Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2021/11/GHSA-cqc3-xrjw-8pwv/GHSA-cqc3-xrjw-8pwv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cqc3-xrjw-8pwv",
-  "modified": "2021-11-30T00:00:51Z",
+  "modified": "2026-01-30T18:31:10Z",
   "published": "2021-11-30T00:00:51Z",
   "aliases": [
     "CVE-2021-24749"
   ],
   "details": "The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2026/01/GHSA-286p-xvv8-3qx5/GHSA-286p-xvv8-3qx5.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-286p-xvv8-3qx5",
+  "modified": "2026-01-30T18:31:15Z",
+  "published": "2026-01-30T18:31:15Z",
+  "aliases": [
+    "CVE-2020-37003"
+  ],
+  "details": "Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that can hijack user sessions and manipulate application modules.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37003"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/48467"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sellacious.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sellacious.com/free-open-source-ecommerce-software"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/sellacious-ecommerce-persistent-cross-site-scripting"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulnerability-lab.com/get_content.php?id=2226"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T17:16:10Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2xxq-pq3h-297f/GHSA-2xxq-pq3h-297f.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2xxq-pq3h-297f",
+  "modified": "2026-01-30T18:31:15Z",
+  "published": "2026-01-30T18:31:15Z",
+  "aliases": [
+    "CVE-2026-1686"
+  ],
+  "details": "A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1686"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.343480"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.343480"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.740888"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.totolink.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T16:16:12Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-38mq-gg8g-j53r/GHSA-38mq-gg8g-j53r.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-77"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/01/GHSA-39cv-xcc4-9q3h/GHSA-39cv-xcc4-9q3h.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-77"
+      "CWE-77",
+      "CWE-78"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2026/01/GHSA-3vjv-ww5h-3x77/GHSA-3vjv-ww5h-3x77.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3vjv-ww5h-3x77",
+  "modified": "2026-01-30T18:31:15Z",
+  "published": "2026-01-30T18:31:15Z",
+  "aliases": [
+    "CVE-2020-37014"
+  ],
+  "details": "Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37014"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/48466"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tryton.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tryton.org/download"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/tryton-persistent-cross-site-scripting"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulnerability-lab.com/get_content.php?id=2233"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T17:16:11Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-4rcj-vhqg-6g52/GHSA-4rcj-vhqg-6g52.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4rcj-vhqg-6g52",
-  "modified": "2026-01-22T18:30:39Z",
+  "modified": "2026-01-30T18:31:14Z",
   "published": "2026-01-22T18:30:39Z",
   "aliases": [
     "CVE-2026-0534"

advisories/unreviewed/2026/01/GHSA-4vwr-5vph-4mjg/GHSA-4vwr-5vph-4mjg.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4vwr-5vph-4mjg",
+  "modified": "2026-01-30T18:31:16Z",
+  "published": "2026-01-30T18:31:16Z",
+  "aliases": [
+    "CVE-2025-15497"
+  ],
+  "details": "Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15497"
+    },
+    {
+      "type": "WEB",
+      "url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-15497"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-617"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T18:15:55Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-5hpc-pqrr-8j6m/GHSA-5hpc-pqrr-8j6m.json

@@ -29,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-416"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/01/GHSA-5vqf-8g9x-xgcv/GHSA-5vqf-8g9x-xgcv.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5vqf-8g9x-xgcv",
+  "modified": "2026-01-30T18:31:16Z",
+  "published": "2026-01-30T18:31:16Z",
+  "aliases": [
+    "CVE-2026-1700"
+  ],
+  "details": "A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1700"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jiahao412/CVE/issues/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.343490"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.343490"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.741977"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T17:16:14Z"
+  }
+}