Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/05/GHSA-jx2m-wgq5-5qcj/GHSA-jx2m-wgq5-5qcj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jx2m-wgq5-5qcj",
-  "modified": "2025-12-16T12:30:27Z",
+  "modified": "2026-01-14T00:31:23Z",
   "published": "2025-05-30T15:30:31Z",
   "aliases": [
     "CVE-2025-4598"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:23234"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0414"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-4598"

advisories/unreviewed/2025/07/GHSA-3pvj-q7qj-89fg/GHSA-3pvj-q7qj-89fg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3pvj-q7qj-89fg",
-  "modified": "2025-12-18T09:30:24Z",
+  "modified": "2026-01-14T00:31:23Z",
   "published": "2025-07-07T15:30:39Z",
   "aliases": [
     "CVE-2025-5987"
@@ -27,6 +27,22 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:23484"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0427"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0428"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0430"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0431"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-5987"

advisories/unreviewed/2025/11/GHSA-648j-fchv-3hrv/GHSA-648j-fchv-3hrv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-648j-fchv-3hrv",
-  "modified": "2025-11-17T18:30:26Z",
+  "modified": "2026-01-14T00:31:24Z",
   "published": "2025-11-06T18:32:55Z",
   "aliases": [
     "CVE-2025-60188"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60188"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/m4sh-wacker/CVE-2025-60188-Atarim-Plugin-Exploit"
+    },
     {
       "type": "WEB",
       "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plugin-4-2-sensitive-data-exposure-vulnerability-2"

advisories/unreviewed/2025/12/GHSA-6h4f-pj3g-q8fq/GHSA-6h4f-pj3g-q8fq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6h4f-pj3g-q8fq",
-  "modified": "2025-12-06T03:30:15Z",
+  "modified": "2026-01-14T00:31:24Z",
   "published": "2025-12-03T21:31:04Z",
   "aliases": [
     "CVE-2024-3884"
@@ -39,6 +39,18 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:3992"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0383"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0384"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0386"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2024-3884"

advisories/unreviewed/2025/12/GHSA-jc4g-746q-772h/GHSA-jc4g-746q-772h.json

@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-77"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/01/GHSA-2c6v-h7h5-hq25/GHSA-2c6v-h7h5-hq25.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2c6v-h7h5-hq25",
+  "modified": "2026-01-14T00:31:27Z",
+  "published": "2026-01-14T00:31:27Z",
+  "aliases": [
+    "CVE-2022-50894"
+  ],
+  "details": "VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with malicious img_id values to extract database information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50894"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/51033"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.viaviweb.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/viaviweb-wallpaper-admin-sql-injection-via-editgalleryimagephp"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-13T23:15:51Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2jpm-7mpv-5fjm/GHSA-2jpm-7mpv-5fjm.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2jpm-7mpv-5fjm",
+  "modified": "2026-01-14T00:31:28Z",
+  "published": "2026-01-14T00:31:28Z",
+  "aliases": [
+    "CVE-2022-50920"
+  ],
+  "details": "Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50920"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sandboxie-plus.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/50819"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/sandboxie-plus-service-sbiesvc-unquoted-service-path"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-428"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-13T23:15:55Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2mfh-8j73-3rxh/GHSA-2mfh-8j73-3rxh.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2mfh-8j73-3rxh",
+  "modified": "2026-01-14T00:31:28Z",
+  "published": "2026-01-14T00:31:28Z",
+  "aliases": [
+    "CVE-2022-50922"
+  ],
+  "details": "Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can generate a payload that overwrites the application's memory stack, potentially enabling remote code execution through a carefully constructed input buffer.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50922"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/50811"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.litexmedia.com/audio-wizard"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/audio-conversion-wizard-buffer-overflow"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-13T23:15:56Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2x2q-jj8j-27f7/GHSA-2x2q-jj8j-27f7.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x2q-jj8j-27f7",
+  "modified": "2026-01-14T00:31:29Z",
+  "published": "2026-01-14T00:31:28Z",
+  "aliases": [
+    "CVE-2023-53985"
+  ],
+  "details": "Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53985"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/leon-mbs/zstore"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/51207"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/zstore-reflected-cross-site-scripting-xss"
+    },
+    {
+      "type": "WEB",
+      "url": "https://zippy.com.ua"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-13T23:15:59Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-368x-rx64-j3wc/GHSA-368x-rx64-j3wc.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-368x-rx64-j3wc",
+  "modified": "2026-01-14T00:31:29Z",
+  "published": "2026-01-14T00:31:29Z",
+  "aliases": [
+    "CVE-2023-54331"
+  ],
+  "details": "Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54331"
+    },
+    {
+      "type": "WEB",
+      "url": "https://getoutline.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/51128"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/outline-unquoted-service-path"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-428"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-13T23:16:00Z"
+  }
+}