Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 4453441fe0a2 · 2026-03-22T09:32:01.000Z
GHSA-g37f-4r6m-qg8m GHSA-jff7-f2mj-769g GHSA-mwg5-3pp3-6h5w
diff --git a/advisories/unreviewed/2026/03/GHSA-g37f-4r6m-qg8m/GHSA-g37f-4r6m-qg8m.json b/advisories/unreviewed/2026/03/GHSA-g37f-4r6m-qg8m/GHSA-g37f-4r6m-qg8m.json
@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g37f-4r6m-qg8m",
+  "modified": "2026-03-22T09:30:27Z",
+  "published": "2026-03-22T09:30:27Z",
+  "aliases": [
+    "CVE-2026-4541"
+  ],
+  "details": "A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended. If you want to get best quality of vulnerability data, you may have to visit VulDB.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4541"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/janmojzis/tinyssh/issues/101"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/janmojzis/tinyssh/issues/101#issue-3983586116"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/janmojzis/tinyssh/pull/102"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/janmojzis/tinyssh/commit/9c87269607e0d7d20174df742accc49c042cff17"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/janmojzis/tinyssh"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/janmojzis/tinyssh/releases/tag/20260301"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352358"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352358"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774687"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-345"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T09:15:59Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-jff7-f2mj-769g/GHSA-jff7-f2mj-769g.json b/advisories/unreviewed/2026/03/GHSA-jff7-f2mj-769g/GHSA-jff7-f2mj-769g.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jff7-f2mj-769g",
+  "modified": "2026-03-22T09:30:27Z",
+  "published": "2026-03-22T09:30:27Z",
+  "aliases": [
+    "CVE-2026-4540"
+  ],
+  "details": "A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument Benutzer results in SQL Injection. The attack can be executed remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4540"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/juzidddd/CVE/issues/4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352357"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352357"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774686"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T08:15:59Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-mwg5-3pp3-6h5w/GHSA-mwg5-3pp3-6h5w.json b/advisories/unreviewed/2026/03/GHSA-mwg5-3pp3-6h5w/GHSA-mwg5-3pp3-6h5w.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mwg5-3pp3-6h5w",
+  "modified": "2026-03-22T09:30:27Z",
+  "published": "2026-03-22T09:30:27Z",
+  "aliases": [
+    "CVE-2026-4542"
+  ],
+  "details": "A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4542"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352359"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352359"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774689"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.yuque.com/la12138/pa2fpb/vlyutc51eb7vhwaz?singleDoc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T09:16:00Z"
+  }
+}
