Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-3c2p-6j48-gmm4/GHSA-3c2p-6j48-gmm4.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3c2p-6j48-gmm4",
-  "modified": "2026-03-31T18:31:31Z",
+  "modified": "2026-04-06T18:33:01Z",
   "published": "2026-03-31T18:31:31Z",
   "aliases": [
     "CVE-2026-22561"
   ],
   "details": "Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling arbitrary code execution if a malicious DLL is planted alongside the installer.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
@@ -25,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-427"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/03/GHSA-mgj5-c563-6f76/GHSA-mgj5-c563-6f76.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-94"
+    ],
     "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/03/GHSA-pgf5-gw7r-wxg7/GHSA-pgf5-gw7r-wxg7.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-918"
+    ],
     "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/04/GHSA-2386-h756-fq9w/GHSA-2386-h756-fq9w.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2386-h756-fq9w",
+  "modified": "2026-04-06T18:33:09Z",
+  "published": "2026-04-06T18:33:09Z",
+  "aliases": [
+    "CVE-2026-5669"
+  ],
+  "details": "A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5669"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Cyber-III/Student-Management-System/issues/240"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Cyber-III/Student-Management-System"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/785942"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355491"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355491/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T17:17:15Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2986-hg3w-pgmr/GHSA-2986-hg3w-pgmr.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2986-hg3w-pgmr",
+  "modified": "2026-04-06T18:33:05Z",
+  "published": "2026-04-06T18:33:05Z",
+  "aliases": [
+    "CVE-2025-47392"
+  ],
+  "details": "Memory corruption when decoding corrupted satellite data files with invalid signature offsets.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47392"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-190"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T16:16:28Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2x66-2279-rwjv/GHSA-2x66-2279-rwjv.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x66-2279-rwjv",
+  "modified": "2026-04-06T18:33:09Z",
+  "published": "2026-04-06T18:33:09Z",
+  "aliases": [
+    "CVE-2026-5670"
+  ],
+  "details": "A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move_uploaded_file of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5670"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Cyber-III/Student-Management-System/issues/241"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Cyber-III/Student-Management-System"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/786022"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355492"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355492/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T17:17:15Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-34mx-45mg-p6wm/GHSA-34mx-45mg-p6wm.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-34mx-45mg-p6wm",
+  "modified": "2026-04-06T18:33:05Z",
+  "published": "2026-04-06T18:33:05Z",
+  "aliases": [
+    "CVE-2025-47389"
+  ],
+  "details": "Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47389"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T16:16:27Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-56rm-v8f3-5q9q/GHSA-56rm-v8f3-5q9q.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-56rm-v8f3-5q9q",
+  "modified": "2026-04-06T18:33:05Z",
+  "published": "2026-04-06T18:33:05Z",
+  "aliases": [
+    "CVE-2025-47391"
+  ],
+  "details": "Memory corruption while processing a frame request from user.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47391"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T16:16:27Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-5m6g-jv3x-7v6x/GHSA-5m6g-jv3x-7v6x.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5m6g-jv3x-7v6x",
+  "modified": "2026-04-06T18:33:07Z",
+  "published": "2026-04-06T18:33:07Z",
+  "aliases": [
+    "CVE-2026-21378"
+  ],
+  "details": "Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21378"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-126"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T16:16:30Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-664p-j3q6-p843/GHSA-664p-j3q6-p843.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-664p-j3q6-p843",
+  "modified": "2026-04-06T18:33:07Z",
+  "published": "2026-04-06T18:33:07Z",
+  "aliases": [
+    "CVE-2026-31353"
+  ],
+  "details": "An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31353"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/liufee/cms/issues/84"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/liufee/cms"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T16:16:33Z"
+  }
+}