Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 6628e9b65cae · 2026-04-19T15:31:59.000Z
GHSA-p3g3-qcxj-gm4g GHSA-3v8q-qmgr-97jh GHSA-4q2m-7ch2-98qj GHSA-c39q-8682-64fg
diff --git a/advisories/unreviewed/2025/02/GHSA-p3g3-qcxj-gm4g/GHSA-p3g3-qcxj-gm4g.json b/advisories/unreviewed/2025/02/GHSA-p3g3-qcxj-gm4g/GHSA-p3g3-qcxj-gm4g.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p3g3-qcxj-gm4g",
-  "modified": "2025-02-03T03:30:53Z",
+  "modified": "2026-04-19T15:30:17Z",
   "published": "2025-02-03T03:30:53Z",
   "aliases": [
     "CVE-2025-0974"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://gist.github.com/mcdruid/f8153d7d535c0fcba920e83a64953d4e"
     },
+    {
+      "type": "WEB",
+      "url": "https://lightning.devs.mx/download"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.294365"
@@ -38,6 +42,18 @@
     {
       "type": "WEB",
       "url": "https://vuldb.com/?submit.489672"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/489672"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/294365"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/294365/cti"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2026/04/GHSA-3v8q-qmgr-97jh/GHSA-3v8q-qmgr-97jh.json b/advisories/unreviewed/2026/04/GHSA-3v8q-qmgr-97jh/GHSA-3v8q-qmgr-97jh.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3v8q-qmgr-97jh",
+  "modified": "2026-04-19T15:30:18Z",
+  "published": "2026-04-19T15:30:18Z",
+  "aliases": [
+    "CVE-2026-6572"
+  ],
+  "details": "A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6572"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/789988"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358206"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358206/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vulnplus-note.wetolink.com/share/PLCI4v0BWaF8"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-19T13:16:45Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-4q2m-7ch2-98qj/GHSA-4q2m-7ch2-98qj.json b/advisories/unreviewed/2026/04/GHSA-4q2m-7ch2-98qj/GHSA-4q2m-7ch2-98qj.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4q2m-7ch2-98qj",
+  "modified": "2026-04-19T15:30:18Z",
+  "published": "2026-04-19T15:30:18Z",
+  "aliases": [
+    "CVE-2026-6573"
+  ],
+  "details": "A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6573"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/789990"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358207"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358207/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vulnplus-note.wetolink.com/share/1QZ4NE0oTRIc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-19T13:16:46Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-c39q-8682-64fg/GHSA-c39q-8682-64fg.json b/advisories/unreviewed/2026/04/GHSA-c39q-8682-64fg/GHSA-c39q-8682-64fg.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c39q-8682-64fg",
+  "modified": "2026-04-19T15:30:18Z",
+  "published": "2026-04-19T15:30:18Z",
+  "aliases": [
+    "CVE-2026-6574"
+  ],
+  "details": "A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6574"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/790000"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358209"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358209/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vulnplus-note.wetolink.com/share/VhoNkMja5u7A"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-259"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-19T14:16:11Z"
+  }
+}
