a9c18bba3ad" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5qq8-6gv4-wmcc/GHSA-5qq8-6gv4-wmcc.json b/advisories/unreviewed/2026/02/GHSA-5qq8-6gv4-wmcc/GHSA-5qq8-6gv4-wmcc.json new file mode 100644 index 0000000000000..ccdda4562e27d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5qq8-6gv4-wmcc/GHSA-5qq8-6gv4-wmcc.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5qq8-6gv4-wmcc", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-15579" + ], + "details": "Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\nThis issue affects Directory Services: from 10.5 through 26.1.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Red" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15579" + }, + { + "type": "WEB", + "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-636r-hfj8-v9m7/GHSA-636r-hfj8-v9m7.json b/advisories/unreviewed/2026/02/GHSA-636r-hfj8-v9m7/GHSA-636r-hfj8-v9m7.json index 85329480ef21b..73cf5cf59f57a 100644 --- a/advisories/unreviewed/2026/02/GHSA-636r-hfj8-v9m7/GHSA-636r-hfj8-v9m7.json +++ b/advisories/unreviewed/2026/02/GHSA-636r-hfj8-v9m7/GHSA-636r-hfj8-v9m7.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-636r-hfj8-v9m7", - "modified": "2026-02-05T18:30:32Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-05T18:30:32Z", "aliases": [ "CVE-2026-0715" ], "details": "Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-64jv-v62f-2xrg/GHSA-64jv-v62f-2xrg.json b/advisories/unreviewed/2026/02/GHSA-64jv-v62f-2xrg/GHSA-64jv-v62f-2xrg.json new file mode 100644 index 0000000000000..641fe2b08c0ff --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-64jv-v62f-2xrg/GHSA-64jv-v62f-2xrg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-64jv-v62f-2xrg", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-20141" + ], + "details": "In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the \"admin\" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.

The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20141" + }, + { + "type": "WEB", + "url": "https://advisory.splunk.com/advisories/SVD-2026-0206" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json b/advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json new file mode 100644 index 0000000000000..2e3227d1f630e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6rjp-j8mc-4f57", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-2657" + ], + "details": "A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2657" + }, + { + "type": "WEB", + "url": "https://github.com/wren-lang/wren/issues/1221" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i1221/repro" + }, + { + "type": "WEB", + "url": "https://github.com/wren-lang/wren" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346455" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346455" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752791" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json b/advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json new file mode 100644 index 0000000000000..d3013aa26201c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6xrx-3vj8-2rjc", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-71230" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: ensure sb->s_fs_info is always cleaned up\n\nWhen hfs was converted to the new mount api a bug was introduced by\nchanging the allocation pattern of sb->s_fs_info. If setup_bdev_super()\nfails after a new superblock has been allocated by sget_fc(), but before\nhfs_fill_super() takes ownership of the filesystem-specific s_fs_info\ndata it was leaked.\n\nFix this by freeing sb->s_fs_info in hfs_kill_super().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71230" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/399219831514126bc9541e8eadefe02c6fbd9166" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/46c1d56ad321fb024761abd9af61a0cb616cf2f6" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json index 7b0a56750956f..fe2beee4b60ab 100644 --- a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json +++ b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json @@ -26,6 +26,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-284", "CWE-288" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json b/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json index 327b526f1d626..ad4b1df5bf041 100644 --- a/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json +++ b/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-74rw-28vp-8wh9", - "modified": "2026-02-06T09:30:28Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-06T09:30:28Z", "aliases": [ "CVE-2026-0521" ], "details": "A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.\n\n\n\nThis issue was verified in MAP+: 3.4.0.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json b/advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json new file mode 100644 index 0000000000000..24d12465b54be --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-78xc-39m5-v2c6", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71233" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Avoid creating sub-groups asynchronously\n\nThe asynchronous creation of sub-groups by a delayed work could lead to a\nNULL pointer dereference when the driver directory is removed before the\nwork completes.\n\nThe crash can be easily reproduced with the following commands:\n\n # cd /sys/kernel/config/pci_ep/functions/pci_epf_test\n # for i in {1..20}; do mkdir test && rmdir test; done\n\n BUG: kernel NULL pointer dereference, address: 0000000000000088\n ...\n Call Trace:\n configfs_register_group+0x3d/0x190\n pci_epf_cfs_work+0x41/0x110\n process_one_work+0x18f/0x350\n worker_thread+0x25a/0x3a0\n\nFix this issue by using configfs_add_default_group() API which does not\nhave the deadlock problem as configfs_register_group() and does not require\nthe delayed work handler.\n\n[mani: slightly reworded the description and added stable list]", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71233" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/24a253c3aa6d9a2cde46158ce9782e023bfbf32d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/73cee890adafa2c219bb865356e08e7f82423fe5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d9af3cf58bb4c8d6dea4166011c780756b1138b5" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json b/advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json new file mode 100644 index 0000000000000..bdefd92383ede --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7fjm-558r-4j8r", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70148" + ], + "details": "Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70148" + }, + { + "type": "WEB", + "url": "https://www.phpscriptsonline.com/product/membership-management-software" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70148-Membership-IDOR" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json b/advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json new file mode 100644 index 0000000000000..a7ca0379d3cc8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7p94-766c-hgjp", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-14009" + ], + "details": "A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as __init__.py, these files are executed automatically upon import, leading to remote code execution. This issue can result in full system compromise, including file system access, network access, and potential persistence mechanisms.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14009" + }, + { + "type": "WEB", + "url": "https://huntr.com/bounties/49ecbc02-054e-4470-b2e0-b267936cc4e4" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json b/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json index 977856997d094..20e8e93f6cfb1 100644 --- a/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json +++ b/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-85h6-5m3v-gx37", - "modified": "2026-02-18T15:31:27Z", + "modified": "2026-02-18T18:30:38Z", "published": "2026-02-18T15:31:27Z", "aliases": [ "CVE-2026-27099" ], "details": "Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the \"Mark temporarily offline\" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T15:18:43Z" diff --git a/advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json b/advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json new file mode 100644 index 0000000000000..2de5576a67e7f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-876r-52fj-4pxf", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71235" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Delay module unload while fabric scan in progress\n\nSystem crash seen during load/unload test in a loop.\n\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\n[105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\n[105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\n[105954.384928] PKRU: 55555554\n[105954.384929] Call Trace:\n[105954.384931] \n[105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]\n[105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx]\n[105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx]\n[105954.384999] ? __wake_up_common+0x80/0x190\n[105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx]\n[105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx]\n[105954.385040] ? __handle_irq_event_percpu+0x3d/0x190\n[105954.385044] ? handle_irq_event+0x58/0xb0\n[105954.385046] ? handle_edge_irq+0x93/0x240\n[105954.385050] ? __common_interrupt+0x41/0xa0\n[105954.385055] ? common_interrupt+0x3e/0xa0\n[105954.385060] ? asm_common_interrupt+0x22/0x40\n\nThe root cause of this was that there was a free (dma_free_attrs) in the\ninterrupt context. There was a device discovery/fabric scan in\nprogress. A module unload was issued which set the UNLOADING flag. As\npart of the discovery, after receiving an interrupt a work queue was\nscheduled (which involved a work to be queued). Since the UNLOADING\nflag is set, the work item was not allocated and the mapped memory had\nto be freed. The free occurred in interrupt context leading to system\ncrash. Delay the driver unload until the fabric scan is complete to\navoid the crash.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71235" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8j5g-3q2r-xfjh/GHSA-8j5g-3q2r-xfjh.json b/advisories/unreviewed/2026/02/GHSA-8j5g-3q2r-xfjh/GHSA-8j5g-3q2r-xfjh.json new file mode 100644 index 0000000000000..5ff8a05c13e27 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8j5g-3q2r-xfjh/GHSA-8j5g-3q2r-xfjh.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8j5g-3q2r-xfjh", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23224" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix UAF issue for file-backed mounts w/ directio option\n\n[ 9.269940][ T3222] Call trace:\n[ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108\n[ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198\n[ 9.269993][ T3222] erofs_fileio_rq_submit+0x12c/0x180\n[ 9.270008][ T3222] erofs_fileio_submit_bio+0x14/0x24\n[ 9.270030][ T3222] z_erofs_runqueue+0x834/0x8ac\n[ 9.270054][ T3222] z_erofs_read_folio+0x120/0x220\n[ 9.270083][ T3222] filemap_read_folio+0x60/0x120\n[ 9.270102][ T3222] filemap_fault+0xcac/0x1060\n[ 9.270119][ T3222] do_pte_missing+0x2d8/0x1554\n[ 9.270131][ T3222] handle_mm_fault+0x5ec/0x70c\n[ 9.270142][ T3222] do_page_fault+0x178/0x88c\n[ 9.270167][ T3222] do_translation_fault+0x38/0x54\n[ 9.270183][ T3222] do_mem_abort+0x54/0xac\n[ 9.270208][ T3222] el0_da+0x44/0x7c\n[ 9.270227][ T3222] el0t_64_sync_handler+0x5c/0xf4\n[ 9.270253][ T3222] el0t_64_sync+0x1bc/0x1c0\n\nEROFS may encounter above panic when enabling file-backed mount w/\ndirectio mount option, the root cause is it may suffer UAF in below\nrace condition:\n\n- z_erofs_read_folio wq s_dio_done_wq\n - z_erofs_runqueue\n - erofs_fileio_submit_bio\n - erofs_fileio_rq_submit\n - vfs_iocb_iter_read\n - ext4_file_read_iter\n - ext4_dio_read_iter\n - iomap_dio_rw\n : bio was submitted and return -EIOCBQUEUED\n - dio_aio_complete_work\n - dio_complete\n - dio->iocb->ki_complete (erofs_fileio_ki_complete())\n - kfree(rq)\n : it frees iocb, iocb.ki_filp can be UAF in file_accessed().\n - file_accessed\n : access NULL file point\n\nIntroduce a reference count in struct erofs_fileio_rq, and initialize it\nas two, both erofs_fileio_ki_complete() and erofs_fileio_rq_submit() will\ndecrease reference count, the last one decreasing the reference count\nto zero will free rq.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23224" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ae385826840a3c8e09bf38cac90adcd690716f57" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b2ee5e4d5446babd23ff7beb4e636be0fb3ea5aa" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d741534302f71c511eb0bb670b92eaa7df4a0aec" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json b/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json index 77e61c9efb6e4..31bb4f1e329d7 100644 --- a/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json +++ b/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-288" + "CWE-288", + "CWE-400" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json b/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json new file mode 100644 index 0000000000000..ecca6b38fb478 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8rqj-9226-cwx7", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70151" + ], + "details": "code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied filename without validating the file type or extension. By uploading a PHP file and then requesting it from /uploads/, an attacker can execute arbitrary PHP code as the web server user.