Publish Advisories

GHSA-3mmw-7c3p-rqxx
GHSA-3r4x-4pr5-j666
GHSA-3xr8-r75g-g9c6
GHSA-42q7-q9v4-qq54
GHSA-47qf-hp3h-rwmm
GHSA-4phw-6824-6cfp
GHSA-52vj-fvrv-7q82
GHSA-5pcm-449r-xrg6
GHSA-5v5f-c63q-mm7g
GHSA-7796-2cv5-g5f4
GHSA-9jxj-33wq-5v9p
GHSA-9qgc-pcpx-g38q
GHSA-9qjr-82wx-8hcx
GHSA-ch75-q946-9j9r
GHSA-grqc-3vmg-p68x
GHSA-h6p7-635q-vpx7
GHSA-h7vm-f9h4-hh64
GHSA-hg75-4cmp-f367
GHSA-m77r-vqw2-hffx
GHSA-wqhq-hx3v-9xwh
GHSA-x6gx-rmhg-wc3f

Author: advisory-database[bot]

advisories/unreviewed/2026/04/GHSA-3mmw-7c3p-rqxx/GHSA-3mmw-7c3p-rqxx.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3mmw-7c3p-rqxx",
+  "modified": "2026-04-10T06:31:38Z",
+  "published": "2026-04-10T06:31:38Z",
+  "aliases": [
+    "CVE-2026-6013"
+  ],
+  "details": "A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6013"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-513-formSetRoute-33153a41781f80f7aed1d3614c199d85?source=copy_link"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/791859"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356569"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356569/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-10T05:16:07Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3r4x-4pr5-j666/GHSA-3r4x-4pr5-j666.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3r4x-4pr5-j666",
+  "modified": "2026-04-10T06:31:38Z",
+  "published": "2026-04-10T06:31:38Z",
+  "aliases": [
+    "CVE-2026-4482"
+  ],
+  "details": "The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4482"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-732"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-10T05:16:04Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3xr8-r75g-g9c6/GHSA-3xr8-r75g-g9c6.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3xr8-r75g-g9c6",
+  "modified": "2026-04-10T06:31:38Z",
+  "published": "2026-04-10T06:31:37Z",
+  "aliases": [
+    "CVE-2026-5479"
+  ],
+  "details": "In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5479"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/wolfSSL/wolfssl/pull/10102"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-354"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-10T04:17:16Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-42q7-q9v4-qq54/GHSA-42q7-q9v4-qq54.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-42q7-q9v4-qq54",
+  "modified": "2026-04-10T06:31:38Z",
+  "published": "2026-04-10T06:31:38Z",
+  "aliases": [
+    "CVE-2026-6010"
+  ],
+  "details": "A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6010"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xue-p123/vuldb-research/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://codeastro.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/794658"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356566"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356566/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-10T04:17:25Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-47qf-hp3h-rwmm/GHSA-47qf-hp3h-rwmm.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-47qf-hp3h-rwmm",
+  "modified": "2026-04-10T06:31:37Z",
+  "published": "2026-04-10T06:31:37Z",
+  "aliases": [
+    "CVE-2026-5466"
+  ],
+  "details": "wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5466"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/wolfssl/wolfssl/pull/10102"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-347"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-10T04:17:16Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-4phw-6824-6cfp/GHSA-4phw-6824-6cfp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4phw-6824-6cfp",
-  "modified": "2026-04-10T03:31:10Z",
+  "modified": "2026-04-10T06:31:37Z",
   "published": "2026-04-10T03:31:10Z",
   "aliases": [
     "CVE-2026-33551"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://security.openstack.org/ossa/OSSA-2026-005.html"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/04/07/12"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/04/GHSA-52vj-fvrv-7q82/GHSA-52vj-fvrv-7q82.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-52vj-fvrv-7q82",
+  "modified": "2026-04-10T06:31:38Z",
+  "published": "2026-04-10T06:31:38Z",
+  "aliases": [
+    "CVE-2026-6011"
+  ],
+  "details": "A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2026.1.29 can resolve this issue. This patch is called b623557a2ec7e271bda003eb3ac33fbb2e218505. Upgrading the affected component is advised.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6011"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/b623557a2ec7e271bda003eb3ac33fbb2e218505#diff-06572a96a58dc510037d5efa622f9bec8519bc1beab13c9f251e97e657a9d4edR44"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.1.29"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/zast-ai/vulnerability-reports/blob/main/openclaw/ssrf.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/795224"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356567"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356567/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-10T05:16:06Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-5pcm-449r-xrg6/GHSA-5pcm-449r-xrg6.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5pcm-449r-xrg6",
+  "modified": "2026-04-10T06:31:38Z",
+  "published": "2026-04-10T06:31:37Z",
+  "aliases": [
+    "CVE-2026-2305"
+  ],
+  "details": "The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_code`, `aFhfc_body_code`, and `aFhfc_footer_code` post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta values without any sanitization or escaping. While the plugin restricts its own metabox and save handler to administrators via `current_user_can('manage_options')`, it does not use `register_meta()` with an `auth_callback` to protect these meta keys. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts via the WordPress Custom Fields interface that execute when an administrator previews or views the post.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2305"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/tags/2.3/addfunc-head-footer-code.php#L63"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/tags/2.3/addfunc-head-footer-code.php#L74"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/tags/2.3/addfunc-head-footer-code.php#L85"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/trunk/addfunc-head-footer-code.php#L63"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/trunk/addfunc-head-footer-code.php#L74"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/addfunc-head-footer-code/trunk/addfunc-head-footer-code.php#L85"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Faddfunc-head-footer-code/tags/2.3&new_path=%2Faddfunc-head-footer-code/tags/2.4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2d1a67-1d9b-4b73-988e-085eaa7474c6?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-10T04:16:59Z"
+  }
+}