Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-856v-8qm2-9wjv",
-  "modified": "2026-01-15T18:31:26Z",
+  "modified": "2026-01-16T00:30:52Z",
   "published": "2025-08-07T21:31:08Z",
   "aliases": [
     "CVE-2025-7195"
@@ -52,6 +52,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-7195"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0737"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0722"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0718"

advisories/unreviewed/2025/12/GHSA-3r28-hhhx-hfjf/GHSA-3r28-hhhx-hfjf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3r28-hhhx-hfjf",
-  "modified": "2025-12-12T00:30:20Z",
+  "modified": "2026-01-16T00:30:53Z",
   "published": "2025-12-11T21:31:33Z",
   "aliases": [
     "CVE-2025-36934"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36934"
     },
+    {
+      "type": "WEB",
+      "url": "https://project-zero.issues.chromium.org/issues/426567975"
+    },
     {
       "type": "WEB",
       "url": "https://source.android.com/security/bulletin/pixel/2025-12-01"

advisories/unreviewed/2026/01/GHSA-2vwg-39m6-fw44/GHSA-2vwg-39m6-fw44.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vwg-39m6-fw44",
+  "modified": "2026-01-16T00:30:54Z",
+  "published": "2026-01-16T00:30:54Z",
+  "aliases": [
+    "CVE-2026-1008"
+  ],
+  "details": "A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques.\nThe injected payload is persisted and executed when other users view the affected profile page, potentially allowing session token theft, phishing attacks, or malicious redirects. Exploitation requires an authenticated account and user interaction to view the crafted profile.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1008"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.altium.com/platform/security-compliance/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-15T23:15:50Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3486-2953-r9fc/GHSA-3486-2953-r9fc.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3486-2953-r9fc",
+  "modified": "2026-01-16T00:30:54Z",
+  "published": "2026-01-16T00:30:54Z",
+  "aliases": [
+    "CVE-2021-47782"
+  ],
+  "details": "Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/v1/trafficCycle/ endpoint to manipulate PostgreSQL database queries and potentially extract sensitive information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47782"
+    },
+    {
+      "type": "WEB",
+      "url": "https://odine.com/solutions/gatekeeper"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/50381"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/odine-solutions-gatekeeper-trafficcycle-sql-injection"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-16T00:16:21Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3p5q-2rr6-m932/GHSA-3p5q-2rr6-m932.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3p5q-2rr6-m932",
+  "modified": "2026-01-16T00:30:54Z",
+  "published": "2026-01-16T00:30:54Z",
+  "aliases": [
+    "CVE-2021-47785"
+  ],
+  "details": "Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers and execute a bind shell on port 3110 by exploiting improper input validation.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47785"
+    },
+    {
+      "type": "WEB",
+      "url": "https://download.cnet.com/mp3avimpegwmvrm-to-audio-cd-burner/3000-2646_4-10658515.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/50332"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/ethermpcdburner-buffer-overflow-seh"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-16T00:16:21Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-429r-fcw9-gj73/GHSA-429r-fcw9-gj73.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-429r-fcw9-gj73",
+  "modified": "2026-01-16T00:30:55Z",
+  "published": "2026-01-16T00:30:55Z",
+  "aliases": [
+    "CVE-2025-14236"
+  ],
+  "details": "Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14236"
+    },
+    {
+      "type": "WEB",
+      "url": "https://canon.jp/support/support-info/260115vulnerability-response"
+    },
+    {
+      "type": "WEB",
+      "url": "https://psirt.canon/advisory-information/cp2026-001"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.canon-europe.com/support/product-security"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-16T00:16:28Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-44f7-qvr5-xm7g/GHSA-44f7-qvr5-xm7g.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-44f7-qvr5-xm7g",
-  "modified": "2026-01-15T21:31:48Z",
+  "modified": "2026-01-16T00:30:54Z",
   "published": "2026-01-15T21:31:48Z",
   "aliases": [
     "CVE-2025-70892"
   ],
   "details": "Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-15T21:16:05Z"

advisories/unreviewed/2026/01/GHSA-474v-g7v9-75hp/GHSA-474v-g7v9-75hp.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-474v-g7v9-75hp",
+  "modified": "2026-01-16T00:30:55Z",
+  "published": "2026-01-16T00:30:55Z",
+  "aliases": [
+    "CVE-2021-47812"
+  ],
+  "details": "GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47812"
+    },
+    {
+      "type": "WEB",
+      "url": "https://getgrav.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/49973"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/gravcms-arbitrary-yaml-writeupdate-unauthenticated"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-16T00:16:26Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-489q-8735-fm7w/GHSA-489q-8735-fm7w.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-489q-8735-fm7w",
+  "modified": "2026-01-16T00:30:55Z",
+  "published": "2026-01-16T00:30:55Z",
+  "aliases": [
+    "CVE-2021-47798"
+  ],
+  "details": "NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47798"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/50154"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.noteburner.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/noteburner-denial-of-service-dos-poc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-16T00:16:24Z"
+  }
+}