Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2021/12/GHSA-xqxh-cq77-r6qh/GHSA-xqxh-cq77-r6qh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xqxh-cq77-r6qh",
-  "modified": "2026-03-09T15:30:31Z",
+  "modified": "2026-03-09T21:31:32Z",
   "published": "2021-12-18T00:00:51Z",
   "aliases": [
     "CVE-2021-22054"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22054"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054"
+    },
     {
       "type": "WEB",
       "url": "https://www.greynoise.io/blog/new-ssrf-exploitation-surge"

advisories/unreviewed/2024/07/GHSA-8g92-f59v-j999/GHSA-8g92-f59v-j999.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8g92-f59v-j999",
-  "modified": "2024-07-13T03:30:37Z",
+  "modified": "2026-03-09T21:31:32Z",
   "published": "2024-07-13T03:30:37Z",
   "aliases": [
     "CVE-2023-39329"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39329"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:4128"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2023-39329"

advisories/unreviewed/2024/07/GHSA-f7p4-6cq7-whmw/GHSA-f7p4-6cq7-whmw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f7p4-6cq7-whmw",
-  "modified": "2024-07-13T03:30:37Z",
+  "modified": "2026-03-09T21:31:32Z",
   "published": "2024-07-13T03:30:37Z",
   "aliases": [
     "CVE-2023-39327"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39327"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:4128"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2023-39327"

advisories/unreviewed/2025/09/GHSA-vfrj-f292-3f24/GHSA-vfrj-f292-3f24.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vfrj-f292-3f24",
-  "modified": "2025-09-23T06:30:27Z",
+  "modified": "2026-03-09T21:31:32Z",
   "published": "2025-09-23T06:30:27Z",
   "aliases": [
     "CVE-2025-26399"
@@ -23,6 +23,14 @@
       "type": "WEB",
       "url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk"
+    },
     {
       "type": "WEB",
       "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399"

advisories/unreviewed/2026/02/GHSA-2j3g-j6qj-x9q2/GHSA-2j3g-j6qj-x9q2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2j3g-j6qj-x9q2",
-  "modified": "2026-02-10T18:30:38Z",
+  "modified": "2026-03-09T21:31:32Z",
   "published": "2026-02-10T18:30:38Z",
   "aliases": [
     "CVE-2026-1603"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1603"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-37cc-q9ww-mg9w/GHSA-37cc-q9ww-mg9w.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-37cc-q9ww-mg9w",
-  "modified": "2026-02-16T12:30:24Z",
+  "modified": "2026-03-09T21:31:33Z",
   "published": "2026-02-16T12:30:24Z",
   "aliases": [
     "CVE-2025-59905"
   ],
   "details": "Cross-Site Scripting (XSS) vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately reflected in the HTTP response and executed in the victim's browser.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/02/GHSA-fvcr-8w5m-c388/GHSA-fvcr-8w5m-c388.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fvcr-8w5m-c388",
-  "modified": "2026-02-16T12:30:24Z",
+  "modified": "2026-03-09T21:31:32Z",
   "published": "2026-02-16T12:30:24Z",
   "aliases": [
     "CVE-2025-59903"
   ],
   "details": "Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromised resource.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/02/GHSA-qrxh-hqj2-g6xg/GHSA-qrxh-hqj2-g6xg.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qrxh-hqj2-g6xg",
-  "modified": "2026-02-16T12:30:24Z",
+  "modified": "2026-03-09T21:31:33Z",
   "published": "2026-02-16T12:30:24Z",
   "aliases": [
     "CVE-2025-59904"
   ],
   "details": "Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/03/GHSA-24pw-8cqg-3ppr/GHSA-24pw-8cqg-3ppr.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-24pw-8cqg-3ppr",
+  "modified": "2026-03-09T21:31:37Z",
+  "published": "2026-03-09T21:31:37Z",
+  "aliases": [
+    "CVE-2026-30140"
+  ],
+  "details": "An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30140"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jhx-ui/CVE-Reports/blob/main/README.md#vulnerability-report-tenda-router-sensitive-information-disclosure"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T19:16:07Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2p8h-37p5-9g77/GHSA-2p8h-37p5-9g77.json

@@ -34,6 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-121",
       "CWE-787"
     ],
     "severity": "CRITICAL",