Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/04/GHSA-2gxf-3x35-2g93/GHSA-2gxf-3x35-2g93.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2gxf-3x35-2g93",
+  "modified": "2026-04-04T15:30:21Z",
+  "published": "2026-04-04T15:30:21Z",
+  "aliases": [
+    "CVE-2018-25253"
+  ],
+  "details": "Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25253"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.compuphase.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.compuphase.com/software_termite.htm"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/45453"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/termite-denial-of-service-via-settings-buffer-overflow"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-04T14:16:21Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2r3p-9jrg-pvg9/GHSA-2r3p-9jrg-pvg9.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2r3p-9jrg-pvg9",
+  "modified": "2026-04-04T15:30:20Z",
+  "published": "2026-04-04T15:30:20Z",
+  "aliases": [
+    "CVE-2016-20053"
+  ],
+  "details": "Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20053"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/40708"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/redaxo-cms-cross-site-request-forgery-via-users-endpoint"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-04T14:16:17Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2x95-qpv9-c883/GHSA-2x95-qpv9-c883.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x95-qpv9-c883",
+  "modified": "2026-04-04T15:30:20Z",
+  "published": "2026-04-04T15:30:20Z",
+  "aliases": [
+    "CVE-2018-25241"
+  ],
+  "details": "Microsoft VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of characters into the search bar to trigger an unhandled exception that terminates the application.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25241"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46198"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.microsoft.com/store/productId/9NFFFFS5Z2C7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/microsoft-vpn-browser-denial-of-service"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-04T14:16:19Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-37ww-cvhx-x8p9/GHSA-37ww-cvhx-x8p9.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-37ww-cvhx-x8p9",
+  "modified": "2026-04-04T15:30:20Z",
+  "published": "2026-04-04T15:30:20Z",
+  "aliases": [
+    "CVE-2018-25240"
+  ],
+  "details": "Microsoft Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25240"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46194"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.microsoft.com/store/productId/9PN12GNX62VZ"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/microsoft-watchr-denial-of-service-via-search"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1260"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-04T14:16:19Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3c69-45qx-vjjh/GHSA-3c69-45qx-vjjh.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3c69-45qx-vjjh",
+  "modified": "2026-04-04T15:30:19Z",
+  "published": "2026-04-04T15:30:19Z",
+  "aliases": [
+    "CVE-2016-20050"
+  ],
+  "details": "NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the Hostname/IP field to trigger a denial of service condition.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20050"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/39242"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/netschedscan-buffer-overflow-denial-of-service"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-04T14:16:16Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3mg4-q3v6-5gmc/GHSA-3mg4-q3v6-5gmc.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3mg4-q3v6-5gmc",
+  "modified": "2026-04-04T15:30:20Z",
+  "published": "2026-04-04T15:30:20Z",
+  "aliases": [
+    "CVE-2016-20056"
+  ],
+  "details": "Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20056"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/40550"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/spy-emergency-build-unquoted-service-path-privilege-escalation"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.spy-emergency.com"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.spy-emergency.com/download/download.php?id=1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-428"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-04T14:16:18Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-45r5-r733-p24j/GHSA-45r5-r733-p24j.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-45r5-r733-p24j",
+  "modified": "2026-04-04T15:30:21Z",
+  "published": "2026-04-04T15:30:21Z",
+  "aliases": [
+    "CVE-2018-25255"
+  ],
+  "details": "10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25255"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.10-strike.com/lanstate/download.shtml"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.10-strike.com/products.shtml"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/45086"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/10-strike-lanstate-local-buffer-overflow-seh"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-04T14:16:21Z"
+  }
+}