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70151" + }, + { + "type": "WEB", + "url": "https://code-projects.org/scholars-tracking-system-in-php-with-source-code" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70151-Scholars-FileUpload-RCE" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9pjv-cqr5-4xh7/GHSA-9pjv-cqr5-4xh7.json b/advisories/unreviewed/2026/02/GHSA-9pjv-cqr5-4xh7/GHSA-9pjv-cqr5-4xh7.json new file mode 100644 index 0000000000000..f4c8d9cba9d5b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9pjv-cqr5-4xh7/GHSA-9pjv-cqr5-4xh7.json @@ -0,0 +1,96 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9pjv-cqr5-4xh7", + "modified": "2026-02-18T18:30:41Z", + "published": "2026-02-18T18:30:41Z", + "aliases": [ + "CVE-2026-2658" + ], + "details": "A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2658" + }, + { + "type": "WEB", + "url": "https://github.com/newbee-ltd/newbee-mall/issues/106" + }, + { + "type": "WEB", + "url": "https://github.com/newbee-ltd/newbee-mall/issues/107" + }, + { + "type": "WEB", + "url": "https://github.com/newbee-ltd/newbee-mall" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346456" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346456" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752797" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752798" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752799" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752800" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752801" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752802" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752803" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752804" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752805" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752806" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9wwr-2jh3-482p/GHSA-9wwr-2jh3-482p.json b/advisories/unreviewed/2026/02/GHSA-9wwr-2jh3-482p/GHSA-9wwr-2jh3-482p.json new file mode 100644 index 0000000000000..8a83d4beed92d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9wwr-2jh3-482p/GHSA-9wwr-2jh3-482p.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9wwr-2jh3-482p", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23220" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths\n\nThe problem occurs when a signed request fails smb2 signature verification\ncheck. In __process_request(), if check_sign_req() returns an error,\nset_smb2_rsp_status(work, STATUS_ACCESS_DENIED) is called.\nset_smb2_rsp_status() set work->next_smb2_rcv_hdr_off as zero. By resetting\nnext_smb2_rcv_hdr_off to zero, the pointer to the next command in the chain\nis lost. Consequently, is_chained_smb2_message() continues to point to\nthe same request header instead of advancing. If the header's NextCommand\nfield is non-zero, the function returns true, causing __handle_ksmbd_work()\nto repeatedly process the same failed request in an infinite loop.\nThis results in the kernel log being flooded with \"bad smb2 signature\"\nmessages and high CPU usage.\n\nThis patch fixes the issue by changing the return value from\nSERVER_HANDLER_CONTINUE to SERVER_HANDLER_ABORT. This ensures that\nthe processing loop terminates immediately rather than attempting to\ncontinue from an invalidated offset.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23220" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5accdc5b7f28a81bbc5880ac0b8886e60c86e8c8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/71b5e7c528315ca360a1825a4ad2f8ae48c5dc16" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9135e791ec2709bcf0cda0335535c74762489498" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f7b1c2f5642bbd60b1beef1f3298cbac81eb232c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json b/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json index 56e6e2ccb704d..2b556ed679ad7 100644 --- a/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json +++ b/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-c56r-fcf4-6rp2", - "modified": "2026-02-17T21:31:14Z", + "modified": "2026-02-18T18:30:35Z", "published": "2026-02-17T21:31:14Z", "aliases": [ "CVE-2026-22769" @@ -19,6 +19,14 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22769" }, + { + "type": "WEB", + "url": "https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769" + }, { "type": "WEB", "url": "https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079" diff --git a/advisories/unreviewed/2026/02/GHSA-chpq-fr33-gp2m/GHSA-chpq-fr33-gp2m.json b/advisories/unreviewed/2026/02/GHSA-chpq-fr33-gp2m/GHSA-chpq-fr33-gp2m.json new file mode 100644 index 0000000000000..d042df595b1e6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-chpq-fr33-gp2m/GHSA-chpq-fr33-gp2m.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-chpq-fr33-gp2m", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-2507" + ], + "details": "When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2507" + }, + { + "type": "WEB", + "url": "https://my.f5.com/manage/s/article/K000160003" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-f2fg-5m3g-hqwv/GHSA-f2fg-5m3g-hqwv.json b/advisories/unreviewed/2026/02/GHSA-f2fg-5m3g-hqwv/GHSA-f2fg-5m3g-hqwv.json new file mode 100644 index 0000000000000..9787b8ae1e39c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-f2fg-5m3g-hqwv/GHSA-f2fg-5m3g-hqwv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f2fg-5m3g-hqwv", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-65519" + ], + "details": "mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested malicious files. This results in CPU exhaustion, service degradation, or complete service unavailability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65519" + }, + { + "type": "WEB", + "url": "https://github.com/ictrun/EBK-SA-2025-001" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-674" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-f5pv-9whq-7mv7/GHSA-f5pv-9whq-7mv7.json b/advisories/unreviewed/2026/02/GHSA-f5pv-9whq-7mv7/GHSA-f5pv-9whq-7mv7.json new file mode 100644 index 0000000000000..02ecb48a96ecf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-f5pv-9whq-7mv7/GHSA-f5pv-9whq-7mv7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f5pv-9whq-7mv7", + "modified": "2026-02-18T18:30:41Z", + "published": "2026-02-18T18:30:41Z", + "aliases": [ + "CVE-2026-20144" + ], + "details": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20144" + }, + { + "type": "WEB", + "url": "https://advisory.splunk.com/advisories/SVD-2026-0209" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-532" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json b/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json index 19cf6653aedee..2b5fbe79d83f6 100644 --- a/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json +++ b/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-f7cx-4c4g-9g59", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T18:30:38Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2025-61982" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2292" + }, + { + "type": "WEB", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2292" } ], "database_specific": { diff --git a/advisories/unreviewed/2026/02/GHSA-f7pj-q7w5-89fg/GHSA-f7pj-q7w5-89fg.json b/advisories/unreviewed/2026/02/GHSA-f7pj-q7w5-89fg/GHSA-f7pj-q7w5-89fg.json new file mode 100644 index 0000000000000..8e276b81e5f52 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-f7pj-q7w5-89fg/GHSA-f7pj-q7w5-89fg.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f7pj-q7w5-89fg", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71236" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Validate sp before freeing associated memory\n\nSystem crash with the following signature\n[154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete\n[154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.\n[154564.169405] qla2xxx [0000:b0:00.1]-ffffff:2: SET ZIO Activity exchange threshold to 5.\n[154565.539974] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed – 0078 0080 0000.\n[154565.545744] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed – 0078 00a0 0000.\n[154565.545857] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate).\n[154565.552760] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate).\n[154565.553079] BUG: kernel NULL pointer dereference, address: 00000000000000f8\n[154565.553080] #PF: supervisor read access in kernel mode\n[154565.553082] #PF: error_code(0x0000) - not-present page\n[154565.553084] PGD 80000010488ab067 P4D 80000010488ab067 PUD 104978a067 PMD 0\n[154565.553089] Oops: 0000 1 PREEMPT SMP PTI\n[154565.553092] CPU: 10 PID: 858 Comm: qla2xxx_2_dpc Kdump: loaded Tainted: G OE ------- --- 5.14.0-503.11.1.el9_5.x86_64 #1\n[154565.553096] Hardware name: HPE Synergy 660 Gen10/Synergy 660 Gen10 Compute Module, BIOS I43 09/30/2024\n[154565.553097] RIP: 0010:qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]\n[154565.553141] Code: 00 00 e8 58 a3 ec d4 49 89 e9 ba 12 20 00 00 4c 89 e6 49 c7 c0 00 ee a8 c0 48 c7 c1 66 c0 a9 c0 bf 00 80 00 10 e8 15 69 00 00 <4c> 8b 8d f8 00 00 00 4d 85 c9 74 35 49 8b 84 24 00 19 00 00 48 8b\n[154565.553143] RSP: 0018:ffffb4dbc8aebdd0 EFLAGS: 00010286\n[154565.553145] RAX: 0000000000000000 RBX: ffff8ec2cf0908d0 RCX: 0000000000000002\n[154565.553147] RDX: 0000000000000000 RSI: ffffffffc0a9c896 RDI: ffffb4dbc8aebd47\n[154565.553148] RBP: 0000000000000000 R08: ffffb4dbc8aebd45 R09: 0000000000ffff0a\n[154565.553150] R10: 0000000000000000 R11: 000000000000000f R12: ffff8ec2cf0908d0\n[154565.553151] R13: ffff8ec2cf090900 R14: 0000000000000102 R15: ffff8ec2cf084000\n[154565.553152] FS: 0000000000000000(0000) GS:ffff8ed27f800000(0000) knlGS:0000000000000000\n[154565.553154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[154565.553155] CR2: 00000000000000f8 CR3: 000000113ae0a005 CR4: 00000000007706f0\n[154565.553157] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[154565.553158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[154565.553159] PKRU: 55555554\n[154565.553160] Call Trace:\n[154565.553162] \n[154565.553165] ? show_trace_log_lvl+0x1c4/0x2df\n[154565.553172] ? show_trace_log_lvl+0x1c4/0x2df\n[154565.553177] ? qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]\n[154565.553215] ? __die_body.cold+0x8/0xd\n[154565.553218] ? page_fault_oops+0x134/0x170\n[154565.553223] ? snprintf+0x49/0x70\n[154565.553229] ? exc_page_fault+0x62/0x150\n[154565.553238] ? asm_exc_page_fault+0x22/0x30\n\nCheck for sp being non NULL before freeing any associated memory", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71236" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1a9585e4c58d1f1662b3ca46110ed4f583082ce5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/40ae93668226b610edb952c6036f607a61750b57" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/944378ead9a48d5d50e9e3cc85e4cdb911c37ca1" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/949010291bb941d53733ed08a33454254d9afb1b" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fqrv-m9rv-j33j/GHSA-fqrv-m9rv-j33j.json b/advisories/unreviewed/2026/02/GHSA-fqrv-m9rv-j33j/GHSA-fqrv-m9rv-j33j.json new file mode 100644 index 0000000000000..f089e1845901b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fqrv-m9rv-j33j/GHSA-fqrv-m9rv-j33j.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fqrv-m9rv-j33j", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-70998" + ], + "details": "UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70998" + }, + { + "type": "WEB", + "url": "https://github.com/cha0yang1/UTT-nv810v4-telnet-backdoor" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1188" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g3vh-wfh4-fp76/GHSA-g3vh-wfh4-fp76.json b/advisories/unreviewed/2026/02/GHSA-g3vh-wfh4-fp76/GHSA-g3vh-wfh4-fp76.json new file mode 100644 index 0000000000000..d0f1a3d713ba5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g3vh-wfh4-fp76/GHSA-g3vh-wfh4-fp76.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g3vh-wfh4-fp76", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23227" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free\n\nExynos Virtual Display driver performs memory alloc/free operations\nwithout lock protection, which easily causes concurrency problem.\n\nFor example, use-after-free can occur in race scenario like this:\n```\n\tCPU0\t\t\t\tCPU1\t\t\t\tCPU2\n\t----\t\t\t\t----\t\t\t\t----\n vidi_connection_ioctl()\n if (vidi->connection) // true\n drm_edid = drm_edid_alloc(); // alloc drm_edid\n ...\n ctx->raw_edid = drm_edid;\n ...