Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/01/GHSA-6v4g-392h-r9mh/GHSA-6v4g-392h-r9mh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6v4g-392h-r9mh",
-  "modified": "2026-03-13T21:31:39Z",
+  "modified": "2026-03-16T15:30:31Z",
   "published": "2026-01-14T18:31:36Z",
   "aliases": [
     "CVE-2025-14242"
@@ -59,6 +59,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:4550"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:4553"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:4554"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14242"

advisories/unreviewed/2026/02/GHSA-3frw-32pg-5m86/GHSA-3frw-32pg-5m86.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3frw-32pg-5m86",
-  "modified": "2026-02-13T00:32:51Z",
+  "modified": "2026-03-16T15:30:31Z",
   "published": "2026-02-12T00:31:03Z",
   "aliases": [
     "CVE-2026-20611"
@@ -50,6 +50,10 @@
     {
       "type": "WEB",
       "url": "https://support.apple.com/en-us/126353"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-173"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-6xrf-46c8-4wmj/GHSA-6xrf-46c8-4wmj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6xrf-46c8-4wmj",
-  "modified": "2026-02-13T21:31:34Z",
+  "modified": "2026-03-16T15:30:31Z",
   "published": "2026-02-12T00:31:04Z",
   "aliases": [
     "CVE-2026-20616"
@@ -34,6 +34,10 @@
     {
       "type": "WEB",
       "url": "https://support.apple.com/en-us/126353"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-176"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-7fj8-2w2v-gvp9/GHSA-7fj8-2w2v-gvp9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7fj8-2w2v-gvp9",
-  "modified": "2026-02-21T06:30:17Z",
+  "modified": "2026-03-16T15:30:32Z",
   "published": "2026-02-21T06:30:17Z",
   "aliases": [
     "CVE-2026-2861"
@@ -46,6 +46,14 @@
     {
       "type": "WEB",
       "url": "https://vuldb.com/?submit.753966"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/03/15/1"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/03/16/1"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-f4xv-648j-g6xj/GHSA-f4xv-648j-g6xj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f4xv-648j-g6xj",
-  "modified": "2026-02-05T15:31:14Z",
+  "modified": "2026-03-16T15:30:31Z",
   "published": "2026-02-05T15:31:14Z",
   "aliases": [
     "CVE-2025-13491"

advisories/unreviewed/2026/02/GHSA-pmfg-h9xp-96jh/GHSA-pmfg-h9xp-96jh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pmfg-h9xp-96jh",
-  "modified": "2026-02-13T00:32:51Z",
+  "modified": "2026-03-16T15:30:31Z",
   "published": "2026-02-12T00:31:05Z",
   "aliases": [
     "CVE-2026-20675"
@@ -50,6 +50,10 @@
     {
       "type": "WEB",
       "url": "https://support.apple.com/en-us/126353"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-174"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-223m-mhgp-x54c/GHSA-223m-mhgp-x54c.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-223m-mhgp-x54c",
+  "modified": "2026-03-16T15:30:40Z",
+  "published": "2026-03-16T15:30:40Z",
+  "aliases": [
+    "CVE-2015-20119"
+  ],
+  "details": "Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with crafted iframe payloads in the text parameter to store malicious content that executes in the browsers of users viewing the affected pages.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-20119"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/38496"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/realtyscript-stored-cross-site-scripting-via-text-parameter-in-pages-php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.php"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-16T14:17:47Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-22gx-8798-xj77/GHSA-22gx-8798-xj77.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-22gx-8798-xj77",
+  "modified": "2026-03-16T15:30:40Z",
+  "published": "2026-03-16T15:30:40Z",
+  "aliases": [
+    "CVE-2016-20035"
+  ],
+  "details": "Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20035"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/40134"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/wowza-streaming-engine-csrf-via-user-edit-endpoint"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5341.php"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-16T14:17:50Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-258c-cqq8-pmrp/GHSA-258c-cqq8-pmrp.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-258c-cqq8-pmrp",
+  "modified": "2026-03-16T15:30:41Z",
+  "published": "2026-03-16T15:30:41Z",
+  "aliases": [
+    "CVE-2025-15554"
+  ],
+  "details": "Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15554"
+    },
+    {
+      "type": "WEB",
+      "url": "https://labs.reversec.com/advisories/2026/03/admin-passwords-cached-by-browsers-in-truesec-lapswebui"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-525"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-16T14:17:56Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-26fg-fjwm-xwm6/GHSA-26fg-fjwm-xwm6.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-26fg-fjwm-xwm6",
+  "modified": "2026-03-16T15:30:44Z",
+  "published": "2026-03-16T15:30:44Z",
+  "aliases": [
+    "CVE-2026-4167"
+  ],
+  "details": "A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4167"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_152/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_152/README.md#proof-of-concept-poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.351074"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.351074"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.769727"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-16T14:19:56Z"
+  }
+}