Publish Advisories

GHSA-m4f3-qp2w-gwh6
GHSA-4782-773j-qvcq
GHSA-4g4j-v56v-2w79
GHSA-6v46-p4rh-797h
GHSA-7fj8-2w2v-gvp9
GHSA-96j8-mwhp-xmj4
GHSA-c7x9-pfw8-h942
GHSA-cg8j-5cr2-568q
GHSA-chwj-wc69-jqxj
GHSA-f678-w5rv-9j99
GHSA-ggxq-2mg9-8966
GHSA-rx5p-47h9-9hv2
GHSA-vjq9-53r9-j2x9
GHSA-w8g9-9cxr-c95j
GHSA-x835-c867-m9pw

Author: advisory-database[bot]

advisories/github-reviewed/2026/02/GHSA-m4f3-qp2w-gwh6/GHSA-m4f3-qp2w-gwh6.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m4f3-qp2w-gwh6",
-  "modified": "2026-02-19T20:27:55Z",
+  "modified": "2026-02-21T06:30:15Z",
   "published": "2026-02-18T18:30:40Z",
   "aliases": [
     "CVE-2026-24708"
@@ -90,6 +90,10 @@
       "type": "PACKAGE",
       "url": "https://github.com/openstack/nova"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html"
+    },
     {
       "type": "WEB",
       "url": "https://www.openwall.com/lists/oss-security/2026/02/17/7"

advisories/unreviewed/2026/02/GHSA-4782-773j-qvcq/GHSA-4782-773j-qvcq.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4782-773j-qvcq",
+  "modified": "2026-02-21T06:30:15Z",
+  "published": "2026-02-21T06:30:15Z",
+  "aliases": [
+    "CVE-2026-27530"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27530"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-21T05:17:29Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-4g4j-v56v-2w79/GHSA-4g4j-v56v-2w79.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4g4j-v56v-2w79",
+  "modified": "2026-02-21T06:30:16Z",
+  "published": "2026-02-21T06:30:16Z",
+  "aliases": [
+    "CVE-2026-26046"
+  ],
+  "details": "A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26046"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-26046"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440903"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-21T06:17:00Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-6v46-p4rh-797h/GHSA-6v46-p4rh-797h.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6v46-p4rh-797h",
+  "modified": "2026-02-21T06:30:15Z",
+  "published": "2026-02-21T06:30:15Z",
+  "aliases": [
+    "CVE-2026-27527"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27527"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-21T05:17:29Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-7fj8-2w2v-gvp9/GHSA-7fj8-2w2v-gvp9.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7fj8-2w2v-gvp9",
+  "modified": "2026-02-21T06:30:17Z",
+  "published": "2026-02-21T06:30:17Z",
+  "aliases": [
+    "CVE-2026-2861"
+  ],
+  "details": "A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2861"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/foswiki/distro/commit/31aeecb58b64"
+    },
+    {
+      "type": "WEB",
+      "url": "https://foswiki.org/Tasks/Item15600"
+    },
+    {
+      "type": "WEB",
+      "url": "https://foswiki.org/Tasks/Item15601"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347101"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347101"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.753966"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-21T06:17:01Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-96j8-mwhp-xmj4/GHSA-96j8-mwhp-xmj4.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-96j8-mwhp-xmj4",
+  "modified": "2026-02-21T06:30:16Z",
+  "published": "2026-02-21T06:30:16Z",
+  "aliases": [
+    "CVE-2026-2860"
+  ],
+  "details": "A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. This product is distributed under two entirely different names. The project was informed of the problem early through an issue report but has not responded yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2860"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/megagao/production_ssm/issues/36"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/megagao/production_ssm/issues/36#issue-3914626431"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347100"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347100"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754494"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-21T05:17:30Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-c7x9-pfw8-h942/GHSA-c7x9-pfw8-h942.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c7x9-pfw8-h942",
+  "modified": "2026-02-21T06:30:15Z",
+  "published": "2026-02-21T06:30:15Z",
+  "aliases": [
+    "CVE-2026-27528"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27528"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-21T05:17:29Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-cg8j-5cr2-568q/GHSA-cg8j-5cr2-568q.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cg8j-5cr2-568q",
+  "modified": "2026-02-21T06:30:16Z",
+  "published": "2026-02-21T06:30:16Z",
+  "aliases": [
+    "CVE-2026-26047"
+  ],
+  "details": "A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26047"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-26047"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440905"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-400"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-21T06:17:00Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-chwj-wc69-jqxj/GHSA-chwj-wc69-jqxj.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-chwj-wc69-jqxj",
+  "modified": "2026-02-21T06:30:16Z",
+  "published": "2026-02-21T06:30:16Z",
+  "aliases": [
+    "CVE-2026-27531"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27531"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-21T05:17:29Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-f678-w5rv-9j99/GHSA-f678-w5rv-9j99.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f678-w5rv-9j99",
+  "modified": "2026-02-21T06:30:15Z",
+  "published": "2026-02-21T06:30:15Z",
+  "aliases": [
+    "CVE-2026-27529"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27529"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-21T05:17:29Z"
+  }
+}