Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/06/GHSA-6qrf-r65h-2r77/GHSA-6qrf-r65h-2r77.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6qrf-r65h-2r77",
-  "modified": "2025-11-03T21:34:02Z",
+  "modified": "2026-03-24T06:31:12Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-6170"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372952"
     },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/941"
+    },
     {
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html"

advisories/unreviewed/2026/03/GHSA-2cjm-f4h6-vv39/GHSA-2cjm-f4h6-vv39.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2cjm-f4h6-vv39",
+  "modified": "2026-03-24T06:31:14Z",
+  "published": "2026-03-24T06:31:14Z",
+  "aliases": [
+    "CVE-2026-33850"
+  ],
+  "details": "Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33850"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/WujekFoliarz/DualSenseY-v2/pull/66"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T06:16:22Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-36m3-3x88-3x7w/GHSA-36m3-3x88-3x7w.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-36m3-3x88-3x7w",
+  "modified": "2026-03-24T06:31:12Z",
+  "published": "2026-03-24T06:31:12Z",
+  "aliases": [
+    "CVE-2026-4734"
+  ],
+  "details": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C‎.\n\nThis issue affects modizer: before v4.3.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Clear"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4734"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/yoyofr/modizer/pull/141"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T04:17:25Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3x3v-w654-m28m/GHSA-3x3v-w654-m28m.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3x3v-w654-m28m",
+  "modified": "2026-03-24T06:31:13Z",
+  "published": "2026-03-24T06:31:13Z",
+  "aliases": [
+    "CVE-2026-3260"
+  ],
+  "details": "A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3260"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-3260"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443010"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T05:16:24Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-5j5q-mqh9-w768/GHSA-5j5q-mqh9-w768.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5j5q-mqh9-w768",
+  "modified": "2026-03-24T06:31:14Z",
+  "published": "2026-03-24T06:31:14Z",
+  "aliases": [
+    "CVE-2026-33848"
+  ],
+  "details": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33848"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/linkingvision/rapidvms/pull/96"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T06:16:21Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-5m6v-w55c-ph7p/GHSA-5m6v-w55c-ph7p.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5m6v-w55c-ph7p",
+  "modified": "2026-03-24T06:31:14Z",
+  "published": "2026-03-24T06:31:14Z",
+  "aliases": [
+    "CVE-2026-4640"
+  ],
+  "details": "Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4640"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/en/cp-139-10795-25784-2.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/tw/cp-132-10794-704a2-1.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T05:16:25Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-5mf3-2qwq-wqgq/GHSA-5mf3-2qwq-wqgq.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5mf3-2qwq-wqgq",
+  "modified": "2026-03-24T06:31:12Z",
+  "published": "2026-03-24T06:31:12Z",
+  "aliases": [
+    "CVE-2026-4626"
+  ],
+  "details": "A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyer_booking.php. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4626"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/eqiya17/collection-of-vulnerability/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352494"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352494"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.775791"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T04:17:25Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-5qh6-xmvm-2jfr/GHSA-5qh6-xmvm-2jfr.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5qh6-xmvm-2jfr",
+  "modified": "2026-03-24T06:31:12Z",
+  "published": "2026-03-24T06:31:12Z",
+  "aliases": [
+    "CVE-2026-4731"
+  ],
+  "details": "Integer Overflow or Wraparound vulnerability in artraweditor ART (‎rtengine‎ modules). This vulnerability is associated with program files dcraw.C.\n\nThis issue affects ART: before 1.25.12.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4731"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/artraweditor/ART/pull/427"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-190"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T04:17:25Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6534-78c4-fpjf/GHSA-6534-78c4-fpjf.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6534-78c4-fpjf",
+  "modified": "2026-03-24T06:31:14Z",
+  "published": "2026-03-24T06:31:14Z",
+  "aliases": [
+    "CVE-2026-4753"
+  ],
+  "details": "Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4753"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/slajerek/RetroDebugger/pull/97"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T06:16:23Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-695c-rc34-8h4v/GHSA-695c-rc34-8h4v.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-695c-rc34-8h4v",
+  "modified": "2026-03-24T06:31:13Z",
+  "published": "2026-03-24T06:31:13Z",
+  "aliases": [
+    "CVE-2026-4743"
+  ],
+  "details": "NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules). This vulnerability is associated with program files cJSON.Cpp‎.\n\nThis issue affects ncmdump: before 1.4.0.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4743"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/taurusxin/ncmdump/pull/52"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T04:17:31Z"
+  }
+}