Asrar mared/advisory improvement 7038

advisories/github-reviewed/2021/03/GHSA-5mg8-w23w-74h3/GHSA-5mg8-w23w-74h3.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5mg8-w23w-74h3",
-  "modified": "2023-08-18T15:56:36Z",
+  "modified": "2026-02-23T22:45:53Z",
   "published": "2021-03-25T17:04:19Z",
   "aliases": [
     "CVE-2020-8908"
   ],
   "summary": "Information Disclosure in Guava",
-  "details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\n",
+  "details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8v38-pw62-9cw2",
-  "modified": "2025-12-20T03:15:43Z",
+  "modified": "2026-02-20T19:56:16Z",
   "published": "2022-02-18T00:00:33Z",
   "aliases": [
     "CVE-2022-0639"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.0.0"
             },
             {
               "fixed": "1.5.7"

advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rqff-837h-mm52",
-  "modified": "2022-02-24T14:00:06Z",
+  "modified": "2026-02-20T19:56:07Z",
   "published": "2022-02-15T00:02:46Z",
   "aliases": [
     "CVE-2022-0512"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "0.1.0"
             },
             {
               "fixed": "1.5.6"

advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gx7g-wjxg-jwwj",
-  "modified": "2022-04-18T22:17:42Z",
+  "modified": "2026-02-18T23:33:34Z",
   "published": "2022-04-04T00:00:55Z",
   "aliases": [
     "CVE-2022-0088"
@@ -52,6 +52,10 @@
       "type": "WEB",
       "url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/yourls/yourls"

advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mg5h-rhjq-6v84",
-  "modified": "2022-11-01T20:35:47Z",
+  "modified": "2026-02-18T23:33:51Z",
   "published": "2022-10-31T12:00:18Z",
   "aliases": [
     "CVE-2022-3766"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/thorsten/phpmyfaq"

advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cp9c-phxx-55xm",
-  "modified": "2022-12-12T22:08:01Z",
+  "modified": "2026-02-18T23:34:01Z",
   "published": "2022-12-11T15:30:45Z",
   "aliases": [
     "CVE-2022-4407"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/thorsten/phpmyfaq"

advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5pxr-7m4j-jjc6",
-  "modified": "2025-03-19T14:49:46Z",
+  "modified": "2026-02-18T23:46:36Z",
   "published": "2024-06-07T19:37:10Z",
   "aliases": [
     "CVE-2024-37160"
   ],
   "summary": "Cross-site scripting (XSS) vulnerability in Description metadata",
-  "details": "### Summary\nRegardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS will trigger on any page a victim visits, such as the about, blog, contact, or any other pages, except for the panel.\n\n### Impact\nThis vulnerability allows attackers to inject malicious JS or HTML through a crafted payload into the vulnerable spot, achieving persistence and attacking numerous visitors or anyone accessing the website. The attack can be widespread and affect many users because the malicious JS will execute on every page, unlike an injection on a specific page (e.g., injecting on the About page would only affect that page). In this case, a single injection point leads to the execution of the malicious JS on all pages.\n\n### Patches\n- [**Formwork 1.13.1**](https://github.com/getformwork/formwork/releases/tag/1.13.1) has been released with a patch that solves this vulnerability by escaping all metadata attributes.\n- [**Formwork 2.x** (f531201)](https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5) also escapes metadata attributes.\n\n### Details\nAn attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard).\n\n### PoC\n1. Log in with an Administrator user account.\n2. Navigate to /panel/options/site/.\n3. Inject the JS script by adding to the description field.\n4. Simulate a victim who is not a site member visiting the website. You will notice that the JS script executes on every page they vis\n\n![image](https://github.com/getformwork/formwork/assets/170840940/1c40be24-3367-4c80-bb44-9db64ef88970)\n![image](https://github.com/getformwork/formwork/assets/170840940/68dd5bff-9db1-441b-a3b3-a0c014565f59)\n![image](https://github.com/getformwork/formwork/assets/170840940/3cd84c39-9b44-49d0-8b6a-6c8aeda7e49f)\n![image](https://github.com/getformwork/formwork/assets/170840940/f45afd87-80e9-4cf1-8121-bb4e121849c9)",
+  "details": "### Summary\nRegardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS will trigger on any page a victim visits, such as the about, blog, contact, or any other pages, except for the panel.\n\n### Impact\nThis vulnerability allows attackers to inject malicious JS or HTML through a crafted payload into the vulnerable spot, achieving persistence and attacking numerous visitors or anyone accessing the website. The attack can be widespread and affect many users because the malicious JS will execute on every page, unlike an injection on a specific page (e.g., injecting on the About page would only affect that page). In this case, a single injection point leads to the execution of the malicious JS on all pages.\n\n### Patches\n- [**Formwork 1.13.1**](https://github.com/getformwork/formwork/releases/tag/1.13.1) has been released with a patch that solves this vulnerability by escaping all metadata attributes.\n- [**Formwork 2.x** (f531201)](https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5) also escapes metadata attributes.\n\n### Details\nAn attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard).",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2025/03/GHSA-c85w-x26q-ch87/GHSA-c85w-x26q-ch87.json

@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c85w-x26q-ch87",
-  "modified": "2025-03-16T17:19:23Z",
+  "modified": "2026-02-18T23:47:37Z",
   "published": "2025-03-01T00:11:52Z",
   "aliases": [],
   "summary": "Formwork improperly validates input of User role preventing site and panel availability",
-  "details": "### Summary\n\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\n\nThe attack involves injecting any invalid user role value (e.g. \">\") into the Role=User parameter in the /panel/users/{name}/profile page, which is the user profile update page.\nDoing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\n\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.\n\n### PoC\n\n![2025-02-27_10-25](https://github.com/user-attachments/assets/4b5a2d71-3397-4a5b-8464-35752376115a)\n\n1. Intercept the request and inject an input that will trigger an error.\n\n![2025-02-27_10-25_1](https://github.com/user-attachments/assets/a888c109-a724-4478-ae80-d9e8b05ef1aa)\n\n![image](https://github.com/user-attachments/assets/e81bb9fc-8c92-413c-8cc0-0bcffd2e2922)\n\n2.After that, it will be observed that the system is shut down or completely broken. Even changing the browser or resetting the server will not be able to restore it.",
+  "details": "### Summary\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\nThe attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json

