Publish Advisories

GHSA-27q7-gwcr-rrqp
GHSA-2x6m-8xp5-7794
GHSA-64h4-vpph-xc2h
GHSA-75g2-xj79-xvcw
GHSA-8w3q-29h2-426f
GHSA-9p38-vh7f-vfw8
GHSA-gr7w-wf2v-m7qv
GHSA-j8ph-9c6m-2f5w
GHSA-jqcf-6mg8-wxx4
GHSA-xccv-2cc3-7px5

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-27q7-gwcr-rrqp/GHSA-27q7-gwcr-rrqp.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-27q7-gwcr-rrqp",
+  "modified": "2026-02-03T06:31:05Z",
+  "published": "2026-02-03T06:31:05Z",
+  "aliases": [
+    "CVE-2025-58380"
+  ],
+  "details": "A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58380"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36854"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-35"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T05:16:21Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-2x6m-8xp5-7794/GHSA-2x6m-8xp5-7794.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x6m-8xp5-7794",
+  "modified": "2026-02-03T06:31:05Z",
+  "published": "2026-02-03T06:31:05Z",
+  "aliases": [
+    "CVE-2025-14274"
+  ],
+  "details": "The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Border Hero widget's Button Link field in versions up to 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied URLs. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14274"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/functions.class.php#L2859"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_params_processor.class.php#L1518"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3429507%40unlimited-elements-for-elementor%2Ftrunk&old=3403331%40unlimited-elements-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file15"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/482c4986-3677-4754-992b-ea9be7573d2e?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T06:15:52Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-64h4-vpph-xc2h/GHSA-64h4-vpph-xc2h.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-64h4-vpph-xc2h",
+  "modified": "2026-02-03T06:31:05Z",
+  "published": "2026-02-03T06:31:05Z",
+  "aliases": [
+    "CVE-2025-58381"
+  ],
+  "details": "A\n vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an \nauthenticated attacker with admin privileges using the shell commands \n“source, ping6, sleep, disown, wait to modify the path variables and \nmove upwards in the directory structure or to traverse to different \ndirectories.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58381"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36853"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-35"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T06:15:52Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-75g2-xj79-xvcw/GHSA-75g2-xj79-xvcw.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-75g2-xj79-xvcw",
+  "modified": "2026-02-03T06:31:05Z",
+  "published": "2026-02-03T06:31:05Z",
+  "aliases": [
+    "CVE-2026-24936"
+  ],
+  "details": "When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can overwrite critical system files, leading to a complete system compromise.\nAffected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24936"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.asustor.com/security/security_advisory_detail?id=51"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T04:15:56Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-8w3q-29h2-426f/GHSA-8w3q-29h2-426f.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8w3q-29h2-426f",
+  "modified": "2026-02-03T06:31:05Z",
+  "published": "2026-02-03T06:31:05Z",
+  "aliases": [
+    "CVE-2026-24694"
+  ],
+  "details": "The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the application.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24694"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN89992160"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.roland.com/global/products/rc_roland_cloud_manager/support/#dl-support_documents"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-427"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T06:15:53Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-9p38-vh7f-vfw8/GHSA-9p38-vh7f-vfw8.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9p38-vh7f-vfw8",
+  "modified": "2026-02-03T06:31:04Z",
+  "published": "2026-02-03T06:31:04Z",
+  "aliases": [
+    "CVE-2026-0909"
+  ],
+  "details": "The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the `wp_ulike_delete_history_api` AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for authenticated attackers, with Subscriber-level access and above (granted the 'stats' capability is assigned to their role), to delete arbitrary log entries belonging to other users via the 'id' parameter.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0909"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-ulike/tags/4.8.3.1/admin/admin-ajax.php#L94"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-ulike/trunk/admin/admin-ajax.php#L94"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3451296/wp-ulike/trunk/admin/admin-ajax.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bee2e520-46cc-4b54-9849-fafb9b37ba19?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T04:15:56Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-gr7w-wf2v-m7qv/GHSA-gr7w-wf2v-m7qv.json

@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gr7w-wf2v-m7qv",
+  "modified": "2026-02-03T06:31:05Z",
+  "published": "2026-02-03T06:31:05Z",
+  "aliases": [
+    "CVE-2026-0950"
+  ],
+  "details": "The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check `post_password_required()` before rendering post excerpts in the `render_excerpt()` function and the `uagb_get_excerpt()` helper function. This makes it possible for unauthenticated attackers to read excerpts of password-protected posts by simply viewing any page that contains a Spectra Post Grid, Post Masonry, Post Carousel, or Post Timeline block.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0950"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tags/2.19.17/blocks-config/post/class-uagb-post.php#L1303"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tags/2.19.17/blocks-config/post/class-uagb-post.php#L1621"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tags/2.19.17/blocks-config/post/class-uagb-post.php#L2196"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tags/2.19.17/classes/class-uagb-helper.php#L1403"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/blocks-config/post/class-uagb-post.php#L1303"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/blocks-config/post/class-uagb-post.php#L1621"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/blocks-config/post/class-uagb-post.php#L2196"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-helper.php#L1403"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3443216%40ultimate-addons-for-gutenberg%2Ftrunk&old=3410395%40ultimate-addons-for-gutenberg%2Ftrunk&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccaccf03-4162-4365-9f12-0363a78e91d4?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T06:15:53Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-j8ph-9c6m-2f5w/GHSA-j8ph-9c6m-2f5w.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j8ph-9c6m-2f5w",
+  "modified": "2026-02-03T06:31:05Z",
+  "published": "2026-02-03T06:31:05Z",
+  "aliases": [
+    "CVE-2025-9711"
+  ],
+  "details": "A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9711"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36852"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-272"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T06:15:53Z"
+  }
+}