Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit a38472af27df · 2026-04-21T00:33:46.000Z
GHSA-f7q5-qg45-7vm8 GHSA-fv5h-vqpf-6fqj GHSA-v8v5-8mm8-3j8p GHSA-qc8j-wvjf-7jfj GHSA-g7c4-wv7q-gcc6 GHSA-2vxx-w4h2-4g8g GHSA-3mhm-cc78-hw48 GHSA-46pm-c965-776x GHSA-4fw6-xxwg-9332 GHSA-6pg9-3wf4-7w8v GHSA-f5w8-q66w-xp9m GHSA-g7f7-cc3w-5g3g GHSA-h2gc-758g-276m GHSA-pvmf-7x77-8q82
diff --git a/advisories/unreviewed/2025/07/GHSA-f7q5-qg45-7vm8/GHSA-f7q5-qg45-7vm8.json b/advisories/unreviewed/2025/07/GHSA-f7q5-qg45-7vm8/GHSA-f7q5-qg45-7vm8.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f7q5-qg45-7vm8",
-  "modified": "2026-04-14T12:31:28Z",
+  "modified": "2026-04-21T00:32:13Z",
   "published": "2025-07-10T09:32:27Z",
   "aliases": [
     "CVE-2025-32989"
@@ -47,6 +47,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22529"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7477"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-32989"
diff --git a/advisories/unreviewed/2025/07/GHSA-fv5h-vqpf-6fqj/GHSA-fv5h-vqpf-6fqj.json b/advisories/unreviewed/2025/07/GHSA-fv5h-vqpf-6fqj/GHSA-fv5h-vqpf-6fqj.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fv5h-vqpf-6fqj",
-  "modified": "2026-03-26T18:31:27Z",
+  "modified": "2026-04-21T00:32:13Z",
   "published": "2025-07-10T09:32:27Z",
   "aliases": [
     "CVE-2025-32988"
@@ -51,6 +51,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22529"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7477"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-32988"
diff --git a/advisories/unreviewed/2025/07/GHSA-v8v5-8mm8-3j8p/GHSA-v8v5-8mm8-3j8p.json b/advisories/unreviewed/2025/07/GHSA-v8v5-8mm8-3j8p/GHSA-v8v5-8mm8-3j8p.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v8v5-8mm8-3j8p",
-  "modified": "2026-04-14T12:31:28Z",
+  "modified": "2026-04-21T00:32:13Z",
   "published": "2025-07-10T12:31:18Z",
   "aliases": [
     "CVE-2025-32990"
@@ -51,6 +51,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22529"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7477"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-32990"
diff --git a/advisories/unreviewed/2025/09/GHSA-qc8j-wvjf-7jfj/GHSA-qc8j-wvjf-7jfj.json b/advisories/unreviewed/2025/09/GHSA-qc8j-wvjf-7jfj/GHSA-qc8j-wvjf-7jfj.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qc8j-wvjf-7jfj",
-  "modified": "2026-02-27T18:31:00Z",
+  "modified": "2026-04-21T00:32:14Z",
   "published": "2025-09-23T18:30:24Z",
   "aliases": [
     "CVE-2025-9900"
@@ -21,7 +21,7 @@
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:21508"
+      "url": "https://access.redhat.com/errata/RHSA-2025:17651"
     },
     {
       "type": "WEB",
@@ -63,6 +63,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:3462"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7504"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-9900"
@@ -91,10 +95,6 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00031.html"
     },
-    {
-      "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:17651"
-    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:17675"
@@ -167,6 +167,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:21507"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21508"
+    },
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2025/09/26/3"
diff --git a/advisories/unreviewed/2026/03/GHSA-g7c4-wv7q-gcc6/GHSA-g7c4-wv7q-gcc6.json b/advisories/unreviewed/2026/03/GHSA-g7c4-wv7q-gcc6/GHSA-g7c4-wv7q-gcc6.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g7c4-wv7q-gcc6",
-  "modified": "2026-03-30T18:31:18Z",
+  "modified": "2026-04-21T00:32:14Z",
   "published": "2026-03-30T18:31:18Z",
   "aliases": [
     "CVE-2026-4046"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046"
     },
+    {
+      "type": "WEB",
+      "url": "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u"
+    },
     {
       "type": "WEB",
       "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980"
diff --git a/advisories/unreviewed/2026/04/GHSA-2vxx-w4h2-4g8g/GHSA-2vxx-w4h2-4g8g.json b/advisories/unreviewed/2026/04/GHSA-2vxx-w4h2-4g8g/GHSA-2vxx-w4h2-4g8g.json
@@ -26,6 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-434",
       "CWE-78"
     ],
     "severity": "CRITICAL",
diff --git a/advisories/unreviewed/2026/04/GHSA-3mhm-cc78-hw48/GHSA-3mhm-cc78-hw48.json b/advisories/unreviewed/2026/04/GHSA-3mhm-cc78-hw48/GHSA-3mhm-cc78-hw48.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3mhm-cc78-hw48",
+  "modified": "2026-04-21T00:32:14Z",
+  "published": "2026-04-21T00:32:14Z",
+  "aliases": [
+    "CVE-2026-5721"
+  ],