\n\t\t\t\t\t\t\t\tdrm_mode_getconnector()\n\t\t\t\t\t\t\t\t drm_helper_probe_single_connector_modes()\n\t\t\t\t\t\t\t\t vidi_get_modes()\n\t\t\t\t\t\t\t\t if (ctx->raw_edid) // true\n\t\t\t\t\t\t\t\t drm_edid_dup(ctx->raw_edid);\n\t\t\t\t\t\t\t\t if (!drm_edid) // false\n\t\t\t\t\t\t\t\t ...\n\t\t\t\tvidi_connection_ioctl()\n\t\t\t\t if (vidi->connection) // false\n\t\t\t\t drm_edid_free(ctx->raw_edid); // free drm_edid\n\t\t\t\t ...\n\t\t\t\t\t\t\t\t drm_edid_alloc(drm_edid->edid)\n\t\t\t\t\t\t\t\t kmemdup(edid); // UAF!!\n\t\t\t\t\t\t\t\t ...\n```\n\nTo prevent these vulns, at least in vidi_context, member variables related\nto memory alloc/free should be protected with ctx->lock.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23227" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0cd2c155740dbd00868ac5a8ae5d14cd6b9ed385" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/60b75407c172e1f341a8a5097c5cbc97dbbdd893" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g4wf-v389-9w53/GHSA-g4wf-v389-9w53.json b/advisories/unreviewed/2026/02/GHSA-g4wf-v389-9w53/GHSA-g4wf-v389-9w53.json index f34fed717a9c1..844bd1e2c59c4 100644 --- a/advisories/unreviewed/2026/02/GHSA-g4wf-v389-9w53/GHSA-g4wf-v389-9w53.json +++ b/advisories/unreviewed/2026/02/GHSA-g4wf-v389-9w53/GHSA-g4wf-v389-9w53.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-g4wf-v389-9w53", - "modified": "2026-02-03T09:30:28Z", + "modified": "2026-02-18T18:30:22Z", "published": "2026-02-03T09:30:28Z", "aliases": [ "CVE-2026-1591" diff --git a/advisories/unreviewed/2026/02/GHSA-h437-rr98-fx56/GHSA-h437-rr98-fx56.json b/advisories/unreviewed/2026/02/GHSA-h437-rr98-fx56/GHSA-h437-rr98-fx56.json new file mode 100644 index 0000000000000..39c71f21b1a2e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-h437-rr98-fx56/GHSA-h437-rr98-fx56.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h437-rr98-fx56", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23223" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix UAF in xchk_btree_check_block_owner\n\nWe cannot dereference bs->cur when trying to determine if bs->cur\naliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed.\nFix this by sampling before type before any freeing could happen.\nThe correct temporal ordering was broken when we removed xfs_btnum_t.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23223" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1d411278dda293a507cb794db7d9ed3511c685c6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ba5264610423d9653aa36920520902d83841bcfd" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ed82e7949f5cac3058f4100f3cd670531d41a266" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json b/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json new file mode 100644 index 0000000000000..b92de6f89b751 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hcrc-x9p4-f9jh", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70152" + ], + "details": "code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70152" + }, + { + "type": "WEB", + "url": "https://code-projects.org/scholars-tracking-system-in-php-with-source-code" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70152-Scholars-SQLi-Missing-Auth" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hxp3-qj63-m9j9/GHSA-hxp3-qj63-m9j9.json b/advisories/unreviewed/2026/02/GHSA-hxp3-qj63-m9j9/GHSA-hxp3-qj63-m9j9.json index 1ffb44e84eae6..11e3ba70bf164 100644 --- a/advisories/unreviewed/2026/02/GHSA-hxp3-qj63-m9j9/GHSA-hxp3-qj63-m9j9.json +++ b/advisories/unreviewed/2026/02/GHSA-hxp3-qj63-m9j9/GHSA-hxp3-qj63-m9j9.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-400" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-j6h2-wr53-6vcg/GHSA-j6h2-wr53-6vcg.json b/advisories/unreviewed/2026/02/GHSA-j6h2-wr53-6vcg/GHSA-j6h2-wr53-6vcg.json new file mode 100644 index 0000000000000..25b2b77eec1f3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-j6h2-wr53-6vcg/GHSA-j6h2-wr53-6vcg.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j6h2-wr53-6vcg", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23228" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()\n\nOn kthread_run() failure in ksmbd_tcp_new_connection(), the transport is\nfreed via free_transport(), which does not decrement active_num_conn,\nleaking this counter.\n\nReplace free_transport() with ksmbd_tcp_disconnect().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23228" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/599271110c35f6b16e2e4e45b9fbd47ed378c982" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/787769c8cc50416af7b8b1a36e6bcd6aaa7680aa" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/baf664fc90a6139a39a58333e4aaa390c10d45dc" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/cd25e0d809531a67e9dd53b19012d27d2b13425f" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-j87r-wgfm-7fjj/GHSA-j87r-wgfm-7fjj.json b/advisories/unreviewed/2026/02/GHSA-j87r-wgfm-7fjj/GHSA-j87r-wgfm-7fjj.json new file mode 100644 index 0000000000000..edaeeda4887fe --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-j87r-wgfm-7fjj/GHSA-j87r-wgfm-7fjj.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j87r-wgfm-7fjj", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23229" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: virtio - Add spinlock protection with virtqueue notification\n\nWhen VM boots with one virtio-crypto PCI device and builtin backend,\nrun openssl benchmark command with multiple processes, such as\n openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32\n\nopenssl processes will hangup and there is error reported like this:\n virtio_crypto virtio0: dataq.0:id 3 is not a head!\n\nIt seems that the data virtqueue need protection when it is handled\nfor virtio done notification. If the spinlock protection is added\nin virtcrypto_done_task(), openssl benchmark with multiple processes\nworks well.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23229" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/49c57c6c108931a914ed94e3c0ddb974008260a3" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c0a0ded3bb7fd45f720faa48449a930153257d3a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d6f0d586808689963e58fd739bed626ff5013b24" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e69a7b0a71b6561b3b6459f1fded8d589f2e8ac2" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jggw-c47g-3w3q/GHSA-jggw-c47g-3w3q.json b/advisories/unreviewed/2026/02/GHSA-jggw-c47g-3w3q/GHSA-jggw-c47g-3w3q.json index 8de01d65798ed..99b4c77dd87af 100644 --- a/advisories/unreviewed/2026/02/GHSA-jggw-c47g-3w3q/GHSA-jggw-c47g-3w3q.json +++ b/advisories/unreviewed/2026/02/GHSA-jggw-c47g-3w3q/GHSA-jggw-c47g-3w3q.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-jggw-c47g-3w3q", - "modified": "2026-02-05T18:30:32Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-05T18:30:32Z", "aliases": [ "CVE-2026-0714" ], "details": "A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-jp99-8xc8-367m/GHSA-jp99-8xc8-367m.json b/advisories/unreviewed/2026/02/GHSA-jp99-8xc8-367m/GHSA-jp99-8xc8-367m.json new file mode 100644 index 0000000000000..73ff26837c6b7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jp99-8xc8-367m/GHSA-jp99-8xc8-367m.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jp99-8xc8-367m", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23221" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix use-after-free in driver_override_show()\n\nThe driver_override_show() function reads the driver_override string\nwithout holding the device_lock. However, driver_override_store() uses\ndriver_set_override(), which modifies and frees the string while holding\nthe device_lock.\n\nThis can result in a concurrent use-after-free if the string is freed\nby the store function while being read by the show function.\n\nFix this by holding the device_lock around the read operation.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23221" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1d6bd6183e723a7b256ff34bbb5b498b5f4f2ec0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a2ae33e1c6361e960a4d00f7cf75d880b54f9528" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m34c-wrf8-mw69/GHSA-m34c-wrf8-mw69.json b/advisories/unreviewed/2026/02/GHSA-m34c-wrf8-mw69/GHSA-m34c-wrf8-mw69.json new file mode 100644 index 0000000000000..029b80444b10b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-m34c-wrf8-mw69/GHSA-m34c-wrf8-mw69.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m34c-wrf8-mw69", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71237" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: Fix potential block overflow that cause system hang\n\nWhen a user executes the FITRIM command, an underflow can occur when\ncalculating nblocks if end_block is too small. Since nblocks is of\ntype sector_t, which is u64, a negative nblocks value will become a\nvery large positive integer. This ultimately leads to the block layer\nfunction __blkdev_issue_discard() taking an excessively long time to\nprocess the bio chain, and the ns_segctor_sem lock remains held for a\nlong period. This prevents other tasks from acquiring the ns_segctor_sem\nlock, resulting in the hang reported by syzbot in [1].\n\nIf the ending block is too small, typically if it is smaller than 4KiB\nrange, depending on the usage of the segment 0, it may be possible to\nattempt a discard request beyond the device size causing the hang.\n\nExiting successfully and assign the discarded size (0 in this case)\nto range->len.\n\nAlthough the start and len values in the user input range are too small,\na conservative strategy is adopted here to safely ignore them, which is\nequivalent to a no-op; it will not perform any trimming and will not\nthrow an error.\n\n[1]\ntask:segctord state:D stack:28968 pid:6093 tgid:6093 ppid:2 task_flags:0x200040 flags:0x00080000\nCall Trace:\n rwbase_write_lock+0x3dd/0x750 kernel/locking/rwbase_rt.c:272\n nilfs_transaction_lock+0x253/0x4c0 fs/nilfs2/segment.c:357\n nilfs_segctor_thread_construct fs/nilfs2/segment.c:2569 [inline]\n nilfs_segctor_thread+0x6ec/0xe00 fs/nilfs2/segment.c:2684\n\n[ryusuke: corrected part of the commit message about the consequences]", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71237" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4aa45f841413cca81882602b4042c53502f34cad" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b8c5ee234bd54f1447c846101fdaef2cf70c2149" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/df1e20796c9f3d541cca47fb72e4369ea135642d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ea2278657ad0d62596589fbe2caf995e189e65e7" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m4f3-qp2w-gwh6/GHSA-m4f3-qp2w-gwh6.json b/advisories/unreviewed/2026/02/GHSA-m4f3-qp2w-gwh6/GHSA-m4f3-qp2w-gwh6.json new file mode 100644 index 0000000000000..f89bc387274d7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-m4f3-qp2w-gwh6/GHSA-m4f3-qp2w-gwh6.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m4f3-qp2w-gwh6", + "modified": "2026-02-18T18:30:41Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-24708" + ], + "details": "An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24708" + }, + { + "type": "WEB", + "url": "https://bugs.launchpad.net/nova/+bug/2137507" + }, + { + "type": "WEB", + "url": "https://www.openwall.com/lists/oss-security/2026/02/17/7" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-669" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json b/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json new file mode 100644 index 0000000000000..6013449d93966 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m4v3-95xp-3j5h", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70147" + ], + "details": "Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70147" + }, + { + "type": "WEB", + "url": "https://projectworlds.com/online-time-table-generator-php-mysql" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70147-OTTTG-Info-Disclosure" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-mc8x-4j6m-qj3r/GHSA-mc8x-4j6m-qj3r.json b/advisories/unreviewed/2026/02/GHSA-mc8x-4j6m-qj3r/GHSA-mc8x-4j6m-qj3r.json index df6640dd80d20..c454d322223a0 100644 --- a/advisories/unreviewed/2026/02/GHSA-mc8x-4j6m-qj3r/GHSA-mc8x-4j6m-qj3r.json +++ b/advisories/unreviewed/2026/02/GHSA-mc8x-4j6m-qj3r/GHSA-mc8x-4j6m-qj3r.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-mc8x-4j6m-qj3r", - "modified": "2026-02-06T15:31:02Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-06T15:31:02Z", "aliases": [ "CVE-2025-13818" ], "details": "Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-mx4x-pxgm-r77w/GHSA-mx4x-pxgm-r77w.json b/advisories/unreviewed/2026/02/GHSA-mx4x-pxgm-r77w/GHSA-mx4x-pxgm-r77w.json new file mode 100644 index 0000000000000..ea6059e047666 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mx4x-pxgm-r77w/GHSA-mx4x-pxgm-r77w.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mx4x-pxgm-r77w", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71231" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode\n\nThe local variable 'i' is initialized with -EINVAL, but the for loop\nimmediately overwrites it and -EINVAL is never returned.