Skip to content

Commit 15444e4

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-pm8w-jq9r-x5rp GHSA-xrqh-48jh-pjv2 GHSA-42cx-f4wf-mcfc GHSA-6qmc-wjmv-rgqw GHSA-7h2q-r7w3-qfpr GHSA-7rp3-m58h-6q3h GHSA-943q-mmq9-p7r8 GHSA-c8jg-j229-hx29 GHSA-cjcp-vc46-rm2h GHSA-fwhv-4w7x-fj6c GHSA-h9j8-7524-2rxp GHSA-v373-4mh7-8fh7 GHSA-w655-jfw2-w74h
1 parent f03416e commit 15444e4

13 files changed

Lines changed: 610 additions & 2 deletions

File tree

advisories/unreviewed/2026/02/GHSA-pm8w-jq9r-x5rp/GHSA-pm8w-jq9r-x5rp.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-pm8w-jq9r-x5rp",
4-
"modified": "2026-04-06T09:31:42Z",
4+
"modified": "2026-04-06T12:32:09Z",
55
"published": "2026-02-09T15:30:31Z",
66
"aliases": [
77
"CVE-2025-14831"
@@ -43,6 +43,10 @@
4343
"type": "WEB",
4444
"url": "https://access.redhat.com/errata/RHSA-2026:5606"
4545
},
46+
{
47+
"type": "WEB",
48+
"url": "https://access.redhat.com/errata/RHSA-2026:6618"
49+
},
4650
{
4751
"type": "WEB",
4852
"url": "https://access.redhat.com/errata/RHSA-2026:6630"

advisories/unreviewed/2026/03/GHSA-xrqh-48jh-pjv2/GHSA-xrqh-48jh-pjv2.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-xrqh-48jh-pjv2",
4-
"modified": "2026-03-19T12:30:32Z",
4+
"modified": "2026-04-06T12:32:09Z",
55
"published": "2026-03-13T21:31:51Z",
66
"aliases": [
77
"CVE-2026-4111"
@@ -31,6 +31,10 @@
3131
"type": "WEB",
3232
"url": "https://access.redhat.com/errata/RHSA-2026:5080"
3333
},
34+
{
35+
"type": "WEB",
36+
"url": "https://access.redhat.com/errata/RHSA-2026:6647"
37+
},
3438
{
3539
"type": "WEB",
3640
"url": "https://access.redhat.com/security/cve/CVE-2026-4111"

advisories/unreviewed/2026/04/GHSA-42cx-f4wf-mcfc/GHSA-42cx-f4wf-mcfc.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-42cx-f4wf-mcfc",
4+
"modified": "2026-04-06T12:32:10Z",
5+
"published": "2026-04-06T12:32:10Z",
6+
"aliases": [
7+
"CVE-2026-5650"
8+
],
9+
"details": "A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5650"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20Application%20System%20for%20Admission%20PHP%20Exposed%20Database%20Backup.md"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/786307"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355438"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/355438/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-200"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-06T12:16:19Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-6qmc-wjmv-rgqw/GHSA-6qmc-wjmv-rgqw.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6qmc-wjmv-rgqw",
4+
"modified": "2026-04-06T12:32:09Z",
5+
"published": "2026-04-06T12:32:09Z",
6+
"aliases": [
7+
"CVE-2026-5641"
8+
],
9+
"details": "A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5641"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/f1rstb100d/CVE/issues/19"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://phpgurukul.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/785993"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355429"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/355429/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-06T10:16:02Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-7h2q-r7w3-qfpr/GHSA-7h2q-r7w3-qfpr.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7h2q-r7w3-qfpr",
4+
"modified": "2026-04-06T12:32:09Z",
5+
"published": "2026-04-06T12:32:09Z",
6+
"aliases": [
7+
"CVE-2026-5644"
8+
],
9+
"details": "A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $_SERVER['PHP_SELF'] results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5644"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Cyber-III/Student-Management-System/issues/238"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/Cyber-III/Student-Management-System"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/785867"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355432"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/355432/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-79"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-06T10:16:03Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-7rp3-m58h-6q3h/GHSA-7rp3-m58h-6q3h.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7rp3-m58h-6q3h",
4+
"modified": "2026-04-06T12:32:10Z",
5+
"published": "2026-04-06T12:32:10Z",
6+
"aliases": [
7+
"CVE-2026-5646"
8+
],
9+
"details": "A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5646"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/MyMySSS/cve/blob/main/cve.md"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/786150"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355434"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/355434/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-06T11:17:03Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-943q-mmq9-p7r8/GHSA-943q-mmq9-p7r8.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-943q-mmq9-p7r8",
4+
"modified": "2026-04-06T12:32:10Z",
5+
"published": "2026-04-06T12:32:10Z",
6+
"aliases": [
7+
"CVE-2026-5647"
8+
],
9+
"details": "A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argument product_name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5647"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Jacky159/Pub_0323/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/786171"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355435"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/355435/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-79"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-06T11:17:03Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-c8jg-j229-hx29/GHSA-c8jg-j229-hx29.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-c8jg-j229-hx29",
4+
"modified": "2026-04-06T12:32:10Z",
5+
"published": "2026-04-06T12:32:09Z",
6+
"aliases": [
7+
"CVE-2026-5645"
8+
],
9+
"details": "A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a manipulation of the argument mpesa can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5645"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/2840364044/SQL-Vulnerability-database/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/786149"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/355433"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355433/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-74"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-06T11:17:03Z"
51+
}
52+
}

0 commit comments

Comments
 (0)