Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 9f672c51155b · 2026-01-12T09:32:28.000Z
GHSA-wc34-p4fh-wr9q GHSA-7687-3v4j-49fr GHSA-pgqp-8h46-6x4j GHSA-vfvj-3wmg-p6fj
diff --git a/advisories/unreviewed/2025/07/GHSA-wc34-p4fh-wr9q/GHSA-wc34-p4fh-wr9q.json b/advisories/unreviewed/2025/07/GHSA-wc34-p4fh-wr9q/GHSA-wc34-p4fh-wr9q.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wc34-p4fh-wr9q",
-  "modified": "2025-07-31T21:31:54Z",
+  "modified": "2026-01-12T09:30:30Z",
   "published": "2025-07-31T21:31:54Z",
   "aliases": [
     "CVE-2025-50572"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/shorooq-hummdi/Archer-csv-injection-command-exec/blob/main/README.md"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.archerirm.community/s/blogs/formula-injection-into-csv-files-vulnerability-in-rsa-archer-6-1-x-and-higher-MCOCQFO3WCQBCCHMKNC74JGSFWQY"
+    },
     {
       "type": "WEB",
       "url": "http://archer.com"
diff --git a/advisories/unreviewed/2026/01/GHSA-7687-3v4j-49fr/GHSA-7687-3v4j-49fr.json b/advisories/unreviewed/2026/01/GHSA-7687-3v4j-49fr/GHSA-7687-3v4j-49fr.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7687-3v4j-49fr",
-  "modified": "2026-01-07T21:31:56Z",
+  "modified": "2026-01-12T09:30:30Z",
   "published": "2026-01-07T21:31:56Z",
   "aliases": [
     "CVE-2026-22184"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22184"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/madler/zlib/issues/1142"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/madler/zlib"
diff --git a/advisories/unreviewed/2026/01/GHSA-pgqp-8h46-6x4j/GHSA-pgqp-8h46-6x4j.json b/advisories/unreviewed/2026/01/GHSA-pgqp-8h46-6x4j/GHSA-pgqp-8h46-6x4j.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pgqp-8h46-6x4j",
+  "modified": "2026-01-12T09:30:31Z",
+  "published": "2026-01-12T09:30:31Z",
+  "aliases": [
+    "CVE-2025-14279"
+  ],
+  "details": "MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14279"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mlflow/mlflow/commit/b0ffd289e9b0d0cc32c9e3a9b9f3843ae83dbec3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/ef478f72-2e4f-44dc-8055-fc06bef03108"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-346"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T09:15:50Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-vfvj-3wmg-p6fj/GHSA-vfvj-3wmg-p6fj.json b/advisories/unreviewed/2026/01/GHSA-vfvj-3wmg-p6fj/GHSA-vfvj-3wmg-p6fj.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vfvj-3wmg-p6fj",
+  "modified": "2026-01-12T09:30:31Z",
+  "published": "2026-01-12T09:30:31Z",
+  "aliases": [
+    "CVE-2026-0855"
+  ],
+  "details": "Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0855"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/en/cp-139-10626-afbe2-2.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/tw/cp-132-10625-fac5c-1.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T07:16:19Z"
+  }
+}