\n\nIf no empty compression mode can be found, the function would return the\nout-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid\narray access in add_iaa_compression_mode().\n\nFix both issues by returning either a valid index or -EINVAL.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71231" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p525-h9pq-233r/GHSA-p525-h9pq-233r.json b/advisories/unreviewed/2026/02/GHSA-p525-h9pq-233r/GHSA-p525-h9pq-233r.json new file mode 100644 index 0000000000000..f43c4e522439a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p525-h9pq-233r/GHSA-p525-h9pq-233r.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p525-h9pq-233r", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23225" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/mmcid: Don't assume CID is CPU owned on mode switch\n\nShinichiro reported a KASAN UAF, which is actually an out of bounds access\nin the MMCID management code.\n\n CPU0\t\t\t\t\t\tCPU1\n \t\t\t\t\t\tT1 runs in userspace\n T0: fork(T4) -> Switch to per CPU CID mode\n fixup() set MM_CID_TRANSIT on T1/CPU1\n T4 exit()\n T3 exit()\n T2 exit()\n\t\t\t\t\t\tT1 exit() switch to per task mode\n\t\t\t\t\t\t ---> Out of bounds access.\n\nAs T1 has not scheduled after T0 set the TRANSIT bit, it exits with the\nTRANSIT bit set. sched_mm_cid_remove_user() clears the TRANSIT bit in\nthe task and drops the CID, but it does not touch the per CPU storage.\nThat's functionally correct because a CID is only owned by the CPU when\nthe ONCPU bit is set, which is mutually exclusive with the TRANSIT flag.\n\nNow sched_mm_cid_exit() assumes that the CID is CPU owned because the\nprior mode was per CPU. It invokes mm_drop_cid_on_cpu() which clears the\nnot set ONCPU bit and then invokes clear_bit() with an insanely large\nbit number because TRANSIT is set (bit 29).\n\nPrevent that by actually validating that the CID is CPU owned in\nmm_drop_cid_on_cpu().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23225" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/81f29975631db8a78651b3140ecd0f88ffafc476" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json b/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json new file mode 100644 index 0000000000000..cd62b1ccfc1e7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p68h-c56f-p3v6", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23230" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: split cached_fid bitfields to avoid shared-byte RMW races\n\nis_open, has_lease and on_list are stored in the same bitfield byte in\nstruct cached_fid but are updated in different code paths that may run\nconcurrently. Bitfield assignments generate byte read–modify–write\noperations (e.g. `orb $mask, addr` on x86_64), so updating one flag can\nrestore stale values of the others.\n\nA possible interleaving is:\n CPU1: load old byte (has_lease=1, on_list=1)\n CPU2: clear both flags (store 0)\n CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits\n\nTo avoid this class of races, convert these flags to separate bool\nfields.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23230" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json b/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json index 347a03450b14b..bc18a59fea38a 100644 --- a/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json +++ b/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json @@ -45,7 +45,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-119" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json new file mode 100644 index 0000000000000..e88b5b1de3963 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v3v9-r7ff-976x", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70149" + ], + "details": "CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70149" + }, + { + "type": "WEB", + "url": "https://www.phpscriptsonline.com/product/membership-management-software" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70149-Membership-SQLi" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json b/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json index 4d5790a195744..b47498da8485d 100644 --- a/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json +++ b/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-285" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json b/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json new file mode 100644 index 0000000000000..d0fa6dd3ed933 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w35p-gjc5-2g6r", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-2230" + ], + "details": "The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handle_ajax_save function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, and booking permissions granted by an Administrator, to modify other users' plugin settings, such as booking calendar display options, which can disrupt the booking calendar functionality for the targeted user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2230" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/booking/trunk/includes/save-user-meta/save-user-meta.php#L90" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3456856" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60f7df44-22f9-4a9e-a20c-4b8628674079?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json b/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json new file mode 100644 index 0000000000000..940a4d6d2b01d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w94g-pmcx-r454", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-71229" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()\n\nrtw_core_enable_beacon() reads 4 bytes from an address that is not a\nmultiple of 4. This results in a crash on some systems.\n\nDo 1 byte reads/writes instead.\n\nUnable to handle kernel paging request at virtual address ffff8000827e0522\nMem abort info:\n ESR = 0x0000000096000021\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x21: alignment fault\nData abort info:\n ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nswapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000005492000\n[ffff8000827e0522] pgd=0000000000000000, p4d=10000001021d9403, pud=10000001021da403, pmd=100000011061c403, pte=00780000f3200f13\nInternal error: Oops: 0000000096000021 [#1] SMP\nModules linked in: [...] rtw88_8822ce rtw88_8822c rtw88_pci rtw88_core [...]\nCPU: 0 UID: 0 PID: 73 Comm: kworker/u32:2 Tainted: G W 6.17.9 #1-NixOS VOLUNTARY\nTainted: [W]=WARN\nHardware name: FriendlyElec NanoPC-T6 LTS (DT)\nWorkqueue: phy0 rtw_c2h_work [rtw88_core]\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : rtw_pci_read32+0x18/0x40 [rtw88_pci]\nlr : rtw_core_enable_beacon+0xe0/0x148 [rtw88_core]\nsp : ffff800080cc3ca0\nx29: ffff800080cc3ca0 x28: ffff0001031fc240 x27: ffff000102100828\nx26: ffffd2cb7c9b4088 x25: ffff0001031fc2c0 x24: ffff000112fdef00\nx23: ffff000112fdef18 x22: ffff000111c29970 x21: 0000000000000001\nx20: 0000000000000001 x19: ffff000111c22040 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffd2cb6507c090\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000007f10 x1 : 0000000000000522 x0 : ffff8000827e0522\nCall trace:\n rtw_pci_read32+0x18/0x40 [rtw88_pci] (P)\n rtw_hw_scan_chan_switch+0x124/0x1a8 [rtw88_core]\n rtw_fw_c2h_cmd_handle+0x254/0x290 [rtw88_core]\n rtw_c2h_work+0x50/0x98 [rtw88_core]\n process_one_work+0x178/0x3f8\n worker_thread+0x208/0x418\n kthread+0x120/0x220\n ret_from_fork+0x10/0x20\nCode: d28fe202 8b020000 f9524400 8b214000 (b9400000)\n---[ end trace 0000000000000000 ]---", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71229" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/13394550441557115bb74f6de9778c165755a7ab" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/653f8b6a091538b084715f259900f62c2ec1c6cf" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/71dee092903adb496fe1f357b267d94087b679e0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7d31dde1bd8678115329e46dc8d7afb63c176b74" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json b/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json index 1ca49c2294cfa..a7b941c542df3 100644 --- a/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json +++ b/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-wfhp-qgm8-5p5c", - "modified": "2026-02-18T15:31:27Z", + "modified": "2026-02-18T18:30:38Z", "published": "2026-02-18T15:31:27Z", "aliases": [ "CVE-2026-27100" ], "details": "Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T15:18:43Z" diff --git a/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json b/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json index a0236b79690b7..34a5ea5e82e9e 100644 --- a/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json +++ b/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-287" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json b/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json index ceb4a2d258e16..4c28aa477e6c3 100644 --- a/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json +++ b/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-285" + ], "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json b/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json index 3462e4bacb012..f88adbd5be477 100644 --- a/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json +++ b/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-xfjv-gcf8-3jqc", - "modified": "2026-02-06T09:30:28Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-06T09:30:28Z", "aliases": [ "CVE-2026-21626" ], "details": "Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json b/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json new file mode 100644 index 0000000000000..3c8a8c96cec47 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xw73-fccw-fgc4", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-65791" + ], + "details": "ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65791" + }, + { + "type": "WEB", + "url": "https://github.com/rishavand1/CVE-2025-65791" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json b/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json index 767d768b5a160..ee81c183161eb 100644 --- a/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json +++ b/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json @@ -41,7 +41,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, From 67ec8ed983718a3116435faf90f0d11455deef3b Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 21:32:49 +0000 Subject: [PATCH 097/222] Advisory Database Sync --- .../GHSA-v6c5-9mp4-mwq4.json | 6 +- .../GHSA-4cjv-rrcw-xg72.json | 3 +- .../GHSA-6979-fg32-9gg4.json | 3 +- .../GHSA-7p75-39p6-7499.json | 3 +- .../GHSA-rhph-mcqr-9p2p.json | 1 + .../GHSA-27xm-cj78-cxmr.json | 2 +- .../GHSA-2g52-f4rf-8vm9.json | 40 +++++++++++++ .../GHSA-2hcf-jfqx-g286.json | 40 +++++++++++++ .../GHSA-2q3j-wj77-9934.json | 56 +++++++++++++++++ .../GHSA-3crm-x896-j73p.json | 6 +- .../GHSA-43wm-f3cq-hfrw.json | 3 +- .../GHSA-47m2-7g75-xvrp.json | 6 +- .../GHSA-49xw-73mm-8fw9.json | 6 +- .../GHSA-4pq4-6gr5-cr69.json | 40 +++++++++++++ .../GHSA-55vh-w3p8-qq9g.json | 15 +++-- .../GHSA-5hp8-hwcv-h225.json | 6 +- .../GHSA-5pqm-c33h-22jc.json | 15 +++-- .../GHSA-62j7-j842-x6r6.json | 6 +- .../GHSA-7qhw-4fcq-2g37.json | 40 +++++++++++++ .../GHSA-844q-r72x-vfmv.json | 3 +- .../GHSA-86c5-9jxx-m8g7.json | 3 +- .../GHSA-8gfj-223w-87pr.json | 40 +++++++++++++ .../GHSA-8rqj-9226-cwx7.json | 15 +++-- .../GHSA-9f49-2j27-6f79.json | 44 ++++++++++++++ .../GHSA-9hwv-m488-9fjx.json | 3 +- .../GHSA-c96q-rf2r-2xj8.json | 48 +++++++++++++++ .../GHSA-cf26-rj67-f4wr.json | 6 +- .../GHSA-cq5p-w4x6-m6h3.json | 60 +++++++++++++++++++ .../GHSA-cw7v-qx8m-563q.json | 6 +- .../GHSA-ff7j-jwgr-hgxp.json | 6 +- .../GHSA-gq25-pccv-6q8j.json | 40 +++++++++++++ .../GHSA-gwrh-w4f9-ffc9.json | 60 +++++++++++++++++++ .../GHSA-h5jq-923c-7w8g.json | 40 +++++++++++++ .../GHSA-hcrc-x9p4-f9jh.json | 4 +- .../GHSA-jx8h-vrjj-cm6g.json | 52 ++++++++++++++++ .../GHSA-m4v3-95xp-3j5h.json | 15 +++-- .../GHSA-mjjq-x58m-rfxp.json | 60 +++++++++++++++++++ .../GHSA-p546-7whm-cxpm.json | 56 +++++++++++++++++ .../GHSA-pppv-pc54-6j8r.json | 56 +++++++++++++++++ .../GHSA-qrj7-4954-7p6v.json | 44 ++++++++++++++ .../GHSA-qxf4-rqx4-9mqj.json | 1 + .../GHSA-r9wp-qq53-qvjx.json | 56 +++++++++++++++++ .../GHSA-rcjr-qg8v-4c3v.json | 40 +++++++++++++ .../GHSA-rwf8-6fj2-4vrx.json | 48 +++++++++++++++ .../GHSA-v3v9-r7ff-976x.json | 15 +++-- .../GHSA-vmr8-g4h2-2x5j.json | 52 ++++++++++++++++ .../GHSA-wjf9-j9vw-27f4.json | 40 +++++++++++++ .../GHSA-wrqv-g27w-82rr.json | 3 +- .../GHSA-xj75-gfvf-4g86.json | 42 +++++++++++++ .../GHSA-xjrj-8prq-9366.json | 3 +- .../GHSA-xqcm-jrw9-wq72.json | 14 ++++- .../GHSA-xrj7-v4x4-74hr.json | 40 +++++++++++++ 52 files changed, 1271 insertions(+), 41 deletions(-) create mode 100644 advisories/unreviewed/2026/02/GHSA-2g52-f4rf-8vm9/GHSA-2g52-f4rf-8vm9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-2hcf-jfqx-g286/GHSA-2hcf-jfqx-g286.json create mode 100644 advisories/unreviewed/2026/02/GHSA-2q3j-wj77-9934/GHSA-2q3j-wj77-9934.