Publish Advisories

GHSA-2275-6765-h9pg
GHSA-83vr-2q27-pm8v
GHSA-gh85-7c93-rfh2
GHSA-h763-98v5-2w53
GHSA-vpvw-rgv5-vh74

Author: advisory-database[bot]

advisories/unreviewed/2026/01/GHSA-2275-6765-h9pg/GHSA-2275-6765-h9pg.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2275-6765-h9pg",
+  "modified": "2026-01-24T03:30:54Z",
+  "published": "2026-01-24T03:30:54Z",
+  "aliases": [
+    "CVE-2025-13952"
+  ],
+  "details": "A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\nThe shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13952"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-24T03:16:00Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-83vr-2q27-pm8v/GHSA-83vr-2q27-pm8v.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-83vr-2q27-pm8v",
+  "modified": "2026-01-24T03:30:53Z",
+  "published": "2026-01-24T03:30:53Z",
+  "aliases": [
+    "CVE-2026-22586"
+  ],
+  "details": "Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22586"
+    },
+    {
+      "type": "WEB",
+      "url": "https://help.salesforce.com/s/articleView?id=005299346&type=1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-321"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-24T01:15:50Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-gh85-7c93-rfh2/GHSA-gh85-7c93-rfh2.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gh85-7c93-rfh2",
+  "modified": "2026-01-24T03:30:53Z",
+  "published": "2026-01-24T03:30:53Z",
+  "aliases": [
+    "CVE-2026-22583"
+  ],
+  "details": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22583"
+    },
+    {
+      "type": "WEB",
+      "url": "https://help.salesforce.com/s/articleView?id=005299346&type=1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-88"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-24T01:15:50Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-h763-98v5-2w53/GHSA-h763-98v5-2w53.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h763-98v5-2w53",
+  "modified": "2026-01-24T03:30:53Z",
+  "published": "2026-01-24T03:30:53Z",
+  "aliases": [
+    "CVE-2026-22585"
+  ],
+  "details": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22585"
+    },
+    {
+      "type": "WEB",
+      "url": "https://help.salesforce.com/s/articleView?id=005299346&type=1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-327"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-24T01:15:50Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-vpvw-rgv5-vh74/GHSA-vpvw-rgv5-vh74.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vpvw-rgv5-vh74",
+  "modified": "2026-01-24T03:30:53Z",
+  "published": "2026-01-24T03:30:53Z",
+  "aliases": [
+    "CVE-2026-22582"
+  ],
+  "details": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22582"
+    },
+    {
+      "type": "WEB",
+      "url": "https://help.salesforce.com/s/articleView?id=005299346&type=1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-88"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-24T01:15:49Z"
+  }
+}