Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/09/GHSA-323x-vj5p-jwh3/GHSA-323x-vj5p-jwh3.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-323x-vj5p-jwh3",
-  "modified": "2025-11-03T18:31:37Z",
+  "modified": "2026-01-27T00:31:09Z",
   "published": "2025-09-05T18:31:16Z",
   "aliases": [
     "CVE-2025-38697"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: upper bound check of tree index in dbAllocAG\n\nWhen computing the tree index in dbAllocAG, we never check if we are\nout of bounds realative to the size of the stree.\nThis could happen in a scenario where the filesystem metadata are\ncorrupted.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -60,8 +65,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-129"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-04T16:15:38Z"

advisories/unreviewed/2025/09/GHSA-f2mf-895w-7mvj/GHSA-f2mf-895w-7mvj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f2mf-895w-7mvj",
-  "modified": "2025-11-03T18:31:38Z",
+  "modified": "2026-01-27T00:31:09Z",
   "published": "2025-09-05T18:31:16Z",
   "aliases": [
     "CVE-2025-38698"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Regular file corruption check\n\nThe reproducer builds a corrupted file on disk with a negative i_size value.\nAdd a check when opening this file to avoid subsequent operation failures.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -61,7 +66,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-04T16:15:38Z"

advisories/unreviewed/2026/01/GHSA-274q-qxhh-9h7p/GHSA-274q-qxhh-9h7p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-274q-qxhh-9h7p",
-  "modified": "2026-01-23T15:31:35Z",
+  "modified": "2026-01-27T00:31:13Z",
   "published": "2026-01-23T15:31:35Z",
   "aliases": [
     "CVE-2026-24529"
   ],
   "details": "Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-23T15:16:08Z"

advisories/unreviewed/2026/01/GHSA-343j-9r8x-295r/GHSA-343j-9r8x-295r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-343j-9r8x-295r",
-  "modified": "2026-01-23T15:31:35Z",
+  "modified": "2026-01-27T00:31:13Z",
   "published": "2026-01-23T15:31:35Z",
   "aliases": [
     "CVE-2026-24532"
   ],
   "details": "Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through <= 5.0.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-23T15:16:09Z"

advisories/unreviewed/2026/01/GHSA-346m-7r2c-vvh9/GHSA-346m-7r2c-vvh9.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-346m-7r2c-vvh9",
+  "modified": "2026-01-27T00:31:14Z",
+  "published": "2026-01-27T00:31:14Z",
+  "aliases": [
+    "CVE-2026-1448"
+  ],
+  "details": "A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1448"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pentagonal-time-3a7.notion.site/DIR-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35933396?pvs=73"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.342880"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.342880"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.737006"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T00:15:50Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-39xv-mjc6-x593/GHSA-39xv-mjc6-x593.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-39xv-mjc6-x593",
-  "modified": "2026-01-22T18:30:32Z",
+  "modified": "2026-01-27T00:31:10Z",
   "published": "2026-01-22T18:30:32Z",
   "aliases": [
     "CVE-2025-53240"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through <= 1.1.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:15:57Z"

advisories/unreviewed/2026/01/GHSA-3qcj-r6mr-vw7f/GHSA-3qcj-r6mr-vw7f.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3qcj-r6mr-vw7f",
-  "modified": "2026-01-22T18:30:32Z",
+  "modified": "2026-01-27T00:31:10Z",
   "published": "2026-01-22T18:30:32Z",
   "aliases": [
     "CVE-2025-50005"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:15:57Z"

advisories/unreviewed/2026/01/GHSA-3r7q-4x75-jgjm/GHSA-3r7q-4x75-jgjm.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3r7q-4x75-jgjm",
+  "modified": "2026-01-27T00:31:14Z",
+  "published": "2026-01-27T00:31:14Z",
+  "aliases": [
+    "CVE-2026-1449"
+  ],
+  "details": "A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1449"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/master-abc/cve/issues/15"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.342881"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.342881"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.737032"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T00:15:50Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-466m-cgr3-wmg5/GHSA-466m-cgr3-wmg5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-466m-cgr3-wmg5",
-  "modified": "2026-01-22T18:30:39Z",
+  "modified": "2026-01-27T00:31:12Z",
   "published": "2026-01-22T18:30:39Z",
   "aliases": [
     "CVE-2025-69191"
   ],
   "details": "Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:16:26Z"

advisories/unreviewed/2026/01/GHSA-46f2-jw97-m9p4/GHSA-46f2-jw97-m9p4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-46f2-jw97-m9p4",
-  "modified": "2026-01-22T18:30:33Z",
+  "modified": "2026-01-27T00:31:11Z",
   "published": "2026-01-22T18:30:33Z",
   "aliases": [
     "CVE-2025-63026"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant Theme Elements for Elementor grandrestaurant-elementor allows Stored XSS.This issue affects Grand Restaurant Theme Elements for Elementor: from n/a through <= 2.1.1.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:15:59Z"