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4pq4-6gr5-cr69/GHSA-4pq4-6gr5-cr69.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7qhw-4fcq-2g37/GHSA-7qhw-4fcq-2g37.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8gfj-223w-87pr/GHSA-8gfj-223w-87pr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9f49-2j27-6f79/GHSA-9f49-2j27-6f79.json create mode 100644 advisories/unreviewed/2026/02/GHSA-c96q-rf2r-2xj8/GHSA-c96q-rf2r-2xj8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cq5p-w4x6-m6h3/GHSA-cq5p-w4x6-m6h3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gq25-pccv-6q8j/GHSA-gq25-pccv-6q8j.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gwrh-w4f9-ffc9/GHSA-gwrh-w4f9-ffc9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-h5jq-923c-7w8g/GHSA-h5jq-923c-7w8g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jx8h-vrjj-cm6g/GHSA-jx8h-vrjj-cm6g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mjjq-x58m-rfxp/GHSA-mjjq-x58m-rfxp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json create mode 100644 advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json create mode 100644 advisories/unreviewed/2026/02/GHSA-r9wp-qq53-qvjx/GHSA-r9wp-qq53-qvjx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json create mode 100644 advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json diff --git a/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json b/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json index c8e47565d98ec..56a5e5890824d 100644 --- a/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json +++ b/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-v6c5-9mp4-mwq4", - "modified": "2026-02-13T18:31:23Z", + "modified": "2026-02-18T21:31:17Z", "published": "2025-11-26T15:34:12Z", "aliases": [ "CVE-2025-13601" @@ -35,6 +35,10 @@ "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2025-13601" }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2026:2659" + }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2026:2563" diff --git a/advisories/unreviewed/2026/01/GHSA-4cjv-rrcw-xg72/GHSA-4cjv-rrcw-xg72.json b/advisories/unreviewed/2026/01/GHSA-4cjv-rrcw-xg72/GHSA-4cjv-rrcw-xg72.json index 215280ce9c12c..75af346fff00a 100644 --- a/advisories/unreviewed/2026/01/GHSA-4cjv-rrcw-xg72/GHSA-4cjv-rrcw-xg72.json +++ b/advisories/unreviewed/2026/01/GHSA-4cjv-rrcw-xg72/GHSA-4cjv-rrcw-xg72.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-122" + "CWE-122", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/01/GHSA-6979-fg32-9gg4/GHSA-6979-fg32-9gg4.json b/advisories/unreviewed/2026/01/GHSA-6979-fg32-9gg4/GHSA-6979-fg32-9gg4.json index 0115e473402b6..9d94cb0d3493c 100644 --- a/advisories/unreviewed/2026/01/GHSA-6979-fg32-9gg4/GHSA-6979-fg32-9gg4.json +++ b/advisories/unreviewed/2026/01/GHSA-6979-fg32-9gg4/GHSA-6979-fg32-9gg4.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-121" + "CWE-121", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/01/GHSA-7p75-39p6-7499/GHSA-7p75-39p6-7499.json b/advisories/unreviewed/2026/01/GHSA-7p75-39p6-7499/GHSA-7p75-39p6-7499.json index f87321f79bee0..629cf6777cc15 100644 --- a/advisories/unreviewed/2026/01/GHSA-7p75-39p6-7499/GHSA-7p75-39p6-7499.json +++ b/advisories/unreviewed/2026/01/GHSA-7p75-39p6-7499/GHSA-7p75-39p6-7499.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-121" + "CWE-121", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/01/GHSA-rhph-mcqr-9p2p/GHSA-rhph-mcqr-9p2p.json b/advisories/unreviewed/2026/01/GHSA-rhph-mcqr-9p2p/GHSA-rhph-mcqr-9p2p.json index af5bba60417e6..751a2a7b29967 100644 --- a/advisories/unreviewed/2026/01/GHSA-rhph-mcqr-9p2p/GHSA-rhph-mcqr-9p2p.json +++ b/advisories/unreviewed/2026/01/GHSA-rhph-mcqr-9p2p/GHSA-rhph-mcqr-9p2p.json @@ -26,6 +26,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-77", "CWE-78" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2026/02/GHSA-27xm-cj78-cxmr/GHSA-27xm-cj78-cxmr.json b/advisories/unreviewed/2026/02/GHSA-27xm-cj78-cxmr/GHSA-27xm-cj78-cxmr.json index b935b4bfd83c9..2284419712e9a 100644 --- a/advisories/unreviewed/2026/02/GHSA-27xm-cj78-cxmr/GHSA-27xm-cj78-cxmr.json +++ b/advisories/unreviewed/2026/02/GHSA-27xm-cj78-cxmr/GHSA-27xm-cj78-cxmr.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-27xm-cj78-cxmr", - "modified": "2026-02-17T18:32:58Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-17T18:32:57Z", "aliases": [ "CVE-2025-13867" diff --git a/advisories/unreviewed/2026/02/GHSA-2g52-f4rf-8vm9/GHSA-2g52-f4rf-8vm9.json b/advisories/unreviewed/2026/02/GHSA-2g52-f4rf-8vm9/GHSA-2g52-f4rf-8vm9.json new file mode 100644 index 0000000000000..1eed2d623eb85 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2g52-f4rf-8vm9/GHSA-2g52-f4rf-8vm9.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2g52-f4rf-8vm9", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-12343" + ], + "details": "A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12343" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-12343" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406533" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-415" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-2hcf-jfqx-g286/GHSA-2hcf-jfqx-g286.json b/advisories/unreviewed/2026/02/GHSA-2hcf-jfqx-g286/GHSA-2hcf-jfqx-g286.json new file mode 100644 index 0000000000000..1c2ea8ed72273 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2hcf-jfqx-g286/GHSA-2hcf-jfqx-g286.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2hcf-jfqx-g286", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2025-70062" + ], + "details": "PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70062" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Sanka1pp/78795abd84220e879ee0425159af5ae2" + }, + { + "type": "WEB", + "url": "https://packetstorm.news/files/id/213711" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T19:21:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-2q3j-wj77-9934/GHSA-2q3j-wj77-9934.json b/advisories/unreviewed/2026/02/GHSA-2q3j-wj77-9934/GHSA-2q3j-wj77-9934.json new file mode 100644 index 0000000000000..adb0dfcf2a0b1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2q3j-wj77-9934/GHSA-2q3j-wj77-9934.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2q3j-wj77-9934", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-1355" + ], + "details": "A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration identifier, an attacker could overwrite or replace a victim’s migration archive, potentially causing victims to download attacker-controlled repository data during migration restores or automated imports. An attacker would require authentication to the victim's GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.20 and was fixed in versions 3.19.2, 3.18.5, 3.17.11, 3.16.14, 3.15.18, 3.14.23. This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1355" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.23" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.18" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.14" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.11" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.5" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json b/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json index f16f154739d21..aa98d74bfa7bd 100644 --- a/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json +++ b/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-3crm-x896-j73p", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1435" ], "details": "Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers, which remain valid even after multiple consecutive logins by the same user. As a result, a stolen or leaked 'sessionId' can continue to be used to authenticate valid requests. Exploiting this vulnerability would allow an attacker with access to the web service/API network (port 9000 or HTTP/S endpoint of the server) to reuse an old session token to gain unauthorized access to the application, interact with the API/web, and compromise the integrity of the affected account.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-43wm-f3cq-hfrw/GHSA-43wm-f3cq-hfrw.json b/advisories/unreviewed/2026/02/GHSA-43wm-f3cq-hfrw/GHSA-43wm-f3cq-hfrw.json index a1d78ed65635d..3794a50329c10 100644 --- a/advisories/unreviewed/2026/02/GHSA-43wm-f3cq-hfrw/GHSA-43wm-f3cq-hfrw.json +++ b/advisories/unreviewed/2026/02/GHSA-43wm-f3cq-hfrw/GHSA-43wm-f3cq-hfrw.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json b/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json index 92410cc1fc832..67d9d020fc092 100644 --- a/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json +++ b/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-47m2-7g75-xvrp", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1440" ], "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/pipelines/' endpoint.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json b/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json index 3e7b6867826cb..14b4651484351 100644 --- a/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json +++ b/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-49xw-73mm-8fw9", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1439" ], "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/\n\nalerts\n\n/' endpoint.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-4pq4-6gr5-cr69/GHSA-4pq4-6gr5-cr69.json b/advisories/unreviewed/2026/02/GHSA-4pq4-6gr5-cr69/GHSA-4pq4-6gr5-cr69.json new file mode 100644 index 0000000000000..a1b59ad0595c4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4pq4-6gr5-cr69/GHSA-4pq4-6gr5-cr69.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4pq4-6gr5-cr69", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-0665" + ], + "details": "An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0665" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2026-0665" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428640" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json b/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json index 5f43ff3dcbfb9..da562ffae87ff 100644 --- a/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json +++ b/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-55vh-w3p8-qq9g", - "modified": "2026-02-18T18:30:40Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T18:30:40Z", "aliases": [ "CVE-2025-70141" ], "details": "SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An unauthenticated remote attacker can perform sensitive operations such as creating customers and deleting users (including the admin account), as well as modifying or deleting other application records (tickets, departments, comments), resulting in unauthorized data modification.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T17:21:35Z" diff --git a/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json b/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json index 57e5554fcf326..b3abdac0e1d53 100644 --- a/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json +++ b/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-5hp8-hwcv-h225", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1437" ], "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/system/authentication/users/edit/' endpoint.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json b/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json index 89bf8cfaa988e..2a4bc316e8b57 100644 --- a/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json +++ b/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-5pqm-c33h-22jc", - "modified": "2026-02-18T18:30:40Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T18:30:40Z", "aliases": [ "CVE-2025-70146" ], "details": "Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T17:21:35Z" diff --git a/advisories/unreviewed/2026/02/GHSA-62j7-j842-x6r6/GHSA-62j7-j842-x6r6.json b/advisories/unreviewed/2026/02/GHSA-62j7-j842-x6r6/GHSA-62j7-j842-x6r6.json index 8d39404dbb3f4..fe04198c2c7f8 100644 --- a/advisories/unreviewed/2026/02/GHSA-62j7-j842-x6r6/GHSA-62j7-j842-x6r6.json +++ b/advisories/unreviewed/2026/02/GHSA-62j7-j842-x6r6/GHSA-62j7-j842-x6r6.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-62j7-j842-x6r6", - "modified": "2026-02-08T00:30:59Z", + "modified": "2026-02-18T21:31:18Z", "published": "2026-02-08T00:30:59Z", "aliases": [ "CVE-2026-25566" ], "details": "WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-7qhw-4fcq-2g37/GHSA-7qhw-4fcq-2g37.json b/advisories/unreviewed/2026/02/GHSA-7qhw-4fcq-2g37/GHSA-7qhw-4fcq-2g37.json new file mode 100644 index 0000000000000..57e23d8b5df16 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7qhw-4fcq-2g37/GHSA-7qhw-4fcq-2g37.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7qhw-4fcq-2g37", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-0577" + ], + "details": "An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0577" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-0577" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338871" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-331" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-844q-r72x-vfmv/GHSA-844q-r72x-vfmv.json b/advisories/unreviewed/2026/02/GHSA-844q-r72x-vfmv/GHSA-844q-r72x-vfmv.json index afb076718911f..3ca5dad8bd323 100644 --- a/advisories/unreviewed/2026/02/GHSA-844q-r72x-vfmv/GHSA-844q-r72x-vfmv.json +++ b/advisories/unreviewed/2026/02/GHSA-844q-r72x-vfmv/GHSA-844q-r72x-vfmv.