Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 0561ba89f653 · 2026-04-05T18:31:50.000Z
GHSA-572h-cr7p-cmh8 GHSA-8mc4-x5m7-gvc2 GHSA-cq7w-jw8v-vp8v GHSA-crcm-pxx2-c5jm GHSA-fcfc-xfj5-6mm2 GHSA-gv9f-prh6-r6hh GHSA-q6hf-ggqp-fj8w GHSA-wq22-89f5-r25f GHSA-x6hr-674c-qfc3
diff --git a/advisories/unreviewed/2026/04/GHSA-572h-cr7p-cmh8/GHSA-572h-cr7p-cmh8.json b/advisories/unreviewed/2026/04/GHSA-572h-cr7p-cmh8/GHSA-572h-cr7p-cmh8.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-572h-cr7p-cmh8",
+  "modified": "2026-04-05T18:30:15Z",
+  "published": "2026-04-05T18:30:15Z",
+  "aliases": [
+    "CVE-2026-5577"
+  ],
+  "details": "A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachine_app.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5577"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/wing3e/public_exp/issues/24"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/783502"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355347"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355347/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-05T16:16:19Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-8mc4-x5m7-gvc2/GHSA-8mc4-x5m7-gvc2.json b/advisories/unreviewed/2026/04/GHSA-8mc4-x5m7-gvc2/GHSA-8mc4-x5m7-gvc2.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8mc4-x5m7-gvc2",
+  "modified": "2026-04-05T18:30:15Z",
+  "published": "2026-04-05T18:30:15Z",
+  "aliases": [
+    "CVE-2026-5584"
+  ],
+  "details": "A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5584"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/August829/CVEP/issues/29"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/784052"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355383"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355383/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-05T17:16:57Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-cq7w-jw8v-vp8v/GHSA-cq7w-jw8v-vp8v.json b/advisories/unreviewed/2026/04/GHSA-cq7w-jw8v-vp8v/GHSA-cq7w-jw8v-vp8v.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cq7w-jw8v-vp8v",
+  "modified": "2026-04-05T18:30:15Z",
+  "published": "2026-04-05T18:30:15Z",
+  "aliases": [
+    "CVE-2026-5578"
+  ],
+  "details": "A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a manipulation of the argument deleteid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5578"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/zgr0508/cve/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://codeastro.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/783751"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355348"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355348/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-05T16:16:19Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-crcm-pxx2-c5jm/GHSA-crcm-pxx2-c5jm.json b/advisories/unreviewed/2026/04/GHSA-crcm-pxx2-c5jm/GHSA-crcm-pxx2-c5jm.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-crcm-pxx2-c5jm",
+  "modified": "2026-04-05T18:30:15Z",
+  "published": "2026-04-05T18:30:15Z",
+  "aliases": [
+    "CVE-2026-5576"
+  ],
+  "details": "A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5576"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/whatyourname12345/CVE/blob/main/PRMS/cve_Arbitrary%20File%20Upload%20to%20RCE.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/783473"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355346"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355346/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-05T16:16:19Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-fcfc-xfj5-6mm2/GHSA-fcfc-xfj5-6mm2.json b/advisories/unreviewed/2026/04/GHSA-fcfc-xfj5-6mm2/GHSA-fcfc-xfj5-6mm2.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fcfc-xfj5-6mm2",
+  "modified": "2026-04-05T18:30:16Z",
+  "published": "2026-04-05T18:30:16Z",
+  "aliases": [
+    "CVE-2026-5585"
+  ],
+  "details": "A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5585"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/YLChen-007/fe4b834144ad535d167507c2008d4011"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/784198"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355384"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355384/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-05T18:16:17Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-gv9f-prh6-r6hh/GHSA-gv9f-prh6-r6hh.json b/advisories/unreviewed/2026/04/GHSA-gv9f-prh6-r6hh/GHSA-gv9f-prh6-r6hh.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gv9f-prh6-r6hh",
+  "modified": "2026-04-05T18:30:16Z",
+  "published": "2026-04-05T18:30:16Z",
+  "aliases": [
+    "CVE-2026-5586"
+  ],
+  "details": "A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5586"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Ka7arotto/cve/blob/main/openchatbi-SQL/issue.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/784454"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355385"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355385/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-05T18:16:17Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-q6hf-ggqp-fj8w/GHSA-q6hf-ggqp-fj8w.json b/advisories/unreviewed/2026/04/GHSA-q6hf-ggqp-fj8w/GHSA-q6hf-ggqp-fj8w.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q6hf-ggqp-fj8w",
+  "modified": "2026-04-05T18:30:15Z",
+  "published": "2026-04-05T18:30:15Z",
+  "aliases": [
+    "CVE-2026-5579"
+  ],
+  "details": "A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parameter Handler. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5579"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/zgr0508/cve/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://codeastro.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/783752"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355349"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355349/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-05T16:16:20Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-wq22-89f5-r25f/GHSA-wq22-89f5-r25f.json b/advisories/unreviewed/2026/04/GHSA-wq22-89f5-r25f/GHSA-wq22-89f5-r25f.json
diff --git a/advisories/unreviewed/2026/04/GHSA-x6hr-674c-qfc3/GHSA-x6hr-674c-qfc3.json b/advisories/unreviewed/2026/04/GHSA-x6hr-674c-qfc3/GHSA-x6hr-674c-qfc3.json
