Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 1f1a42703a34 · 2026-03-22T06:31:55.000Z
GHSA-28gr-56hr-prp6 GHSA-5xf3-gmx4-529v GHSA-33x2-ppm4-v46v GHSA-5239-wwwm-4pmq GHSA-84j4-wrx9-vrgx GHSA-8h86-g282-cx65 GHSA-97m6-jj73-c64q GHSA-cgfg-qq46-f464 GHSA-cqhc-m7m4-j634 GHSA-r5jq-wvhc-w6jv
diff --git a/advisories/unreviewed/2025/04/GHSA-28gr-56hr-prp6/GHSA-28gr-56hr-prp6.json b/advisories/unreviewed/2025/04/GHSA-28gr-56hr-prp6/GHSA-28gr-56hr-prp6.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-28gr-56hr-prp6",
-  "modified": "2025-04-09T21:31:05Z",
+  "modified": "2026-03-22T06:30:14Z",
   "published": "2025-04-02T15:31:36Z",
   "aliases": [
     "CVE-2025-2786"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2786"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/grafana/tempo-operator/pull/1145"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:3607"
diff --git a/advisories/unreviewed/2025/04/GHSA-5xf3-gmx4-529v/GHSA-5xf3-gmx4-529v.json b/advisories/unreviewed/2025/04/GHSA-5xf3-gmx4-529v/GHSA-5xf3-gmx4-529v.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5xf3-gmx4-529v",
-  "modified": "2025-04-09T21:31:05Z",
+  "modified": "2026-03-22T06:30:14Z",
   "published": "2025-04-02T15:31:36Z",
   "aliases": [
     "CVE-2025-2842"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2842"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/grafana/tempo-operator/pull/1144"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:3607"
diff --git a/advisories/unreviewed/2026/03/GHSA-33x2-ppm4-v46v/GHSA-33x2-ppm4-v46v.json b/advisories/unreviewed/2026/03/GHSA-33x2-ppm4-v46v/GHSA-33x2-ppm4-v46v.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-33x2-ppm4-v46v",
+  "modified": "2026-03-22T06:30:14Z",
+  "published": "2026-03-22T06:30:14Z",
+  "aliases": [
+    "CVE-2026-4538"
+  ],
+  "details": "A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4538"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pytorch/pytorch/pull/176791"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pytorch/pytorch"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352326"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352326"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774681"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T05:16:20Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-5239-wwwm-4pmq/GHSA-5239-wwwm-4pmq.json b/advisories/unreviewed/2026/03/GHSA-5239-wwwm-4pmq/GHSA-5239-wwwm-4pmq.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5239-wwwm-4pmq",
+  "modified": "2026-03-22T06:30:15Z",
+  "published": "2026-03-22T06:30:15Z",
+  "aliases": [
+    "CVE-2026-4539"
+  ],
+  "details": "A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4539"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pygments/pygments/issues/3058"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pygments/pygments"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352327"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352327"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774685"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-400"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T06:16:20Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-84j4-wrx9-vrgx/GHSA-84j4-wrx9-vrgx.json b/advisories/unreviewed/2026/03/GHSA-84j4-wrx9-vrgx/GHSA-84j4-wrx9-vrgx.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-84j4-wrx9-vrgx",
+  "modified": "2026-03-22T06:30:14Z",
+  "published": "2026-03-22T06:30:14Z",
+  "aliases": [
+    "CVE-2026-3427"
+  ],
+  "details": "The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3427"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Yoast/wordpress-seo/pull/23035"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/27.0/inc/class-wpseo-utils.php#L915"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/27.0/src/generators/schema/howto.php#L125"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3475308/wordpress-seo"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fee1fef5-5716-49e0-a04e-d0dae527fcfc?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T04:16:24Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-8h86-g282-cx65/GHSA-8h86-g282-cx65.json b/advisories/unreviewed/2026/03/GHSA-8h86-g282-cx65/GHSA-8h86-g282-cx65.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8h86-g282-cx65",
+  "modified": "2026-03-22T06:30:14Z",
+  "published": "2026-03-22T06:30:14Z",
+  "aliases": [
+    "CVE-2026-4536"
+  ],
+  "details": "A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4536"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LTX-GOD/Mycve/blob/main/Acrel_Co_Ltd.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352324"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352324"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774423"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T05:16:19Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-97m6-jj73-c64q/GHSA-97m6-jj73-c64q.json b/advisories/unreviewed/2026/03/GHSA-97m6-jj73-c64q/GHSA-97m6-jj73-c64q.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-97m6-jj73-c64q",
+  "modified": "2026-03-22T06:30:14Z",
+  "published": "2026-03-22T06:30:14Z",
+  "aliases": [
+    "CVE-2026-4534"
+  ],
+  "details": "A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4534"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vul_db/blob/main/FH451/vul_41/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352322"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352322"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774342"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T05:16:19Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-cgfg-qq46-f464/GHSA-cgfg-qq46-f464.json b/advisories/unreviewed/2026/03/GHSA-cgfg-qq46-f464/GHSA-cgfg-qq46-f464.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cgfg-qq46-f464",
+  "modified": "2026-03-22T06:30:14Z",
+  "published": "2026-03-22T06:30:14Z",
+  "aliases": [
+    "CVE-2026-4537"
+  ],
+  "details": "A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4537"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/qazmn/my_cve/blob/main/cudy_cve/Cudy_TR1200_Command_Injection.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352325"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352325"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774447"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T05:16:20Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-cqhc-m7m4-j634/GHSA-cqhc-m7m4-j634.json b/advisories/unreviewed/2026/03/GHSA-cqhc-m7m4-j634/GHSA-cqhc-m7m4-j634.json
diff --git a/advisories/unreviewed/2026/03/GHSA-r5jq-wvhc-w6jv/GHSA-r5jq-wvhc-w6jv.json b/advisories/unreviewed/2026/03/GHSA-r5jq-wvhc-w6jv/GHSA-r5jq-wvhc-w6jv.json