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-86c5-9jxx-m8g7/GHSA-86c5-9jxx-m8g7.json b/advisories/unreviewed/2026/02/GHSA-86c5-9jxx-m8g7/GHSA-86c5-9jxx-m8g7.json index 194cd692c6897..579a50df4db1c 100644 --- a/advisories/unreviewed/2026/02/GHSA-86c5-9jxx-m8g7/GHSA-86c5-9jxx-m8g7.json +++ b/advisories/unreviewed/2026/02/GHSA-86c5-9jxx-m8g7/GHSA-86c5-9jxx-m8g7.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-8gfj-223w-87pr/GHSA-8gfj-223w-87pr.json b/advisories/unreviewed/2026/02/GHSA-8gfj-223w-87pr/GHSA-8gfj-223w-87pr.json new file mode 100644 index 0000000000000..6b41a654786b3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8gfj-223w-87pr/GHSA-8gfj-223w-87pr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8gfj-223w-87pr", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2025-70063" + ], + "details": "The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iterating the 'viewid' integer.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70063" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Sanka1pp/f43c7eca5048152899e14412523afe80" + }, + { + "type": "WEB", + "url": "https://packetstorm.news/files/id/213711" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T19:21:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json b/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json index ecca6b38fb478..0dc8672161cf7 100644 --- a/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json +++ b/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-8rqj-9226-cwx7", - "modified": "2026-02-18T18:30:40Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T18:30:40Z", "aliases": [ "CVE-2025-70151" ], "details": "code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied filename without validating the file type or extension. By uploading a PHP file and then requesting it from /uploads/, an attacker can execute arbitrary PHP code as the web server user.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-434" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T18:24:20Z" diff --git a/advisories/unreviewed/2026/02/GHSA-9f49-2j27-6f79/GHSA-9f49-2j27-6f79.json b/advisories/unreviewed/2026/02/GHSA-9f49-2j27-6f79/GHSA-9f49-2j27-6f79.json new file mode 100644 index 0000000000000..3fa55c8e2dcc7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9f49-2j27-6f79/GHSA-9f49-2j27-6f79.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9f49-2j27-6f79", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-1200" + ], + "details": "A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1200" + }, + { + "type": "WEB", + "url": "https://github.com/rgaufman/live555/issues/65" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2026-1200" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430836" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-824" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9hwv-m488-9fjx/GHSA-9hwv-m488-9fjx.json b/advisories/unreviewed/2026/02/GHSA-9hwv-m488-9fjx/GHSA-9hwv-m488-9fjx.json index 47be1da9b23a1..30dbe19657616 100644 --- a/advisories/unreviewed/2026/02/GHSA-9hwv-m488-9fjx/GHSA-9hwv-m488-9fjx.json +++ b/advisories/unreviewed/2026/02/GHSA-9hwv-m488-9fjx/GHSA-9hwv-m488-9fjx.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-c96q-rf2r-2xj8/GHSA-c96q-rf2r-2xj8.json b/advisories/unreviewed/2026/02/GHSA-c96q-rf2r-2xj8/GHSA-c96q-rf2r-2xj8.json new file mode 100644 index 0000000000000..db2e0d8360e62 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-c96q-rf2r-2xj8/GHSA-c96q-rf2r-2xj8.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c96q-rf2r-2xj8", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-10256" + ], + "details": "A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10256" + }, + { + "type": "WEB", + "url": "https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931" + }, + { + "type": "WEB", + "url": "https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-10256" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394495" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json b/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json index 2120594c9543c..95f34df76cffa 100644 --- a/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json +++ b/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-cf26-rj67-f4wr", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1441" ], "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/index_sets/' endpoint.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-cq5p-w4x6-m6h3/GHSA-cq5p-w4x6-m6h3.json b/advisories/unreviewed/2026/02/GHSA-cq5p-w4x6-m6h3/GHSA-cq5p-w4x6-m6h3.json new file mode 100644 index 0000000000000..882b4cca10a17 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cq5p-w4x6-m6h3/GHSA-cq5p-w4x6-m6h3.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cq5p-w4x6-m6h3", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-2660" + ], + "details": "A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local access is required to approach this attack. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2660" + }, + { + "type": "WEB", + "url": "https://github.com/FascinatedBox/lily/issues/385" + }, + { + "type": "WEB", + "url": "https://github.com/FascinatedBox/lily" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i385/repro.lily" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346458" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346458" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753164" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T19:21:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json b/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json index 4721f7998d570..23ea9e8a19226 100644 --- a/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json +++ b/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-cw7v-qx8m-563q", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1438" ], "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/nodes/' endpoint.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json b/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json index 36804edf5a62e..e433a13645a70 100644 --- a/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json +++ b/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-ff7j-jwgr-hgxp", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1436" ], "details": "Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names, email addresses, internal identifiers, and last activity. The endpoint 'http://:12900/users/' does not implement object-level authorization validations.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-gq25-pccv-6q8j/GHSA-gq25-pccv-6q8j.json b/advisories/unreviewed/2026/02/GHSA-gq25-pccv-6q8j/GHSA-gq25-pccv-6q8j.json new file mode 100644 index 0000000000000..eb06a5878846a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gq25-pccv-6q8j/GHSA-gq25-pccv-6q8j.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gq25-pccv-6q8j", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-14876" + ], + "details": "A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14876" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-14876" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423549" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gwrh-w4f9-ffc9/GHSA-gwrh-w4f9-ffc9.json b/advisories/unreviewed/2026/02/GHSA-gwrh-w4f9-ffc9/GHSA-gwrh-w4f9-ffc9.json new file mode 100644 index 0000000000000..6c56fdd48486d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gwrh-w4f9-ffc9/GHSA-gwrh-w4f9-ffc9.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gwrh-w4f9-ffc9", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2665" + ], + "details": "A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2665" + }, + { + "type": "WEB", + "url": "https://github.com/huanzi-qch/base-admin/issues/38" + }, + { + "type": "WEB", + "url": "https://github.com/huanzi-qch/base-admin/issues/38#issue-3905100373" + }, + { + "type": "WEB", + "url": "https://github.com/huanzi-qch/base-admin" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346462" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346462" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753240" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:37Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-h5jq-923c-7w8g/GHSA-h5jq-923c-7w8g.json b/advisories/unreviewed/2026/02/GHSA-h5jq-923c-7w8g/GHSA-h5jq-923c-7w8g.json new file mode 100644 index 0000000000000..cdf2eee5fadeb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-h5jq-923c-7w8g/GHSA-h5jq-923c-7w8g.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h5jq-923c-7w8g", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-0874" + ], + "details": "A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0874" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/products/autodesk-access/overview" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json b/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json index b92de6f89b751..4101ee5427854 100644 --- a/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json +++ b/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-89" + ], "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-jx8h-vrjj-cm6g/GHSA-jx8h-vrjj-cm6g.json b/advisories/unreviewed/2026/02/GHSA-jx8h-vrjj-cm6g/GHSA-jx8h-vrjj-cm6g.json new file mode 100644 index 0000000000000..a8fca98bcaedc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jx8h-vrjj-cm6g/GHSA-jx8h-vrjj-cm6g.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jx8h-vrjj-cm6g", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2667" + ], + "details": "A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2667" + }, + { + "type": "WEB", + "url": "https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access1.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346464" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346464" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753262" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-266" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json b/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json index 6013449d93966..cfbe14db284a4 100644 --- a/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json +++ b/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-m4v3-95xp-3j5h", - "modified": "2026-02-18T18:30:40Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T18:30:40Z", "aliases": [ "CVE-2025-70147" ], "details": "Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-306" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T17:21:36Z" diff --git a/advisories/unreviewed/2026/02/GHSA-mjjq-x58m-rfxp/GHSA-mjjq-x58m-rfxp.json b/advisories/unreviewed/2026/02/GHSA-mjjq-x58m-rfxp/GHSA-mjjq-x58m-rfxp.json new file mode 100644 index 0000000000000..ae8435903a1a7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mjjq-x58m-rfxp/GHSA-mjjq-x58m-rfxp.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mjjq-x58m-rfxp", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2662" + ], + "details": "A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2662" + }, + { + "type": "WEB", + "url": "https://github.com/FascinatedBox/lily/issues/381" + }, + { + "type": "WEB", + "url": "https://github.com/FascinatedBox/lily" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i381/repro.lily" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346460" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346460" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753166" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json b/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json new file mode 100644 index 0000000000000..dcb5ba7c92618 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p546-7whm-cxpm", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-0573" + ], + "details": "An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a privileged JWT. An authenticated user could redirect these requests to an attacker-controlled domain, exfiltrate the Actions.ManageOrgs JWT, and leverage it for potential remote code execution. Attackers would require access to the target GitHub Enterprise Server instance and the ability to exploit a legacy redirect to an attacker-controlled domain. