Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit bc4fc9c5bd0b · 2026-04-18T00:32:53.000Z
GHSA-4vrr-6f8v-98rf GHSA-g6w9-q39q-63xh GHSA-hjc3-w98v-9hcr GHSA-q4xv-xmjx-4h94 GHSA-wf4x-ph29-qhpx
diff --git a/advisories/unreviewed/2026/04/GHSA-4vrr-6f8v-98rf/GHSA-4vrr-6f8v-98rf.json b/advisories/unreviewed/2026/04/GHSA-4vrr-6f8v-98rf/GHSA-4vrr-6f8v-98rf.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4vrr-6f8v-98rf",
+  "modified": "2026-04-18T00:31:03Z",
+  "published": "2026-04-18T00:31:03Z",
+  "aliases": [
+    "CVE-2026-29013"
+  ],
+  "details": "libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29013"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/obgm/libcoap/commit/b7847c4dbb0dbee7c90b09a673d4cae256f03718"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/libcoap-out-of-bounds-read-in-oscore-cbor-unwrap-handling"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T22:16:31Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-g6w9-q39q-63xh/GHSA-g6w9-q39q-63xh.json b/advisories/unreviewed/2026/04/GHSA-g6w9-q39q-63xh/GHSA-g6w9-q39q-63xh.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g6w9-q39q-63xh",
+  "modified": "2026-04-18T00:31:04Z",
+  "published": "2026-04-18T00:31:04Z",
+  "aliases": [
+    "CVE-2026-2262"
+  ],
+  "details": "The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API endpoint. This is due to the endpoint being registered with `'permission_callback' => '__return_true'`, which allows access without any authentication or authorization checks. This makes it possible for unauthenticated attackers to extract sensitive customer appointment data including full names, email addresses, phone numbers, IP addresses, appointment descriptions, and pricing information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2262"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.php#L141"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.php#L190"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/easy-appointments/trunk/ea-blocks/ea-blocks.php#L190"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3485692/easy-appointments/trunk/ea-blocks/ea-blocks.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Feasy-appointments/tags/3.12.21&new_path=%2Feasy-appointments/tags/3.12.22"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e681aa8e-522e-4092-aa1f-8ada3097c8d6?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-18T00:16:36Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-hjc3-w98v-9hcr/GHSA-hjc3-w98v-9hcr.json b/advisories/unreviewed/2026/04/GHSA-hjc3-w98v-9hcr/GHSA-hjc3-w98v-9hcr.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hjc3-w98v-9hcr",
+  "modified": "2026-04-18T00:31:04Z",
+  "published": "2026-04-18T00:31:04Z",
+  "aliases": [
+    "CVE-2026-2434"
+  ],
+  "details": "The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2434"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/pz-linkcard/tags/2.5.8/pz-linkcard.php#L442"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/pz-linkcard/tags/2.5.8/pz-linkcard.php#L636"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/pz-linkcard/trunk/pz-linkcard.php#L636"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/687ffac2-1f07-4adb-ba12-5f2ea357ea7e?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T23:16:12Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-q4xv-xmjx-4h94/GHSA-q4xv-xmjx-4h94.json b/advisories/unreviewed/2026/04/GHSA-q4xv-xmjx-4h94/GHSA-q4xv-xmjx-4h94.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q4xv-xmjx-4h94",
+  "modified": "2026-04-18T00:31:04Z",
+  "published": "2026-04-18T00:31:04Z",
+  "aliases": [
+    "CVE-2026-5720"
+  ],
+  "details": "miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5720"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/miniupnp/miniupnp/commit/a0ee71e9fa66b60052bb3d2cf84380b79db3f8c8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/miniupnp/miniupnp"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/miniupnpd-integer-underflow-soapaction-header-parsing"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T22:16:33Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-wf4x-ph29-qhpx/GHSA-wf4x-ph29-qhpx.json b/advisories/unreviewed/2026/04/GHSA-wf4x-ph29-qhpx/GHSA-wf4x-ph29-qhpx.json
@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wf4x-ph29-qhpx",
+  "modified": "2026-04-18T00:31:04Z",
+  "published": "2026-04-18T00:31:04Z",
+  "aliases": [
+    "CVE-2026-5250"
+  ],
+  "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5250"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T23:16:12Z"
+  }
+}
