Publish Advisories

GHSA-q4hc-vp2m-fr47
GHSA-wc8x-254r-w3mh
GHSA-29r8-gvx4-r9w3
GHSA-755r-r738-mjgp
GHSA-92gg-mqgx-hqg4
GHSA-p5g2-8j3h-474p
GHSA-q8w5-c2m8-wxrx

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-q4hc-vp2m-fr47/GHSA-q4hc-vp2m-fr47.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q4hc-vp2m-fr47",
-  "modified": "2026-03-11T00:31:30Z",
+  "modified": "2026-03-17T09:31:28Z",
   "published": "2026-02-23T18:32:02Z",
   "aliases": [
     "CVE-2025-14905"
@@ -39,6 +39,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:4207"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:4661"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14905"

advisories/unreviewed/2026/02/GHSA-wc8x-254r-w3mh/GHSA-wc8x-254r-w3mh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wc8x-254r-w3mh",
-  "modified": "2026-02-19T21:30:46Z",
+  "modified": "2026-03-17T09:31:28Z",
   "published": "2026-02-19T18:31:53Z",
   "aliases": [
     "CVE-2026-27052"

advisories/unreviewed/2026/03/GHSA-29r8-gvx4-r9w3/GHSA-29r8-gvx4-r9w3.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-29r8-gvx4-r9w3",
+  "modified": "2026-03-17T09:31:28Z",
+  "published": "2026-03-17T09:31:28Z",
+  "aliases": [
+    "CVE-2026-4208"
+  ],
+  "details": "The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4208"
+    },
+    {
+      "type": "WEB",
+      "url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-007"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T09:16:14Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-755r-r738-mjgp/GHSA-755r-r738-mjgp.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-755r-r738-mjgp",
+  "modified": "2026-03-17T09:31:28Z",
+  "published": "2026-03-17T09:31:28Z",
+  "aliases": [
+    "CVE-2026-4202"
+  ],
+  "details": "The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4202"
+    },
+    {
+      "type": "WEB",
+      "url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-006"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T09:16:14Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-92gg-mqgx-hqg4/GHSA-92gg-mqgx-hqg4.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-92gg-mqgx-hqg4",
+  "modified": "2026-03-17T09:31:28Z",
+  "published": "2026-03-17T09:31:28Z",
+  "aliases": [
+    "CVE-2026-4312"
+  ],
+  "details": "GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4312"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/en/cp-139-10785-2cafe-2.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/tw/cp-132-10784-4f67d-1.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T08:15:57Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-p5g2-8j3h-474p/GHSA-p5g2-8j3h-474p.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p5g2-8j3h-474p",
+  "modified": "2026-03-17T09:31:28Z",
+  "published": "2026-03-17T09:31:28Z",
+  "aliases": [
+    "CVE-2026-32586"
+  ],
+  "details": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a before 7.11.3.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32586"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/wordpress/plugin/woocommerce-jetpack/vulnerability/wordpress-booster-for-woocommerce-plugin-7-11-3-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T09:16:14Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-q8w5-c2m8-wxrx/GHSA-q8w5-c2m8-wxrx.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q8w5-c2m8-wxrx",
+  "modified": "2026-03-17T09:31:28Z",
+  "published": "2026-03-17T09:31:28Z",
+  "aliases": [
+    "CVE-2026-3237"
+  ],
+  "details": "In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3237"
+    },
+    {
+      "type": "WEB",
+      "url": "https://advisories.octopus.com/post/2026/sa2026-03"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T07:16:03Z"
+  }
+}