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.19 and was fixed in versions 3.19.2, 3.18.4, 3.17.10, 3.16.13, 3.15.17, and 3.14.22. This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0573" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.22" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.17" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.13" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.10" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.4" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json b/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json new file mode 100644 index 0000000000000..5dbb96038594a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pppv-pc54-6j8r", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-2661" + ], + "details": "A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2661" + }, + { + "type": "WEB", + "url": "https://github.com/albertodemichelis/squirrel/issues/310" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i310/repro" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346459" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346459" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753165" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json b/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json new file mode 100644 index 0000000000000..300677a04c037 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qrj7-4954-7p6v", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-1999" + ], + "details": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable_auto_merge mutation for pull requests. This issue only affected repositories that allow forking as the attack relies on opening a pull request from an attacker-controlled fork into the target repository. Exploitation was only possible in specific scenarios. It required a clean pull request status and only applied to branches without branch protection rules enabled. This vulnerability affected GitHub Enterprise Server versions prior to 3.19.2, 3.18.5, and 3.17.11, and was fixed in versions 3.19.2, 3.18.5, and 3.17.11. This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1999" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.11" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.5" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json b/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json index 7a095742f0820..48a6c66996eda 100644 --- a/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json +++ b/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json @@ -42,6 +42,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-352", "CWE-640" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2026/02/GHSA-r9wp-qq53-qvjx/GHSA-r9wp-qq53-qvjx.json b/advisories/unreviewed/2026/02/GHSA-r9wp-qq53-qvjx/GHSA-r9wp-qq53-qvjx.json new file mode 100644 index 0000000000000..9b5ed498e2809 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r9wp-qq53-qvjx/GHSA-r9wp-qq53-qvjx.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r9wp-qq53-qvjx", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2666" + ], + "details": "A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2666" + }, + { + "type": "WEB", + "url": "https://github.com/chujianxin0101/vuln/issues/11" + }, + { + "type": "WEB", + "url": "https://github.com/chujianxin0101/vuln/issues/11#issue-3905144613" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346463" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346463" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753243" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:37Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json b/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json new file mode 100644 index 0000000000000..853829fb4e468 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rcjr-qg8v-4c3v", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-0875" + ], + "details": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0875" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/products/autodesk-access/overview" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json b/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json new file mode 100644 index 0000000000000..d1af0c5a66305 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwf8-6fj2-4vrx", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2663" + ], + "details": "A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2663" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346461" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346461" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753225" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json index e88b5b1de3963..60aa9141202ef 100644 --- a/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json +++ b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-v3v9-r7ff-976x", - "modified": "2026-02-18T18:30:40Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T18:30:40Z", "aliases": [ "CVE-2025-70149" ], "details": "CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T17:21:36Z" diff --git a/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json b/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json new file mode 100644 index 0000000000000..55d2bd16a9b2a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vmr8-g4h2-2x5j", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2668" + ], + "details": "A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2668" + }, + { + "type": "WEB", + "url": "https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access2.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346465" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346465" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753283" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-266" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json b/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json new file mode 100644 index 0000000000000..ab1ae0c19d6e0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wjf9-j9vw-27f4", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2025-70064" + ], + "details": "PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. This allows any self-registered user to takeover the application, view confidential logs, and modify system data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70064" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Sanka1pp/c6f20cd6db1fbb1f0e7e199ead66691d" + }, + { + "type": "WEB", + "url": "https://packetstorm.news/files/id/213711" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T19:21:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json b/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json index 092331961c32b..6de3b3a47acd8 100644 --- a/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json +++ b/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json b/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json new file mode 100644 index 0000000000000..857d992cdfa7a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj75-gfvf-4g86", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-1272" + ], + "details": "The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1272" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2025:6966" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-1272" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345615" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json b/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json index c4fbde5492dcc..9a34bbdf7d186 100644 --- a/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json +++ b/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json b/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json index 57ba37db12fa6..44a5357ce56be 100644 --- a/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json +++ b/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-xqcm-jrw9-wq72", - "modified": "2026-02-13T00:32:51Z", + "modified": "2026-02-18T21:31:18Z", "published": "2026-02-13T00:32:51Z", "aliases": [ "CVE-2025-14282" @@ -23,6 +23,18 @@ "type": "WEB", "url": "https://github.com/mkj/dropbear/pull/391" }, + { + "type": "WEB", + "url": "https://github.com/mkj/dropbear/pull/394" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-14282" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420052" + }, { "type": "WEB", "url": "https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html" diff --git a/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json b/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json new file mode 100644 index 0000000000000..d335397c9f0a6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xrj7-v4x4-74hr", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-8860" + ], + "details": "A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. When the guest later reads from register UEFI_VARS_REG_PIO_BUFFER_TRANSFER, the .read callback `uefi_vars_read` returns leftover metadata or other sensitive process memory from the previously allocated buffer, leading to an information disclosure vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8860" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-8860" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387588" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-212" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:22Z" + } +} \ No newline at end of file From c7b29b3cc7a6223d57775d1b036bb3dd6adfffde Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 21:46:10 +0000 Subject: [PATCH 098/222] Publish Advisories GHSA-r8p8-qw9w-j9qv GHSA-w7h5-55jg-cq2f GHSA-r8p8-qw9w-j9qv --- .../GHSA-r8p8-qw9w-j9qv.json | 111 ++++++++++++++++++ .../GHSA-w7h5-55jg-cq2f.json | 61 ++++++++++ .../GHSA-r8p8-qw9w-j9qv.json | 36 ------ 3 files changed, 172 insertions(+), 36 deletions(-) create mode 100644 advisories/github-reviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-w7h5-55jg-cq2f/GHSA-w7h5-55jg-cq2f.json delete mode 100644 advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json diff --git a/advisories/github-reviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json b/advisories/github-reviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json new file mode 100644 index 0000000000000..379031026177a --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json @@ -0,0 +1,111 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r8p8-qw9w-j9qv", + "modified": "2026-02-18T21:44:45Z", + "published": "2026-02-16T12:30:25Z", + "aliases": [ + "CVE-2026-2415" + ], + "summary": "pretix unsafely evaluates variables in emails", + "details": "Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when `{name}` is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs:\n\n - It was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as `{event.__init__.__code__.co_filename}}`. This way, an attacker with the ability to control email templates (usually every user of the pretix backend) could retrieve sensitive information from the system configuration, including even database passwords or API keys. pretix does include mechanisms to prevent the usage of such malicious placeholders, however due to a mistake in the code, they were not fully effective for the email subject.\n\n - Placeholders in subjects and plain text bodies of emails were wrongfully evaluated twice. Therefore, if the first evaluation of a placeholder again contains a placeholder, this second placeholder was rendered. This allows the rendering of placeholders controlled by the ticket buyer, and therefore the exploitation of the first issue as a ticket buyer. Luckily, the only buyer-controlled placeholder available in pretix by default (that is not validated in a way that prevents the issue) is `{invoice_company}`, which is very unusual (but not impossible) to be contained in an email subject template. In addition to broadening the attack surface of the first issue, this could theoretically also leak information about an order to one of the attendees within that order. However, we also consider this scenario very unlikely under typical conditions.\n\nOut of caution, pretix recommend that you rotate all passwords and API keys contained in your pretix.cfg https://docs.pretix.eu/self-hosting/config/  file.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/RE:L/U:Red" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "pretix" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.0" + }, + { + "fixed": "2026.1.1" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pretix" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2025.10.0" + }, + { + "fixed": "2025.10.2" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pretix" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2025.9.4" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2415" + }, + { + "type": "WEB", + "url": "https://github.com/pretix/pretix/commit/ba11d24f8dfa4e9d8f03493e56fd8b43983fe297" + }, + { + "type": "WEB", + "url": "https://github.com/pretix/pretix/commit/c85afbc621b5f0b1afa618627c45f89323eb0154" + }, + { + "type": "WEB", + "url": "https://github.com/pretix/pretix/commit/edac35ed4c5466eb63a202575c337d117ddf1c8e" + }, + { + "type": "PACKAGE", + "url": "https://github.com/pretix/pretix" + }, + { + "type": "WEB", + "url": "https://pretix.eu/about/en/blog/20260216-release-2026-1-1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-627" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T21:44:45Z", + "nvd_published_at": "2026-02-16T11:15:56Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-w7h5-55jg-cq2f/GHSA-w7h5-55jg-cq2f.json b/advisories/github-reviewed/2026/02/GHSA-w7h5-55jg-cq2f/GHSA-w7h5-55jg-cq2f.json new file mode 100644 index 0000000000000..6d14735313222 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-w7h5-55jg-cq2f/GHSA-w7h5-55jg-cq2f.json @@ -0,0 +1,61 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w7h5-55jg-cq2f", + "modified": "2026-02-18T21:45:06Z", + "published": "2026-02-18T21:45:06Z", + "aliases": [ + "CVE-2026-26974" + ], + "summary": "Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde", + "details": "### Impact\nThis is a **remote code execution (RCE) vulnerability**. Node.js automatically imports `**/*.plugin.