Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-4qpp-gxm3-h9vw/GHSA-4qpp-gxm3-h9vw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4qpp-gxm3-h9vw",
-  "modified": "2026-01-21T12:30:30Z",
+  "modified": "2026-01-21T18:30:27Z",
   "published": "2025-12-11T15:30:32Z",
   "aliases": [
     "CVE-2025-14523"
@@ -67,6 +67,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0911"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0925"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14523"

advisories/unreviewed/2026/01/GHSA-2262-37j2-53g4/GHSA-2262-37j2-53g4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2262-37j2-53g4",
-  "modified": "2026-01-16T18:31:33Z",
+  "modified": "2026-01-21T18:30:27Z",
   "published": "2026-01-16T18:31:33Z",
   "aliases": [
     "CVE-2026-0629"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://www.tp-link.com/us/support/faq/4899"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.tp-link.com/us/support/faq/4906"
+    },
     {
       "type": "WEB",
       "url": "https://www.vigi.com/en/support/download"

advisories/unreviewed/2026/01/GHSA-22v3-g286-xrpf/GHSA-22v3-g286-xrpf.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-400"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/01/GHSA-2898-f79g-hh47/GHSA-2898-f79g-hh47.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/01/GHSA-2w96-8922-g8xr/GHSA-2w96-8922-g8xr.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2w96-8922-g8xr",
+  "modified": "2026-01-21T18:30:31Z",
+  "published": "2026-01-21T18:30:31Z",
+  "aliases": [
+    "CVE-2025-69766"
+  ],
+  "details": "Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69766"
+    },
+    {
+      "type": "WEB",
+      "url": "https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formGetIptv-2c9a595a7aef8043a091e6722b8e255a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formGetIptv-2c9a595a7aef8043a091e6722b8e255a?source=copy_link"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-21T18:16:24Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3cw8-v59x-4gqg/GHSA-3cw8-v59x-4gqg.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/01/GHSA-3jfq-h25g-xqjx/GHSA-3jfq-h25g-xqjx.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3jfq-h25g-xqjx",
+  "modified": "2026-01-21T18:30:32Z",
+  "published": "2026-01-21T18:30:32Z",
+  "aliases": [
+    "CVE-2025-69763"
+  ],
+  "details": "Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69763"
+    },
+    {
+      "type": "WEB",
+      "url": "https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formSetIptv-2c9a595a7aef8025a3c6c4b102d95dd4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formSetIptv-2c9a595a7aef8025a3c6c4b102d95dd4?source=copy_link"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-21T18:16:24Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3rc8-xjj4-xjp5/GHSA-3rc8-xjj4-xjp5.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3rc8-xjj4-xjp5",
+  "modified": "2026-01-21T18:30:31Z",
+  "published": "2026-01-21T18:30:31Z",
+  "aliases": [
+    "CVE-2021-47884"
+  ],
+  "details": "OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\\Program Files\\Okidata\\Common\\extend3\\portmgrsrv.exe' to inject malicious executables and escalate privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47884"
+    },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20211207181409/https://www.oki.com/me/printing/services-and-solutions/smart-solutions/print-job-accounting/index.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/49624"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/configuration-tool-oplclsrv-unquoted-service-path"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-428"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-21T18:16:22Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3whv-8qg8-4ffw/GHSA-3whv-8qg8-4ffw.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3whv-8qg8-4ffw",
+  "modified": "2026-01-21T18:30:30Z",
+  "published": "2026-01-21T18:30:30Z",
+  "aliases": [
+    "CVE-2026-1290"
+  ],
+  "details": "Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1290"
+    },
+    {
+      "type": "WEB",
+      "url": "https://learn.jamf.com/en-US/bundle/jamf-pro-release-notes-11.24.0/page/Resolved_Issues.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-305"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-21T16:16:08Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-44pv-mw72-7wfv/GHSA-44pv-mw72-7wfv.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-400"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,