Skip to content

Commit ac3c6a9

Browse files
advisory-database[bot]advisory-database[bot]
committed
Advisory Database Sync
1 parent 0e105d7 commit ac3c6a9

49 files changed

Lines changed: 2078 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

advisories/unreviewed/2026/04/GHSA-25rp-52g6-gv8j/GHSA-25rp-52g6-gv8j.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-25rp-52g6-gv8j",
4+
"modified": "2026-04-13T06:30:30Z",
5+
"published": "2026-04-13T06:30:30Z",
6+
"aliases": [
7+
"CVE-2026-34857"
8+
],
9+
"details": "UAF vulnerability in the communication module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34857"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://consumer.huawei.com/en/support/bulletin/2026/4"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/4"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-362"
38+
],
39+
"severity": "MODERATE",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-04-13T05:16:03Z"
43+
}
44+
}

advisories/unreviewed/2026/04/GHSA-3cm3-qfjh-c5x9/GHSA-3cm3-qfjh-c5x9.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3cm3-qfjh-c5x9",
4+
"modified": "2026-04-13T06:30:31Z",
5+
"published": "2026-04-13T06:30:31Z",
6+
"aliases": [
7+
"CVE-2026-6158"
8+
],
9+
"details": "A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6158"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/xyh4ck/iot_poc/tree/main/TOTOLINK/N300RHv4/02_setUpgradeUboot_RCE"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/796426"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/357038"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/357038/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.totolink.net"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-77"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-13T05:16:05Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-3pf2-jjmr-vrv6/GHSA-3pf2-jjmr-vrv6.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3pf2-jjmr-vrv6",
4+
"modified": "2026-04-13T06:30:29Z",
5+
"published": "2026-04-13T06:30:29Z",
6+
"aliases": [
7+
"CVE-2026-34860"
8+
],
9+
"details": "Access control vulnerability in the memo module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34860"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://consumer.huawei.com/en/support/bulletin/2026/4"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-284"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-04-13T04:16:12Z"
39+
}
40+
}

advisories/unreviewed/2026/04/GHSA-488h-84p6-47vr/GHSA-488h-84p6-47vr.json

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-488h-84p6-47vr",
4+
"modified": "2026-04-13T06:30:31Z",
5+
"published": "2026-04-13T06:30:31Z",
6+
"aliases": [
7+
"CVE-2026-21011"
8+
],
9+
"details": "Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21011"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [],
29+
"severity": "MODERATE",
30+
"github_reviewed": false,
31+
"github_reviewed_at": null,
32+
"nvd_published_at": "2026-04-13T06:16:05Z"
33+
}
34+
}

advisories/unreviewed/2026/04/GHSA-492w-gvc9-2cw8/GHSA-492w-gvc9-2cw8.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-492w-gvc9-2cw8",
4+
"modified": "2026-04-13T06:30:30Z",
5+
"published": "2026-04-13T06:30:30Z",
6+
"aliases": [
7+
"CVE-2026-34849"
8+
],
9+
"details": "UAF vulnerability in the screen management module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34849"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://consumer.huawei.com/en/support/bulletin/2026/4"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-362"
30+
],
31+
"severity": "LOW",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-04-13T05:16:03Z"
35+
}
36+
}

advisories/unreviewed/2026/04/GHSA-4cv5-mvfx-4w7p/GHSA-4cv5-mvfx-4w7p.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4cv5-mvfx-4w7p",
4+
"modified": "2026-04-13T06:30:30Z",
5+
"published": "2026-04-13T06:30:30Z",
6+
"aliases": [
7+
"CVE-2026-6153"
8+
],
9+
"details": "A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFF_ID leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6153"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/zheng-lv/CVE-/issues/4"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/796315"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/357033"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/357033/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-13T04:16:13Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-5m5h-8mf7-m28q/GHSA-5m5h-8mf7-m28q.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5m5h-8mf7-m28q",
4+
"modified": "2026-04-13T06:30:30Z",
5+
"published": "2026-04-13T06:30:30Z",
6+
"aliases": [
7+
"CVE-2026-6156"
8+
],
9+
"details": "A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6156"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_197/README.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/793681"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/357036"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/357036/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.totolink.net"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-77"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-13T04:16:15Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-5qqm-hxgj-wv38/GHSA-5qqm-hxgj-wv38.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5qqm-hxgj-wv38",
4+
"modified": "2026-04-13T06:30:31Z",
5+
"published": "2026-04-13T06:30:31Z",
6+
"aliases": [
7+
"CVE-2026-40447"
8+
],
9+
"details": "Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40447"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/Samsung/escargot/pull/1554"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-190"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-04-13T06:16:06Z"
35+
}
36+
}

0 commit comments

Comments
 (0)