{js,mjs}` files including those from `node_modules`, so any malicious package with a `.plugin.js` file could execute arbitrary code when installed or required. **All projects using this loading behavior are affected**, especially those installing untrusted packages.\n\n### Patches\nThe issue has been **patched in v0.0.5**. Users should upgrade to **v0.0.5 or later** to mitigate the vulnerability.\n\n### Workarounds\n- Audit and restrict which packages are installed in `node_modules`.\n\n### References\n- [CWE-94: Improper Control of Generation of Code](https://cwe.mitre.org/data/definitions/94.html) \n- GitHub Security Advisories documentation: [https://docs.github.com/en/code-security/security-advisories](https://docs.github.com/en/code-security/security-advisories)", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "@tygo-van-den-hurk/slyde" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.0.5" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/Tygo-van-den-Hurk/Slyde/security/advisories/GHSA-w7h5-55jg-cq2f" + }, + { + "type": "WEB", + "url": "https://github.com/Tygo-van-den-Hurk/Slyde/commit/e4c215b061e44fd2ead805de34d72642a710af60" + }, + { + "type": "PACKAGE", + "url": "https://github.com/Tygo-van-den-Hurk/Slyde" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-829" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T21:45:06Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json b/advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json deleted file mode 100644 index dafc5f9866b7e..0000000000000 --- a/advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-r8p8-qw9w-j9qv", - "modified": "2026-02-16T12:30:25Z", - "published": "2026-02-16T12:30:25Z", - "aliases": [ - "CVE-2026-2415" - ], - "details": "Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name}\n is used in an email template, it will be replaced with the buyer's \nname for the final email. This mechanism contained two security-relevant\n bugs:\n\n\n\n * \nIt was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as {{event.__init__.__code__.co_filename}}.\n This way, an attacker with the ability to control email templates \n(usually every user of the pretix backend) could retrieve sensitive \ninformation from the system configuration, including even database \npasswords or API keys. pretix does include mechanisms to prevent the usage of such \nmalicious placeholders, however due to a mistake in the code, they were \nnot fully effective for the email subject.\n\n\n\n\n * \nPlaceholders in subjects and plain text bodies of emails were \nwrongfully evaluated twice. Therefore, if the first evaluation of a \nplaceholder again contains a placeholder, this second placeholder was \nrendered. This allows the rendering of placeholders controlled by the \nticket buyer, and therefore the exploitation of the first issue as a \nticket buyer. Luckily, the only buyer-controlled placeholder available \nin pretix by default (that is not validated in a way that prevents the \nissue) is {invoice_company}, which is very unusual (but not\n impossible) to be contained in an email subject template. In addition \nto broadening the attack surface of the first issue, this could \ntheoretically also leak information about an order to one of the \nattendees within that order. However, we also consider this scenario \nvery unlikely under typical conditions.\n\n\nOut of caution, we recommend that you rotate all passwords and API keys contained in your pretix.cfg https://docs.pretix.eu/self-hosting/config/  file.", - "severity": [ - { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Red" - } - ], - "affected": [], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2415" - }, - { - "type": "WEB", - "url": "https://pretix.eu/about/en/blog/20260216-release-2026-1-1" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-627" - ], - "severity": "HIGH", - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2026-02-16T11:15:56Z" - } -} \ No newline at end of file From c14bf0f3db0a55cc372a2339268f4817b619f4b2 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 21:51:51 +0000 Subject: [PATCH 099/222] Publish Advisories GHSA-9c88-49p5-5ggf GHSA-w52v-v783-gw97 --- .../GHSA-9c88-49p5-5ggf.json | 61 +++++++++++++++++ .../GHSA-w52v-v783-gw97.json | 65 +++++++++++++++++++ 2 files changed, 126 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-9c88-49p5-5ggf/GHSA-9c88-49p5-5ggf.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-w52v-v783-gw97/GHSA-w52v-v783-gw97.json diff --git a/advisories/github-reviewed/2026/02/GHSA-9c88-49p5-5ggf/GHSA-9c88-49p5-5ggf.json b/advisories/github-reviewed/2026/02/GHSA-9c88-49p5-5ggf/GHSA-9c88-49p5-5ggf.json new file mode 100644 index 0000000000000..530dc0bbbc633 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-9c88-49p5-5ggf/GHSA-9c88-49p5-5ggf.json @@ -0,0 +1,61 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9c88-49p5-5ggf", + "modified": "2026-02-18T21:51:26Z", + "published": "2026-02-18T21:51:26Z", + "aliases": [ + "CVE-2026-26280" + ], + "summary": "Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path", + "details": "### Summary\nA command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path.\n\n### Details\nIn `lib/wifi.js`, the `wifiNetworks()` function sanitizes the `iface` parameter on the initial call (line 437). However, when the initial scan returns empty results, a `setTimeout` retry (lines 440-441) calls `getWifiNetworkListIw(iface)` with the **original unsanitized** `iface` value, which is passed directly to `execSync('iwlist ${iface} scan')`.\n\n### PoC\n1. Install `systeminformation@5.30.7`\n2. Call `si.wifiNetworks('eth0; id')`\n3. The first call sanitizes input, but if results are empty, the retry executes: `iwlist eth0; id scan`\n\n### Impact\nRemote Code Execution (RCE). Any application passing user-controlled input to `si.wifiNetworks()` is vulnerable to arbitrary command execution with the privileges of the Node.js process.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "systeminformation" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.30.8" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-9c88-49p5-5ggf" + }, + { + "type": "WEB", + "url": "https://github.com/sebhildebrandt/systeminformation/commit/22242aa56188f2bffcbd7d265a11e1ebb808b460" + }, + { + "type": "PACKAGE", + "url": "https://github.com/sebhildebrandt/systeminformation" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T21:51:26Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-w52v-v783-gw97/GHSA-w52v-v783-gw97.json b/advisories/github-reviewed/2026/02/GHSA-w52v-v783-gw97/GHSA-w52v-v783-gw97.json new file mode 100644 index 0000000000000..74a6a2ffb3f09 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-w52v-v783-gw97/GHSA-w52v-v783-gw97.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w52v-v783-gw97", + "modified": "2026-02-18T21:50:23Z", + "published": "2026-02-18T21:50:23Z", + "aliases": [ + "CVE-2026-26980" + ], + "summary": "Ghost has a SQL injection in Content API", + "details": "### Impact\n\nA SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. \n\n### Vulnerable Versions\n\nThis vulnerability is present in Ghost v3.24.0 to v6.19.0.\n\n### Patches\n\nv6.19.1 contains a fix for this issue.\n\n### Workarounds\n\nThere is no application-level workaround. The Content API key is public by design, so restricting key access does not mitigate this vulnerability.\n\nAs a temporary mitigation, a reverse proxy or WAF rule can be used to block Content API requests containing `slug%3A%5B` or `slug:[` in the query string filter parameter. Note that this may break legitimate slug filter functionality.\n\n### References\n\nWe thank Nicholas Carlini using Claude, Anthropic for disclosing this vulnerability responsibly. \n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@ghost.org](mailto:security@ghost.org).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "ghost" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "3.24.0" + }, + { + "fixed": "6.19.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97" + }, + { + "type": "WEB", + "url": "https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91" + }, + { + "type": "PACKAGE", + "url": "https://github.com/TryGhost/Ghost" + }, + { + "type": "WEB", + "url": "https://github.com/TryGhost/Ghost/releases/tag/v6.19.1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "CRITICAL", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T21:50:23Z", + "nvd_published_at": null + } +} \ No newline at end of file From 2f7e08e7290bcb51e4a5c7dd1b16e03e86d8e65f Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 21:59:30 +0000 Subject: [PATCH 100/222] Publish GHSA-wx95-c6cv-8532 --- .../GHSA-wx95-c6cv-8532.json | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-wx95-c6cv-8532/GHSA-wx95-c6cv-8532.json diff --git a/advisories/github-reviewed/2026/02/GHSA-wx95-c6cv-8532/GHSA-wx95-c6cv-8532.json b/advisories/github-reviewed/2026/02/GHSA-wx95-c6cv-8532/GHSA-wx95-c6cv-8532.json new file mode 100644 index 0000000000000..ddb15dfd85c75 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-wx95-c6cv-8532/GHSA-wx95-c6cv-8532.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wx95-c6cv-8532", + "modified": "2026-02-18T21:57:38Z", + "published": "2026-02-18T21:57:38Z", + "aliases": [], + "summary": "Nokogiri does not check the return value from xmlC14NExecute", + "details": "## Summary\n\nNokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.\n\nJRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.\n\n## Mitigation\n\nUpgrade to Nokogiri `>= 1.19.1`.\n\n## Severity\n\nThe maintainers have assessed this as **Medium** severity. Nokogiri itself is a parsing library without a clear security boundary related to canonicalization, so the direct impact is that a method returns incorrect data on invalid input. However, this behavior was exploited in practice to bypass SAML signature validation in downstream libraries (see References).\n\n## Credit\n\nThis vulnerability was responsibly reported by HackerOne researcher `d4d`.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "RubyGems", + "name": "nokogiri" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.5.1" + }, + { + "fixed": "1.19.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532" + }, + { + "type": "PACKAGE", + "url": "https://github.com/sparklemotion/nokogiri" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-252" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T21:57:38Z", + "nvd_published_at": null + } +} \ No newline at end of file From 41148b5be8d4f3f61e281f3c7866bdda69576f76 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 22:08:48 +0000 Subject: [PATCH 101/222] Publish Advisories GHSA-5pqf-54qp-32wx GHSA-93fx-g747-695x GHSA-fqx6-693c-f55g GHSA-gqx7-99jw-6fpr --- .../GHSA-5pqf-54qp-32wx.json | 69 ++++++++++++++++++ .../GHSA-93fx-g747-695x.json | 69 ++++++++++++++++++ .../GHSA-fqx6-693c-f55g.json | 70 +++++++++++++++++++ .../GHSA-gqx7-99jw-6fpr.json | 69 ++++++++++++++++++ 4 files changed, 277 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-93fx-g747-695x/GHSA-93fx-g747-695x.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-fqx6-693c-f55g/GHSA-fqx6-693c-f55g.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-gqx7-99jw-6fpr/GHSA-gqx7-99jw-6fpr.json diff --git a/advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json b/advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json new file mode 100644 index 0000000000000..39b124c867160 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json @@ -0,0 +1,69 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5pqf-54qp-32wx", + "modified": "2026-02-18T22:07:19Z", + "published": "2026-02-18T22:07:19Z", + "aliases": [ + "CVE-2026-26991" + ], + "summary": "LibreNMS /device-groups name Stored Cross-Site Scripting", + "details": "### Summary\n**/device-groups name Stored Cross-Site Scripting**\n- HTTP POST\n- Request-URI(s): \"/device-groups\"\n- Vulnerable parameter(s): \"name\"\n- Attacker must be authenticated with \"admin\" privileges.\n- When a user adds a device group, an HTTP POST request is sent to the Request-URI \"/device-groups\". The name of the newly created device group is stored in the value of the name parameter.\n- After the device group is created, the entry is displayed along with some relevant buttons like Rediscover Devices, Edit, and Delete.\n\n### Details\nThe vulnerability exists as the name of the device group is not sanitized of HTML/JavaScript-related characters\nor strings. When the delete button is rendered, the following template is used to render the page:\n\n_resources/views/device-group/index.blade.php:_\n```\n@section('title', __('Device Groups'))\n@section('content')\n
\n\n// [...Truncated...]\n@foreach($device_groups as $device_group)\n// [...Truncated...]\n\n