Skip to content

Commit 698cd61

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2vwv-vqpv-v8vc GHSA-c75f-55f6-f63q GHSA-2chg-78hj-c2w2 GHSA-3224-28wc-whrh GHSA-32w9-6rwg-p96w GHSA-337w-xf2q-h5w2 GHSA-46vm-f48w-xhvv GHSA-49hc-46g6-4c47 GHSA-544v-v93w-x43g GHSA-5qr4-57wv-4r2w GHSA-6fpm-qhmq-mwq8 GHSA-7gm3-fv82-7h98 GHSA-8v5m-jghx-mmxr GHSA-9772-r9rh-h65v GHSA-f5h4-jpqg-93m3 GHSA-hq9j-qh3w-qvg3 GHSA-jp7c-75vm-9jwh GHSA-p78m-rc6g-qfwc GHSA-pg76-qgmq-mvpq GHSA-q2rh-xrfv-8x3m GHSA-vr46-pfqh-wpf8 GHSA-vrr8-h7fq-ghr8
1 parent 9ca9084 commit 698cd61

File tree

22 files changed

+953
-2
lines changed

22 files changed

+953
-2
lines changed

advisories/unreviewed/2026/03/GHSA-2vwv-vqpv-v8vc/GHSA-2vwv-vqpv-v8vc.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2vwv-vqpv-v8vc",
4-
"modified": "2026-04-20T06:31:26Z",
4+
"modified": "2026-04-20T09:30:44Z",
55
"published": "2026-03-30T09:31:29Z",
66
"aliases": [
77
"CVE-2026-5121"
@@ -43,6 +43,10 @@
4343
"type": "WEB",
4444
"url": "https://access.redhat.com/errata/RHSA-2026:8864"
4545
},
46+
{
47+
"type": "WEB",
48+
"url": "https://access.redhat.com/errata/RHSA-2026:8866"
49+
},
4650
{
4751
"type": "WEB",
4852
"url": "https://access.redhat.com/errata/RHSA-2026:8867"

advisories/unreviewed/2026/03/GHSA-c75f-55f6-f63q/GHSA-c75f-55f6-f63q.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-c75f-55f6-f63q",
4-
"modified": "2026-04-20T06:31:26Z",
4+
"modified": "2026-04-20T09:30:44Z",
55
"published": "2026-03-19T15:31:21Z",
66
"aliases": [
77
"CVE-2026-4424"
@@ -51,6 +51,10 @@
5151
"type": "WEB",
5252
"url": "https://access.redhat.com/errata/RHSA-2026:8865"
5353
},
54+
{
55+
"type": "WEB",
56+
"url": "https://access.redhat.com/errata/RHSA-2026:8866"
57+
},
5458
{
5559
"type": "WEB",
5660
"url": "https://access.redhat.com/errata/RHSA-2026:8867"

advisories/unreviewed/2026/04/GHSA-2chg-78hj-c2w2/GHSA-2chg-78hj-c2w2.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2chg-78hj-c2w2",
4+
"modified": "2026-04-20T09:30:45Z",
5+
"published": "2026-04-20T09:30:45Z",
6+
"aliases": [
7+
"CVE-2026-6614"
8+
],
9+
"details": "A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6614"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://gist.github.com/YLChen-007/ac40da2253c7364d043c0dfe3275190b"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/791082"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/358249"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/358249/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-285"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-20T07:16:16Z"
51+
}
52+
}

advisories/unreviewed/2026/04/GHSA-3224-28wc-whrh/GHSA-3224-28wc-whrh.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3224-28wc-whrh",
4+
"modified": "2026-04-20T09:30:45Z",
5+
"published": "2026-04-20T09:30:45Z",
6+
"aliases": [
7+
"CVE-2026-39454"
8+
],
9+
"details": "SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39454"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://jvn.jp/en/jp/JVN63376363"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.skyseaclientview.net/news/260420_01"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-276"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-04-20T09:16:08Z"
43+
}
44+
}

advisories/unreviewed/2026/04/GHSA-32w9-6rwg-p96w/GHSA-32w9-6rwg-p96w.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-32w9-6rwg-p96w",
4+
"modified": "2026-04-20T09:30:45Z",
5+
"published": "2026-04-20T09:30:45Z",
6+
"aliases": [
7+
"CVE-2026-6644"
8+
],
9+
"details": "A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied input before it is passed to a system shell. Successful exploitation allows an attacker to achieve Remote Code Execution (RCE) and fully compromise the system.\nAffected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6644"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://https://www.asustor.com/security/security_advisory_detail?id=55"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-78"
30+
],
31+
"severity": "CRITICAL",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-04-20T07:16:16Z"
35+
}
36+
}

advisories/unreviewed/2026/04/GHSA-337w-xf2q-h5w2/GHSA-337w-xf2q-h5w2.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-337w-xf2q-h5w2",
4+
"modified": "2026-04-20T09:30:45Z",
5+
"published": "2026-04-20T09:30:45Z",
6+
"aliases": [
7+
"CVE-2026-6618"
8+
],
9+
"details": "A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6618"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://gist.github.com/chenhouser2025/d7b1c574b0e32eb9169f7046b486e662"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/792241"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/358253"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/358253/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-918"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-20T09:16:09Z"
51+
}
52+
}

advisories/unreviewed/2026/04/GHSA-46vm-f48w-xhvv/GHSA-46vm-f48w-xhvv.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-46vm-f48w-xhvv",
4+
"modified": "2026-04-20T09:30:45Z",
5+
"published": "2026-04-20T09:30:44Z",
6+
"aliases": [
7+
"CVE-2026-6643"
8+
],
9+
"details": "A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. \nAffected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6643"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.asustor.com/security/security_advisory_detail?id=54"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-121"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-04-20T07:16:16Z"
35+
}
36+
}

advisories/unreviewed/2026/04/GHSA-49hc-46g6-4c47/GHSA-49hc-46g6-4c47.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-49hc-46g6-4c47",
4+
"modified": "2026-04-20T09:30:45Z",
5+
"published": "2026-04-20T09:30:45Z",
6+
"aliases": [
7+
"CVE-2026-5967"
8+
],
9+
"details": "ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5967"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.twcert.org.tw/en/cp-139-10855-e6d1b-2.html"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.twcert.org.tw/tw/cp-132-10854-03015-1.html"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-78"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-04-20T09:16:09Z"
43+
}
44+
}

advisories/unreviewed/2026/04/GHSA-544v-v93w-x43g/GHSA-544v-v93w-x43g.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-544v-v93w-x43g",
4+
"modified": "2026-04-20T09:30:45Z",
5+
"published": "2026-04-20T09:30:45Z",
6+
"aliases": [
7+
"CVE-2026-5966"
8+
],
9+
"details": "ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5966"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-23"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-04-20T08:16:11Z"
43+
}
44+
}

0 commit comments

Comments
 (0)