Skip to content

Commit 385af1d

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-x47p-6vx5-8v99 GHSA-225c-7gvc-9qr7 GHSA-37gh-h6xp-rvc2 GHSA-8pv4-xx57-m7h2 GHSA-cvh2-cvrv-cqcc GHSA-gfr2-w843-rf3v GHSA-gvm9-5p8r-j6j8 GHSA-hq52-wmg7-2g9g GHSA-mgvw-r6q7-f697 GHSA-rm7q-jj78-qfc9 GHSA-w4mj-mj22-jm3c GHSA-x9f6-7wmv-2c35
1 parent 8548025 commit 385af1d

File tree

12 files changed

+637
-1
lines changed

12 files changed

+637
-1
lines changed

advisories/unreviewed/2025/09/GHSA-x47p-6vx5-8v99/GHSA-x47p-6vx5-8v99.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-x47p-6vx5-8v99",
4-
"modified": "2025-09-12T12:30:23Z",
4+
"modified": "2026-02-08T18:30:18Z",
55
"published": "2025-09-12T12:30:23Z",
66
"aliases": [
77
"CVE-2025-27234"
@@ -19,6 +19,10 @@
1919
"type": "ADVISORY",
2020
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27234"
2121
},
22+
{
23+
"type": "WEB",
24+
"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00012.html"
25+
},
2226
{
2327
"type": "WEB",
2428
"url": "https://support.zabbix.com/browse/ZBX-26985"

advisories/unreviewed/2026/02/GHSA-225c-7gvc-9qr7/GHSA-225c-7gvc-9qr7.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-225c-7gvc-9qr7",
4+
"modified": "2026-02-08T18:30:18Z",
5+
"published": "2026-02-08T18:30:18Z",
6+
"aliases": [
7+
"CVE-2026-2165"
8+
],
9+
"details": "A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2165"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/detronetdip/E-commerce/issues/23"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/Nixon-H/Unauthenticated-Admin-Account-Creation"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/detronetdip/E-commerce"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?ctiid.344867"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?id.344867"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.751857"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-287"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-02-08T17:15:58Z"
59+
}
60+
}

advisories/unreviewed/2026/02/GHSA-37gh-h6xp-rvc2/GHSA-37gh-h6xp-rvc2.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-37gh-h6xp-rvc2",
4+
"modified": "2026-02-08T18:30:19Z",
5+
"published": "2026-02-08T18:30:18Z",
6+
"aliases": [
7+
"CVE-2026-2168"
8+
],
9+
"details": "A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2168"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/LX-66-LX/cve-new/issues/2"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.344870"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.344870"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.748838"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.dlink.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-02-08T18:15:48Z"
55+
}
56+
}

advisories/unreviewed/2026/02/GHSA-8pv4-xx57-m7h2/GHSA-8pv4-xx57-m7h2.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8pv4-xx57-m7h2",
4+
"modified": "2026-02-08T18:30:18Z",
5+
"published": "2026-02-08T18:30:18Z",
6+
"aliases": [
7+
"CVE-2026-2159"
8+
],
9+
"details": "A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2159"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/CH0ico/CVE_choco_5/blob/main/report.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.344861"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.344861"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.750995"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.sourcecodester.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-79"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-02-08T16:15:50Z"
55+
}
56+
}

advisories/unreviewed/2026/02/GHSA-cvh2-cvrv-cqcc/GHSA-cvh2-cvrv-cqcc.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-cvh2-cvrv-cqcc",
4+
"modified": "2026-02-08T18:30:18Z",
5+
"published": "2026-02-08T18:30:18Z",
6+
"aliases": [
7+
"CVE-2026-2160"
8+
],
9+
"details": "A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2160"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/CH0ico/CVE_choco_6/blob/main/report.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.344862"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.344862"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.751016"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.sourcecodester.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-79"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-02-08T16:15:51Z"
55+
}
56+
}

advisories/unreviewed/2026/02/GHSA-gfr2-w843-rf3v/GHSA-gfr2-w843-rf3v.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-gfr2-w843-rf3v",
4+
"modified": "2026-02-08T18:30:18Z",
5+
"published": "2026-02-08T18:30:18Z",
6+
"aliases": [
7+
"CVE-2026-2163"
8+
],
9+
"details": "A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2163"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md#poc"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.344865"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.344865"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.751764"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.dlink.com"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-74"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-02-08T17:15:58Z"
59+
}
60+
}

advisories/unreviewed/2026/02/GHSA-gvm9-5p8r-j6j8/GHSA-gvm9-5p8r-j6j8.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-gvm9-5p8r-j6j8",
4+
"modified": "2026-02-08T18:30:18Z",
5+
"published": "2026-02-08T18:30:18Z",
6+
"aliases": [
7+
"CVE-2026-2164"
8+
],
9+
"details": "A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2164"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/detronetdip/E-commerce/issues/23"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/Nixon-H/PHP-Unrestricted-Upload-RCE"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/detronetdip/E-commerce"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?ctiid.344866"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?id.344866"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.751853"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-284"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-02-08T17:15:58Z"
59+
}
60+
}

0 commit comments

Comments
 (0)