Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/10/GHSA-hm8v-8c3v-cxfq/GHSA-hm8v-8c3v-cxfq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hm8v-8c3v-cxfq",
-  "modified": "2026-02-24T12:31:40Z",
+  "modified": "2026-03-24T12:30:24Z",
   "published": "2025-10-03T12:33:14Z",
   "aliases": [
     "CVE-2025-11234"
@@ -47,6 +47,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:3165"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5578"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-11234"

advisories/unreviewed/2026/01/GHSA-337w-h8w7-m899/GHSA-337w-h8w7-m899.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-337w-h8w7-m899",
-  "modified": "2026-03-18T18:31:11Z",
+  "modified": "2026-03-24T12:30:24Z",
   "published": "2026-01-26T21:30:36Z",
   "aliases": [
     "CVE-2025-9820"
@@ -35,6 +35,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:4943"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5585"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5606"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-9820"

advisories/unreviewed/2026/02/GHSA-jw2g-7q64-j48j/GHSA-jw2g-7q64-j48j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jw2g-7q64-j48j",
-  "modified": "2026-02-20T18:31:32Z",
+  "modified": "2026-03-24T12:30:24Z",
   "published": "2026-02-19T21:30:48Z",
   "aliases": [
     "CVE-2026-27440"

advisories/unreviewed/2026/02/GHSA-pm8w-jq9r-x5rp/GHSA-pm8w-jq9r-x5rp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pm8w-jq9r-x5rp",
-  "modified": "2026-03-18T18:31:11Z",
+  "modified": "2026-03-24T12:30:24Z",
   "published": "2026-02-09T15:30:31Z",
   "aliases": [
     "CVE-2025-14831"
@@ -35,6 +35,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:4943"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5585"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5606"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14831"

advisories/unreviewed/2026/02/GHSA-q4hc-vp2m-fr47/GHSA-q4hc-vp2m-fr47.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q4hc-vp2m-fr47",
-  "modified": "2026-03-24T09:30:30Z",
+  "modified": "2026-03-24T12:30:24Z",
   "published": "2026-02-23T18:32:02Z",
   "aliases": [
     "CVE-2025-14905"
@@ -27,6 +27,18 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14905"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5598"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5597"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5576"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:5569"

advisories/unreviewed/2026/03/GHSA-36vr-929m-887g/GHSA-36vr-929m-887g.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-36vr-929m-887g",
+  "modified": "2026-03-24T12:30:24Z",
+  "published": "2026-03-24T12:30:24Z",
+  "aliases": [
+    "CVE-2019-25644"
+  ],
+  "details": "WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25644"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46553"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/winmpg-video-convert-buffer-overflow-local-denial-of-service"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.winmpg.com"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.winmpg.com/down/WinMPG_VideoConvert.zip"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T12:16:06Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4f54-m9cc-h3ch/GHSA-4f54-m9cc-h3ch.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4f54-m9cc-h3ch",
+  "modified": "2026-03-24T12:30:24Z",
+  "published": "2026-03-24T12:30:24Z",
+  "aliases": [
+    "CVE-2019-25630"
+  ],
+  "details": "PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/manager endpoint and execute them via the bizunoFS.php script for remote code execution.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25630"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sourceforge.net/projects/phreebooks/files/latest/download"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46644"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.phreesoft.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/phreebooks-erp-arbitrary-file-upload-via-image-manager"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T12:16:03Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4g2g-3x54-996g/GHSA-4g2g-3x54-996g.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4g2g-3x54-996g",
+  "modified": "2026-03-24T12:30:24Z",
+  "published": "2026-03-24T12:30:24Z",
+  "aliases": [
+    "CVE-2019-25627"
+  ],
+  "details": "FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25627"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46665"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/flexhex-local-buffer-overflow-via-seh-unicode"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.flexhex.com"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.flexhex.com/download/flexhex_setup.exe"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-434"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T12:16:02Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6642-x6x4-g343/GHSA-6642-x6x4-g343.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6642-x6x4-g343",
+  "modified": "2026-03-24T12:30:25Z",
+  "published": "2026-03-24T12:30:25Z",
+  "aliases": [
+    "CVE-2025-64998"
+  ],
+  "details": "Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64998"
+    },
+    {
+      "type": "WEB",
+      "url": "https://checkmk.com/werk/18954"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-522"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T12:16:11Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-69pr-r3r6-9m8h/GHSA-69pr-r3r6-9m8h.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-69pr-r3r6-9m8h",
+  "modified": "2026-03-24T12:30:24Z",
+  "published": "2026-03-24T12:30:24Z",
+  "aliases": [
+    "CVE-2019-25637"
+  ],
+  "details": "X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload when the application processes malicious input through HTTP Client or Rules functionality.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25637"
+    },
+    {
+      "type": "WEB",
+      "url": "https://freshsoftware.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46596"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/x-netstat-pro-local-buffer-overflow-via-egghunter"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T12:16:04Z"
+  }
+}