Publish Advisories

GHSA-j5fg-gwpm-pjw5
GHSA-5r99-pj6c-hg6v
GHSA-5vxp-pqjj-287g
GHSA-239h-g863-fm9x
GHSA-69rr-jvgq-g678
GHSA-7vfw-f3r2-9m2j
GHSA-7w6x-34cj-2vph
GHSA-8q8m-rvgf-6qvc
GHSA-96h6-qp9f-fc25
GHSA-9cfw-4wfr-8gwf
GHSA-fxg7-rh9m-q77p
GHSA-g982-ffmg-jq3g
GHSA-j47q-h9j2-79x8
GHSA-mmr3-c33j-h2f2
GHSA-pq33-qwwq-ggx5
GHSA-prmx-7v35-7q82
GHSA-pwm7-wr54-2jxv
GHSA-q7v7-25qx-fcxf
GHSA-v5jf-vjfx-frfr
GHSA-vc5m-vgvg-698r
GHSA-vvrm-pcwj-56vf
GHSA-whc5-mvj9-gjqw
GHSA-wjf6-53j2-2f8c
GHSA-wph3-c8fm-q2v8

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-j5fg-gwpm-pjw5/GHSA-j5fg-gwpm-pjw5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j5fg-gwpm-pjw5",
-  "modified": "2026-01-11T18:30:28Z",
+  "modified": "2026-04-02T09:30:24Z",
   "published": "2025-12-16T15:30:47Z",
   "aliases": [
     "CVE-2025-68263"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: ipc: fix use-after-free in ipc_msg_send_request\n\nipc_msg_send_request() waits for a generic netlink reply using an\nipc_msg_table_entry on the stack. The generic netlink handler\n(handle_generic_event()/handle_response()) fills entry->response under\nipc_msg_table_lock, but ipc_msg_send_request() used to validate and free\nentry->response without holding the same lock.\n\nUnder high concurrency this allows a race where handle_response() is\ncopying data into entry->response while ipc_msg_send_request() has just\nfreed it, leading to a slab-use-after-free reported by KASAN in\nhandle_generic_event():\n\n  BUG: KASAN: slab-use-after-free in handle_generic_event+0x3c4/0x5f0 [ksmbd]\n  Write of size 12 at addr ffff888198ee6e20 by task pool/109349\n  ...\n  Freed by task:\n    kvfree\n    ipc_msg_send_request [ksmbd]\n    ksmbd_rpc_open -> ksmbd_session_rpc_open [ksmbd]\n\nFix by:\n- Taking ipc_msg_table_lock in ipc_msg_send_request() while validating\n  entry->response, freeing it when invalid, and removing the entry from\n  ipc_msg_table.\n- Returning the final entry->response pointer to the caller only after\n  the hash entry is removed under the lock.\n- Returning NULL in the error path, preserving the original API\n  semantics.\n\nThis makes all accesses to entry->response consistent with\nhandle_response(), which already updates and fills the response buffer\nunder ipc_msg_table_lock, and closes the race that allowed the UAF.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-16T15:15:55Z"

advisories/unreviewed/2026/03/GHSA-5r99-pj6c-hg6v/GHSA-5r99-pj6c-hg6v.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5r99-pj6c-hg6v",
-  "modified": "2026-03-25T12:30:24Z",
+  "modified": "2026-04-02T09:30:24Z",
   "published": "2026-03-25T12:30:24Z",
   "aliases": [
     "CVE-2026-23395"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ\n\nCurrently the code attempts to accept requests regardless of the\ncommand identifier which may cause multiple requests to be marked\nas pending (FLAG_DEFER_SETUP) which can cause more than\nL2CAP_ECRED_MAX_CID(5) to be allocated in l2cap_ecred_rsp_defer\ncausing an overflow.\n\nThe spec is quite clear that the same identifier shall not be used on\nsubsequent requests:\n\n'Within each signaling channel a different Identifier shall be used\nfor each successive request or indication.'\nhttps://www.bluetooth.com/wp-content/uploads/Files/Specification/HTML/Core-62/out/en/host/logical-link-control-and-adaptation-protocol-specification.html#UUID-32a25a06-4aa4-c6c7-77c5-dcfe3682355d\n\nSo this attempts to check if there are any channels pending with the\nsame identifier and rejects if any are found.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-25T11:16:40Z"