@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vf6x-59hh-332f",
-  "modified": "2025-03-17T20:27:03Z",
+  "modified": "2026-02-18T23:47:22Z",
   "published": "2025-03-01T00:11:46Z",
   "aliases": [],
   "summary": " Formwork has a cross-site scripting (XSS) vulnerability in Site title",
-  "details": "### Summary\n\nThe site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users.\n\n### Impact\n\nThe attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability.\n\n### Patches\n- [**Formwork 2.x** (aa3e9c6)](https://github.com/getformwork/formwork/commit/aa3e9c684035d9e8495169fde7c57d97faa3f9a2) escapes site title from panel header navigation.\n\n### Details\n\nBy embedding \"<!--\", the source code can be rendered non-functional, significantly impacting system availability. However, the attacker would need admin privileges, making the attack more difficult to execute.\n\n### PoC\n\n![image](https://github.com/user-attachments/assets/8fc68f6f-8bc4-4b97-8b93-dee5b88a3fcf)\n\n1. The page where the vulnerability was found, and the attack surface is the Title field.\n![image](https://github.com/user-attachments/assets/dbf94354-7115-4d3b-81ba-6b6aff561b81)\n\n2. I tested accessing the Dashboard page using a regular user account with Firefox, a different browser, and found that it was also affected.\n![image](https://github.com/user-attachments/assets/0e72129a-7f2d-4f0e-b85e-0b1cedfd377e)\n\n3. Additionally, the remaining code was commented out to disrupt the UX/UI, making it difficult to revert the settings.",
+  "details": "### Summary\n\nThe site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users.\n\n### Impact\n\nThe attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability.\n\n### Patches\n- [**Formwork 2.x** (aa3e9c6)](https://github.com/getformwork/formwork/commit/aa3e9c684035d9e8495169fde7c57d97faa3f9a2) escapes site title from panel header navigation.\n\n### Details\n\nBy embedding \"<!--\", the source code can be rendered non-functional, significantly impacting system availability. However, the attacker would need admin privileges, making the attack more difficult to execute.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2025/04/GHSA-pmc3-p9hx-jq96/GHSA-pmc3-p9hx-jq96.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pmc3-p9hx-jq96",
-  "modified": "2025-04-23T14:43:44Z",
+  "modified": "2026-02-20T16:51:12Z",
   "published": "2025-04-23T14:43:44Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-26994"
+  ],
   "summary": "uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries",
   "details": "### Description\nBefore version 1.7.0, utls did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a utls ClientHello spec. This allowed an active network adversary to downgrade TLS 1.3 connections initiated by a utls client to a lower TLS version (e.g., TLS 1.2) by modifying the ClientHello message to exclude the SupportedVersions extension, causing the server to respond with a TLS 1.2 ServerHello (along with a downgrade canary in the ServerHello random field). Because utls did not check the downgrade canary in the ServerHello random field, clients would accept the downgraded connection without detecting the attack. This attack could also be used by an active network attacker to fingerprint utls connections.\n\n### Fix Commit or Pull Request\n\nrefraction-networking/utls#337, specifically refraction-networking/utls@f8892761e2a4d29054264651d3a86fda83bc83f9\n\n### References\n\n- https://github.com/refraction-networking/utls/issues/181",
   "severity": [
@@ -38,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/refraction-networking/utls/security/advisories/GHSA-pmc3-p9hx-jq96"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26994"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/refraction-networking/utls/issues/181"
@@ -62,6 +68,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-04-23T14:43:44Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-20T03:16:01Z"
   }
 }

advisories/github-reviewed/2025/06/GHSA-8j8w-wwqc-x596/GHSA-8j8w-wwqc-x596.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8j8w-wwqc-x596",
-  "modified": "2025-12-22T18:41:25Z",
+  "modified": "2026-02-20T21:48:11Z",
   "published": "2025-06-02T06:30:32Z",
   "aliases": [
     "CVE-2025-49113"
@@ -99,6 +99,10 @@
       "type": "WEB",
       "url": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113"
+    },
     {
       "type": "WEB",
       "url": "https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script"

advisories/github-reviewed/2025/10/GHSA-fwxx-wv44-7qfg/GHSA-fwxx-wv44-7qfg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fwxx-wv44-7qfg",
-  "modified": "2025-10-16T21:29:31Z",
+  "modified": "2026-02-19T22:00:41Z",
   "published": "2025-10-16T15:30:43Z",
   "aliases": [
     "CVE-2025-41253"
@@ -18,17 +18,74 @@
     {
       "package": {
         "ecosystem": "Maven",
-        "name": "org.springframework.cloud:spring-cloud-gateway-server-webflux"
+        "name": "org.springframework.cloud:spring-cloud-gateway-server"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "3.1.0"
+              "introduced": "4.3.0"
             },
             {
-              "last_affected": "4.3.0"
+              "fixed": "4.3.2"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.cloud:spring-cloud-gateway-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "4.2.0"
+            },
+            {
+              "fixed": "4.2.6"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.cloud:spring-cloud-gateway-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "4.0.0"
+            },
+            {
+              "last_affected": "4.1.9"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.cloud:spring-cloud-gateway-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.1.10"
             }
           ]
         }