Publish Advisories

GHSA-8jj6-9qc9-r5x4
GHSA-g5rv-h647-hjj3
GHSA-jc4q-h995-9f9w
GHSA-wmgp-r59p-x29f

Author: advisory-database[bot]

advisories/unreviewed/2026/01/GHSA-8jj6-9qc9-r5x4/GHSA-8jj6-9qc9-r5x4.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8jj6-9qc9-r5x4",
+  "modified": "2026-01-18T06:30:22Z",
+  "published": "2026-01-18T06:30:22Z",
+  "aliases": [
+    "CVE-2026-1110"
+  ],
+  "details": "A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtsp_parse_method. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1110"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/fizz-is-on-the-way/vuls_protocol/blob/main/librtsp_rtsp_parse_method/librtsp_rtsp_parse_method.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.341702"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.341702"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.732603"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-18T05:16:19Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-g5rv-h647-hjj3/GHSA-g5rv-h647-hjj3.json

@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g5rv-h647-hjj3",
+  "modified": "2026-01-18T06:30:22Z",
+  "published": "2026-01-18T06:30:22Z",
+  "aliases": [
+    "CVE-2025-15533"
+  ],
+  "details": "A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15533"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/raysan5/raylib/issues/5433"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/raysan5/raylib/pull/5450"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/oneafter/1224/blob/main/hbf2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.341705"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.341705"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.733341"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.733342"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-18T05:16:16Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-jc4q-h995-9f9w/GHSA-jc4q-h995-9f9w.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jc4q-h995-9f9w",
+  "modified": "2026-01-18T06:30:23Z",
+  "published": "2026-01-18T06:30:23Z",
+  "aliases": [
+    "CVE-2026-1111"
+  ],
+  "details": "A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1111"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/AnalogyC0de/public_exp/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.341703"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.341703"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.732726"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-18T06:16:01Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-wmgp-r59p-x29f/GHSA-wmgp-r59p-x29f.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wmgp-r59p-x29f",
+  "modified": "2026-01-18T06:30:22Z",
+  "published": "2026-01-18T06:30:22Z",
+  "aliases": [
+    "CVE-2026-1109"
+  ],
+  "details": "A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. Attacking locally is a requirement. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1109"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/fizz-is-on-the-way/vuls_protocol/blob/main/librtsp_rtsp_parse_request/librtsp_rtsp_parse_request.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.341701"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.341701"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.732599"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-18T04:15:59Z"
+  }
+}