Skip to content

Commit 4683c6b

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-23jg-5f8m-gw8c GHSA-5867-gg4p-qv55 GHSA-f2v5-9f28-pgfv GHSA-hffx-627q-p234 GHSA-jmxv-3q5p-jmjr GHSA-m93m-f699-cf7f GHSA-p8pw-x7gr-x9m4 GHSA-qqc5-ghm2-429m GHSA-r94v-5xq4-h7ph GHSA-vm3q-w7cc-43ff GHSA-xcqp-9wgc-xxhj
1 parent 639f0f1 commit 4683c6b

File tree

11 files changed

+604
-0
lines changed

11 files changed

+604
-0
lines changed

advisories/unreviewed/2026/04/GHSA-23jg-5f8m-gw8c/GHSA-23jg-5f8m-gw8c.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-23jg-5f8m-gw8c",
4+
"modified": "2026-04-05T12:30:25Z",
5+
"published": "2026-04-05T12:30:25Z",
6+
"aliases": [
7+
"CVE-2026-5559"
8+
],
9+
"details": "A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5559"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/AntaresMugisho/PyBlade/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/AntaresMugisho/PyBlade/issues/1#issue-4086730906"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/AntaresMugisho/PyBlade"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/submit/782904"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/355329"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/vuln/355329/cti"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-791"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-04-05T11:16:55Z"
59+
}
60+
}

advisories/unreviewed/2026/04/GHSA-5867-gg4p-qv55/GHSA-5867-gg4p-qv55.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5867-gg4p-qv55",
4+
"modified": "2026-04-05T12:30:25Z",
5+
"published": "2026-04-05T12:30:25Z",
6+
"aliases": [
7+
"CVE-2026-5564"
8+
],
9+
"details": "A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. This manipulation of the argument searchServiceId causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5564"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Kazamikazu/Ksec/issues/2"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/782976"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355334"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/355334/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-05T12:16:18Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-f2v5-9f28-pgfv/GHSA-f2v5-9f28-pgfv.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-f2v5-9f28-pgfv",
4+
"modified": "2026-04-05T12:30:24Z",
5+
"published": "2026-04-05T12:30:24Z",
6+
"aliases": [
7+
"CVE-2026-5555"
8+
],
9+
"details": "A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Parameter Handler. Executing a manipulation of the argument Email can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5555"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Wzl731/test/issues/5"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/782875"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355325"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/355325/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-05T10:16:19Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-hffx-627q-p234/GHSA-hffx-627q-p234.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hffx-627q-p234",
4+
"modified": "2026-04-05T12:30:25Z",
5+
"published": "2026-04-05T12:30:25Z",
6+
"aliases": [
7+
"CVE-2026-5561"
8+
],
9+
"details": "A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5561"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/whatyourname12345/CVE/blob/main/POS/cve.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/782934"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/355331"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355331/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.campcodes.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-05T11:16:56Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-jmxv-3q5p-jmjr/GHSA-jmxv-3q5p-jmjr.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jmxv-3q5p-jmjr",
4+
"modified": "2026-04-05T12:30:24Z",
5+
"published": "2026-04-05T12:30:24Z",
6+
"aliases": [
7+
"CVE-2026-5556"
8+
],
9+
"details": "A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5556"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/August829/CVEP/issues/27"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/782876"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/355326"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355326/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-74"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-05T10:16:19Z"
51+
}
52+
}

advisories/unreviewed/2026/04/GHSA-m93m-f699-cf7f/GHSA-m93m-f699-cf7f.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-m93m-f699-cf7f",
4+
"modified": "2026-04-05T12:30:24Z",
5+
"published": "2026-04-05T12:30:24Z",
6+
"aliases": [
7+
"CVE-2026-5554"
8+
],
9+
"details": "A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/process_search.php of the component Parameter Handler. Performing a manipulation of the argument searching results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5554"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Wzl731/test/issues/4"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/782874"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/355324"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/355324/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-05T10:16:18Z"
55+
}
56+
}

0 commit comments

Comments
 (0)