+  "details": "The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the prepareCellOutput() method of the LinkWDTColumn, ImageWDTColumn, and EmailWDTColumn classes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, given that they can trick an Administrator into importing data from an attacker-controlled source and the affected column types (Link, Image, or Email) are configured.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5721"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3510613"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8db736fb-cd6c-4a52-9dd3-eefd0a8d9267?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-20T23:16:24Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-46pm-c965-776x/GHSA-46pm-c965-776x.json b/advisories/unreviewed/2026/04/GHSA-46pm-c965-776x/GHSA-46pm-c965-776x.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-46pm-c965-776x",
+  "modified": "2026-04-21T00:32:14Z",
+  "published": "2026-04-21T00:32:14Z",
+  "aliases": [
+    "CVE-2026-0930"
+  ],
+  "details": "Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0930"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/wolfssl/wolfssh/pull/846"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-126"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-20T22:16:23Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-4fw6-xxwg-9332/GHSA-4fw6-xxwg-9332.json b/advisories/unreviewed/2026/04/GHSA-4fw6-xxwg-9332/GHSA-4fw6-xxwg-9332.json
@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4fw6-xxwg-9332",
+  "modified": "2026-04-21T00:32:14Z",
+  "published": "2026-04-21T00:32:14Z",
+  "aliases": [
+    "CVE-2026-22051"
+  ],
+  "details": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not have access to.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22051"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20260420-0001"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-20T22:16:23Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-6pg9-3wf4-7w8v/GHSA-6pg9-3wf4-7w8v.json b/advisories/unreviewed/2026/04/GHSA-6pg9-3wf4-7w8v/GHSA-6pg9-3wf4-7w8v.json
@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6pg9-3wf4-7w8v",
+  "modified": "2026-04-21T00:32:14Z",
+  "published": "2026-04-21T00:32:14Z",
+  "aliases": [
+    "CVE-2026-29643"
+  ],
+  "details": "XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29643"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/OpenXiangShan/XiangShan/issues/3959"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/OpenXiangShan/XiangShan/pull/3966"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.riscv.org/reference/isa/priv/machine.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.riscv.org/reference/isa/priv/priv-csrs.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-20T22:16:23Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-f5w8-q66w-xp9m/GHSA-f5w8-q66w-xp9m.json b/advisories/unreviewed/2026/04/GHSA-f5w8-q66w-xp9m/GHSA-f5w8-q66w-xp9m.json
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f5w8-q66w-xp9m",
-  "modified": "2026-04-01T03:31:40Z",
+  "modified": "2026-04-21T00:32:14Z",
   "published": "2026-04-01T03:31:40Z",
   "aliases": [
     "CVE-2026-4374"
   ],
   "details": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat...",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
diff --git a/advisories/unreviewed/2026/04/GHSA-g7f7-cc3w-5g3g/GHSA-g7f7-cc3w-5g3g.json b/advisories/unreviewed/2026/04/GHSA-g7f7-cc3w-5g3g/GHSA-g7f7-cc3w-5g3g.json
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g7f7-cc3w-5g3g",
-  "modified": "2026-04-02T15:31:40Z",
+  "modified": "2026-04-21T00:32:14Z",
   "published": "2026-04-02T15:31:40Z",
   "aliases": [
     "CVE-2026-2737"
   ],
   "details": "A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
diff --git a/advisories/unreviewed/2026/04/GHSA-h2gc-758g-276m/GHSA-h2gc-758g-276m.json b/advisories/unreviewed/2026/04/GHSA-h2gc-758g-276m/GHSA-h2gc-758g-276m.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h2gc-758g-276m",
+  "modified": "2026-04-21T00:32:14Z",
+  "published": "2026-04-21T00:32:14Z",
+  "aliases": [
+    "CVE-2026-41285"
+  ],
+  "details": "In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an \"nd_opt_len * 8 - 2\" expression with no preceding check for whether nd_opt_len is zero.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41285"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openbsd/src/commit/086c5738bcd3c203bcc08d024fcf983cb409115f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.openbsd.org/errata78.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.rfc-editor.org/rfc/rfc4861#section-4.6"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-21T00:16:29Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-pvmf-7x77-8q82/GHSA-pvmf-7x77-8q82.json b/advisories/unreviewed/2026/04/GHSA-pvmf-7x77-8q82/GHSA-pvmf-7x77-8q82.json
