Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 89a1ac080c7e · 2026-04-19T12:33:09.000Z
GHSA-9782-qgv6-6p8g GHSA-jfxq-p7rj-52hh GHSA-p2wp-hfcj-f5jm GHSA-rgfh-mp7v-25f9 GHSA-vqmj-h423-xx64
diff --git a/advisories/unreviewed/2026/04/GHSA-9782-qgv6-6p8g/GHSA-9782-qgv6-6p8g.json b/advisories/unreviewed/2026/04/GHSA-9782-qgv6-6p8g/GHSA-9782-qgv6-6p8g.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9782-qgv6-6p8g",
+  "modified": "2026-04-19T12:31:16Z",
+  "published": "2026-04-19T12:31:16Z",
+  "aliases": [
+    "CVE-2026-6569"
+  ],
+  "details": "A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6569"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/789982"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358203"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358203/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vulnplus-note.wetolink.com/share/wgfZR6kXRApl"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-19T11:16:14Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-jfxq-p7rj-52hh/GHSA-jfxq-p7rj-52hh.json b/advisories/unreviewed/2026/04/GHSA-jfxq-p7rj-52hh/GHSA-jfxq-p7rj-52hh.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jfxq-p7rj-52hh",
+  "modified": "2026-04-19T12:31:16Z",
+  "published": "2026-04-19T12:31:16Z",
+  "aliases": [
+    "CVE-2026-6570"
+  ],
+  "details": "A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6570"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/789983"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358204"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358204/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vulnplus-note.wetolink.com/share/byd7AQVs42VY"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-19T12:16:32Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-p2wp-hfcj-f5jm/GHSA-p2wp-hfcj-f5jm.json b/advisories/unreviewed/2026/04/GHSA-p2wp-hfcj-f5jm/GHSA-p2wp-hfcj-f5jm.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p2wp-hfcj-f5jm",
+  "modified": "2026-04-19T12:31:16Z",
+  "published": "2026-04-19T12:31:16Z",
+  "aliases": [
+    "CVE-2026-6571"
+  ],
+  "details": "A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6571"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/789987"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358205"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358205/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vulnplus-note.wetolink.com/share/atu3UbqnfAgs"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-19T12:16:33Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-rgfh-mp7v-25f9/GHSA-rgfh-mp7v-25f9.json b/advisories/unreviewed/2026/04/GHSA-rgfh-mp7v-25f9/GHSA-rgfh-mp7v-25f9.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rgfh-mp7v-25f9",
+  "modified": "2026-04-19T12:31:15Z",
+  "published": "2026-04-19T12:31:15Z",
+  "aliases": [
+    "CVE-2026-6568"
+  ],
+  "details": "A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6568"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/789981"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358202"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358202/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vulnplus-note.wetolink.com/share/JyHBnRUaoOY2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-19T10:16:09Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-vqmj-h423-xx64/GHSA-vqmj-h423-xx64.json b/advisories/unreviewed/2026/04/GHSA-vqmj-h423-xx64/GHSA-vqmj-h423-xx64.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vqmj-h423-xx64",
+  "modified": "2026-04-19T12:31:15Z",
+  "published": "2026-04-19T12:31:15Z",
+  "aliases": [
+    "CVE-2026-6564"
+  ],
+  "details": "A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6564"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cailiujia/CVE"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/789924"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358201"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358201/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-19T10:16:08Z"
+  }
+}
