Publish Advisories

GHSA-wp3j-xq48-xpjw
GHSA-2425-8942-cjhp
GHSA-4wc5-h6jc-fhhw
GHSA-54wp-f6vm-v42x
GHSA-5fpg-jg99-g97m
GHSA-8mxg-vjpv-vxv2
GHSA-c68v-2764-rf86
GHSA-fr8w-mgp5-2p5v
GHSA-gmr7-w89v-rr2q
GHSA-vfjw-j4jg-frr6
GHSA-vjg4-vp37-8p46

Author: advisory-database[bot]

advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wp3j-xq48-xpjw",
-  "modified": "2026-02-09T21:31:02Z",
+  "modified": "2026-02-16T09:30:30Z",
   "published": "2025-09-04T20:01:54Z",
   "aliases": [
     "CVE-2025-9566"
@@ -122,6 +122,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18217"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:17669"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:16724"
@@ -158,9 +162,21 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:15900"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHEA-2025:4782"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHBA-2025:16158"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHBA-2025:15712"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHBA-2025:15692"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-2425-8942-cjhp/GHSA-2425-8942-cjhp.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2425-8942-cjhp",
+  "modified": "2026-02-16T09:30:30Z",
+  "published": "2026-02-16T09:30:30Z",
+  "aliases": [
+    "CVE-2026-2538"
+  ],
+  "details": "A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2538"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Cyber-Wo0dy/report/blob/main/notepad2/4.2.25/notepad2_dll_hijacking.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346126"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346126"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.749345"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-426"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T07:17:00Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-4wc5-h6jc-fhhw/GHSA-4wc5-h6jc-fhhw.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4wc5-h6jc-fhhw",
+  "modified": "2026-02-16T09:30:30Z",
+  "published": "2026-02-16T09:30:30Z",
+  "aliases": [
+    "CVE-2026-2545"
+  ],
+  "details": "A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2545"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LigeroSmart/ligerosmart/issues/282"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LigeroSmart/ligerosmart/issues/282#issue-3879165194"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LigeroSmart/ligerosmart"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346154"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346154"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.749758"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T08:16:05Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-54wp-f6vm-v42x/GHSA-54wp-f6vm-v42x.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-54wp-f6vm-v42x",
+  "modified": "2026-02-16T09:30:30Z",
+  "published": "2026-02-16T09:30:30Z",
+  "aliases": [
+    "CVE-2026-2544"
+  ],
+  "details": "A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2544"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/lulu.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346153"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346153"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.749722"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T08:16:05Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-5fpg-jg99-g97m/GHSA-5fpg-jg99-g97m.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5fpg-jg99-g97m",
+  "modified": "2026-02-16T09:30:30Z",
+  "published": "2026-02-16T09:30:30Z",
+  "aliases": [
+    "CVE-2026-0929"
+  ],
+  "details": "The RegistrationMagic  WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0929"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/c0f17d83-6199-4676-90ec-4fba1e7fcf0f"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T07:17:00Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-8mxg-vjpv-vxv2/GHSA-8mxg-vjpv-vxv2.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8mxg-vjpv-vxv2",
+  "modified": "2026-02-16T09:30:30Z",
+  "published": "2026-02-16T09:30:30Z",
+  "aliases": [
+    "CVE-2026-2546"
+  ],
+  "details": "A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2546"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LigeroSmart/ligerosmart/issues/283"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LigeroSmart/ligerosmart/issues/283#issue-3879199951"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LigeroSmart/ligerosmart"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346155"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346155"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.749784"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T09:16:08Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-c68v-2764-rf86/GHSA-c68v-2764-rf86.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c68v-2764-rf86",
+  "modified": "2026-02-16T09:30:30Z",
+  "published": "2026-02-16T09:30:30Z",
+  "aliases": [
+    "CVE-2026-2543"
+  ],
+  "details": "A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2543"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/vichan.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346152"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346152"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.749716"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-620"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T07:17:01Z"
+  }
+}