advisories/unreviewed/2026/03/GHSA-5vxp-pqjj-287g/GHSA-5vxp-pqjj-287g.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5vxp-pqjj-287g",
-  "modified": "2026-03-25T12:30:21Z",
+  "modified": "2026-04-02T09:30:24Z",
   "published": "2026-03-20T09:32:10Z",
   "aliases": [
     "CVE-2026-23278"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: always walk all pending catchall elements\n\nDuring transaction processing we might have more than one catchall element:\n1 live catchall element and 1 pending element that is coming as part of the\nnew batch.\n\nIf the map holding the catchall elements is also going away, its\nrequired to toggle all catchall elements and not just the first viable\ncandidate.\n\nOtherwise, we get:\n WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404\n RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]\n [..]\n __nft_set_elem_destroy+0x106/0x380 [nf_tables]\n nf_tables_abort_release+0x348/0x8d0 [nf_tables]\n nf_tables_abort+0xcf2/0x3ac0 [nf_tables]\n nfnetlink_rcv_batch+0x9c9/0x20e0 [..]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-20T09:16:13Z"

advisories/unreviewed/2026/04/GHSA-239h-g863-fm9x/GHSA-239h-g863-fm9x.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-239h-g863-fm9x",
+  "modified": "2026-04-02T09:30:25Z",
+  "published": "2026-04-02T09:30:25Z",
+  "aliases": [
+    "CVE-2026-29141"
+  ],
+  "details": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK].",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29141"
+    },
+    {
+      "type": "WEB",
+      "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-02T09:16:22Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-69rr-jvgq-g678/GHSA-69rr-jvgq-g678.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-69rr-jvgq-g678",
+  "modified": "2026-04-02T09:30:25Z",
+  "published": "2026-04-02T09:30:25Z",
+  "aliases": [
+    "CVE-2026-29131"
+  ],
+  "details": "SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29131"
+    },
+    {
+      "type": "WEB",
+      "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-90"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-02T09:16:21Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-7vfw-f3r2-9m2j/GHSA-7vfw-f3r2-9m2j.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7vfw-f3r2-9m2j",
+  "modified": "2026-04-02T09:30:25Z",
+  "published": "2026-04-02T09:30:25Z",
+  "aliases": [
+    "CVE-2026-5244"
+  ],
+  "details": "A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.21 mitigates this issue. The name of the patch is 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5244"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cesanta/mongoose"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cesanta/mongoose/releases/tag/7.21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/770063"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354825"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354825/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-02T08:16:28Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-7w6x-34cj-2vph/GHSA-7w6x-34cj-2vph.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7w6x-34cj-2vph",
+  "modified": "2026-04-02T09:30:25Z",
+  "published": "2026-04-02T09:30:24Z",
+  "aliases": [
+    "CVE-2026-29132"
+  ],
+  "details": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29132"
+    },
+    {
+      "type": "WEB",
+      "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-02T09:16:21Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-8q8m-rvgf-6qvc/GHSA-8q8m-rvgf-6qvc.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8q8m-rvgf-6qvc",
+  "modified": "2026-04-02T09:30:25Z",
+  "published": "2026-04-02T09:30:25Z",
+  "aliases": [
+    "CVE-2026-29139"
+  ],
+  "details": "SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29139"
+    },
+    {
+      "type": "WEB",
+      "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-288"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-02T09:16:22Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-96h6-qp9f-fc25/GHSA-96h6-qp9f-fc25.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-96h6-qp9f-fc25",
+  "modified": "2026-04-02T09:30:25Z",
+  "published": "2026-04-02T09:30:25Z",
+  "aliases": [
+    "CVE-2026-29135"
+  ],
+  "details": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29135"
+    },
+    {
+      "type": "WEB",
+      "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-02T09:16:21Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-9cfw-4wfr-8gwf/GHSA-9cfw-4wfr-8gwf.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9cfw-4wfr-8gwf",
+  "modified": "2026-04-02T09:30:25Z",
+  "published": "2026-04-02T09:30:25Z",
+  "aliases": [
+    "CVE-2026-29136"
+  ],
+  "details": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29136"
+    },
+    {
+      "type": "WEB",
+      "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-02T09:16:21Z"
+  }
+}