Skip to content

Commit 1aa536c

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-gqwq-8j5x-ghf8 GHSA-j23v-33r7-63rx
1 parent e669840 commit 1aa536c

File tree

2 files changed

+92
-0
lines changed

2 files changed

+92
-0
lines changed

advisories/unreviewed/2026/04/GHSA-gqwq-8j5x-ghf8/GHSA-gqwq-8j5x-ghf8.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-gqwq-8j5x-ghf8",
4+
"modified": "2026-04-17T00:31:02Z",
5+
"published": "2026-04-17T00:31:02Z",
6+
"aliases": [
7+
"CVE-2024-58343"
8+
],
9+
"details": "Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58343"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/websec/Vision-Helpdesk-Exploit"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://websec.net/blog/critical-vulnerability-in-vision-helpdesk-allows-unauthorized-session-access-67264646bde7fa99ea26446f"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-425"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-04-16T23:16:32Z"
39+
}
40+
}

advisories/unreviewed/2026/04/GHSA-j23v-33r7-63rx/GHSA-j23v-33r7-63rx.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j23v-33r7-63rx",
4+
"modified": "2026-04-17T00:31:02Z",
5+
"published": "2026-04-17T00:31:02Z",
6+
"aliases": [
7+
"CVE-2026-41113"
8+
],
9+
"details": "sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41113"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/sagredo-dev/qmail/pull/42"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/sagredo-dev/qmail/commit/749f607f6885e3d01b36f2647d7a1db88f1ef741"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://blog.calif.io/p/we-asked-claude-to-audit-sagredos"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/califio/publications/tree/main/MADBugs/qmail"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/sagredo-dev/qmail/releases/tag/v2026.04.07"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-78"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-16T22:16:39Z"
51+
}
52+
}

0 commit comments

Comments
 (0)