Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-q4hc-vp2m-fr47/GHSA-q4hc-vp2m-fr47.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q4hc-vp2m-fr47",
-  "modified": "2026-03-23T03:31:39Z",
+  "modified": "2026-03-24T03:31:19Z",
   "published": "2026-02-23T18:32:02Z",
   "aliases": [
     "CVE-2025-14905"
@@ -51,6 +51,22 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:5196"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5511"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5512"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5513"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5514"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14905"

advisories/unreviewed/2026/03/GHSA-23f9-j3qr-h3hv/GHSA-23f9-j3qr-h3hv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-23f9-j3qr-h3hv",
-  "modified": "2026-03-19T18:31:19Z",
+  "modified": "2026-03-24T03:31:19Z",
   "published": "2026-03-19T18:31:19Z",
   "aliases": [
     "CVE-2025-67113"
   ],
   "details": "OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into the firmware upgrade pipeline.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-19T18:16:15Z"

advisories/unreviewed/2026/03/GHSA-2448-99wr-g9vj/GHSA-2448-99wr-g9vj.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2448-99wr-g9vj",
+  "modified": "2026-03-24T03:31:19Z",
+  "published": "2026-03-24T03:31:19Z",
+  "aliases": [
+    "CVE-2026-4676"
+  ],
+  "details": "Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4676"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/488613135"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T01:17:03Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2f37-6r53-rgxp/GHSA-2f37-6r53-rgxp.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2f37-6r53-rgxp",
+  "modified": "2026-03-24T03:31:19Z",
+  "published": "2026-03-24T03:31:19Z",
+  "aliases": [
+    "CVE-2026-4678"
+  ],
+  "details": "Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4678"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/491164019"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T01:17:03Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3364-vw5q-hfh3/GHSA-3364-vw5q-hfh3.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3364-vw5q-hfh3",
+  "modified": "2026-03-24T03:31:19Z",
+  "published": "2026-03-24T03:31:19Z",
+  "aliases": [
+    "CVE-2026-4674"
+  ],
+  "details": "Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4674"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/488188166"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T01:17:02Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3qwq-q9vm-5j42/GHSA-3qwq-q9vm-5j42.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3qwq-q9vm-5j42",
+  "modified": "2026-03-24T03:31:19Z",
+  "published": "2026-03-24T03:31:19Z",
+  "aliases": [
+    "CVE-2026-22739"
+  ],
+  "details": "Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from 3.1.X before 3.1.13, from 4.1.X before 4.1.9, from 4.2.X before 4.2.3, from 4.3.X before 4.3.2, from 5.0.X before 5.0.2.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22739"
+    },
+    {
+      "type": "WEB",
+      "url": "https://spring.io/security/cve-2026-22739"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T01:17:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-533q-m9mq-7v99/GHSA-533q-m9mq-7v99.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-533q-m9mq-7v99",
-  "modified": "2026-03-19T18:31:19Z",
+  "modified": "2026-03-24T03:31:19Z",
   "published": "2026-03-19T18:31:19Z",
   "aliases": [
     "CVE-2025-67115"
   ],
   "details": "A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the log_type parameter to /logsave.htm.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-19T18:16:15Z"

advisories/unreviewed/2026/03/GHSA-5v75-mv76-85fm/GHSA-5v75-mv76-85fm.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5v75-mv76-85fm",
+  "modified": "2026-03-24T03:31:19Z",
+  "published": "2026-03-24T03:31:19Z",
+  "aliases": [
+    "CVE-2026-4677"
+  ],
+  "details": "Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4677"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/490533968"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T01:17:03Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-68f7-rw23-22jh/GHSA-68f7-rw23-22jh.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-68f7-rw23-22jh",
+  "modified": "2026-03-24T03:31:19Z",
+  "published": "2026-03-24T03:31:19Z",
+  "aliases": [
+    "CVE-2026-4624"
+  ],
+  "details": "A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4624"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/WHOAMI-xiaoyu/CVE/blob/main/CVE_6.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352492"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352492"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.775787"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T03:16:06Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6f7w-7xmx-mx54/GHSA-6f7w-7xmx-mx54.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6f7w-7xmx-mx54",
-  "modified": "2026-03-19T18:31:19Z",
+  "modified": "2026-03-24T03:31:19Z",
   "published": "2026-03-19T18:31:19Z",
   "aliases": [
     "CVE-2026-30694"
   ],
   "details": "An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-19T18:16:22Z"