Skip to content

Commit f784813

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-4cp8-2mwh-cqwg GHSA-6695-v58q-h2f6 GHSA-9x6p-jf26-xmx7 GHSA-c38q-j2vf-4r9p GHSA-h3gg-hh2w-3wmp GHSA-jggw-wgm7-pq5p GHSA-mcqg-vw6x-qfjx GHSA-mg6v-rx7x-h8q2 GHSA-p42h-j8rx-5jc2 GHSA-rmf4-rvgx-3jfq GHSA-v7qm-fprq-fg6p GHSA-x592-5gwh-wjg9 GHSA-xq44-64rg-8g3h
1 parent b06e308 commit f784813

13 files changed

Lines changed: 652 additions & 0 deletions

File tree

advisories/unreviewed/2026/03/GHSA-4cp8-2mwh-cqwg/GHSA-4cp8-2mwh-cqwg.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4cp8-2mwh-cqwg",
4+
"modified": "2026-03-22T03:30:25Z",
5+
"published": "2026-03-22T03:30:25Z",
6+
"aliases": [
7+
"CVE-2026-4533"
8+
],
9+
"details": "A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4533"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/SQL%20Injection%20(Time-Based%20Blind)Simple%20Food%20Ordering%20System%20in%20PHP.md?plain=1"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.352321"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.352321"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.774341"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-22T03:16:01Z"
55+
}
56+
}

advisories/unreviewed/2026/03/GHSA-6695-v58q-h2f6/GHSA-6695-v58q-h2f6.json

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6695-v58q-h2f6",
4+
"modified": "2026-03-22T03:30:25Z",
5+
"published": "2026-03-22T03:30:25Z",
6+
"aliases": [
7+
"CVE-2019-25584"
8+
],
9+
"details": "RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field via the Settings menu to trigger an application crash.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25584"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/46899"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/rarmaradio-server-field-buffer-overflow-denial-of-service"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "http://www.raimersoft.com"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-787"
42+
],
43+
"severity": "MODERATE",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2026-03-22T01:16:56Z"
47+
}
48+
}

advisories/unreviewed/2026/03/GHSA-9x6p-jf26-xmx7/GHSA-9x6p-jf26-xmx7.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9x6p-jf26-xmx7",
4+
"modified": "2026-03-22T03:30:25Z",
5+
"published": "2026-03-22T03:30:25Z",
6+
"aliases": [
7+
"CVE-2026-33550"
8+
],
9+
"details": "SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33550"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/Alinto/sogo/commit/83d4c522f87cfde0ba543837d9b24c3479083ec2"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Alinto/sogo/releases/tag/SOGo-5.12.5"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-308"
34+
],
35+
"severity": "LOW",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-03-22T03:16:01Z"
39+
}
40+
}

advisories/unreviewed/2026/03/GHSA-c38q-j2vf-4r9p/GHSA-c38q-j2vf-4r9p.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-c38q-j2vf-4r9p",
4+
"modified": "2026-03-22T03:30:25Z",
5+
"published": "2026-03-22T03:30:25Z",
6+
"aliases": [
7+
"CVE-2025-71276"
8+
],
9+
"details": "SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71276"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416f6749df4ab4f9128af2d1"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-03-22T03:16:00Z"
35+
}
36+
}

advisories/unreviewed/2026/03/GHSA-h3gg-hh2w-3wmp/GHSA-h3gg-hh2w-3wmp.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h3gg-hh2w-3wmp",
4+
"modified": "2026-03-22T03:30:25Z",
5+
"published": "2026-03-22T03:30:25Z",
6+
"aliases": [
7+
"CVE-2019-25588"
8+
],
9+
"details": "BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25588"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/46875"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/bulletproof-ftp-server-denial-of-service-via-dns-address"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "http://bpftpserver.com"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "http://bpftpserver.com/products/bpftpserver/windows/download"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-1282"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-22T01:16:57Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-jggw-wgm7-pq5p/GHSA-jggw-wgm7-pq5p.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jggw-wgm7-pq5p",
4+
"modified": "2026-03-22T03:30:25Z",
5+
"published": "2026-03-22T03:30:25Z",
6+
"aliases": [
7+
"CVE-2019-25589"
8+
],
9+
"details": "ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when accessing the Command Shell feature.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25589"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.emtec.com"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.exploit-db.com/exploits/46857"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.vulncheck.com/advisories/zoc-terminal-buffer-overflow-denial-of-service"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "http://www.emtec.com/downloads/zoc/zoc7234_x64.exe"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-787"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-22T01:16:57Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-mcqg-vw6x-qfjx/GHSA-mcqg-vw6x-qfjx.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-mcqg-vw6x-qfjx",
4+
"modified": "2026-03-22T03:30:25Z",
5+
"published": "2026-03-22T03:30:25Z",
6+
"aliases": [
7+
"CVE-2026-4532"
8+
],
9+
"details": "A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4532"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Simple%20Food%20Ordering%20System%20Information%20Disclosure%20%20.md"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.352320"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.352320"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.774338"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-425"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-22T02:16:00Z"
55+
}
56+
}

0 commit comments

Comments
 (0)