Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-2vwv-vqpv-v8vc/GHSA-2vwv-vqpv-v8vc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2vwv-vqpv-v8vc",
-  "modified": "2026-04-14T18:30:26Z",
+  "modified": "2026-04-16T18:31:15Z",
   "published": "2026-03-30T09:31:29Z",
   "aliases": [
     "CVE-2026-5121"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/libarchive/libarchive/pull/2934"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:8510"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-5121"

advisories/unreviewed/2026/03/GHSA-c75f-55f6-f63q/GHSA-c75f-55f6-f63q.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c75f-55f6-f63q",
-  "modified": "2026-04-16T15:31:27Z",
+  "modified": "2026-04-16T18:31:14Z",
   "published": "2026-03-19T15:31:21Z",
   "aliases": [
     "CVE-2026-4424"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:8492"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:8510"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-4424"

advisories/unreviewed/2026/03/GHSA-h5vx-6jh5-qhq7/GHSA-h5vx-6jh5-qhq7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h5vx-6jh5-qhq7",
-  "modified": "2026-03-30T09:31:28Z",
+  "modified": "2026-04-16T18:31:15Z",
   "published": "2026-03-30T09:31:28Z",
   "aliases": [
     "CVE-2026-25704"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25704"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/04/16/3"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/04/GHSA-2fw9-cxch-qx5h/GHSA-2fw9-cxch-qx5h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2fw9-cxch-qx5h",
-  "modified": "2026-04-09T00:32:00Z",
+  "modified": "2026-04-16T18:31:21Z",
   "published": "2026-04-09T00:32:00Z",
   "aliases": [
     "CVE-2026-5890"
   ],
   "details": "Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-362"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T22:16:28Z"

advisories/unreviewed/2026/04/GHSA-2h3v-69mw-9j56/GHSA-2h3v-69mw-9j56.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2h3v-69mw-9j56",
+  "modified": "2026-04-16T18:31:22Z",
+  "published": "2026-04-16T18:31:22Z",
+  "aliases": [
+    "CVE-2025-36579"
+  ],
+  "details": "Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36579"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000300450/dsa-2025-153"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-640"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-16T17:16:54Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3j9x-gmp6-9x73/GHSA-3j9x-gmp6-9x73.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3j9x-gmp6-9x73",
-  "modified": "2026-04-16T15:31:32Z",
+  "modified": "2026-04-16T18:31:21Z",
   "published": "2026-04-16T15:31:32Z",
   "aliases": [
     "CVE-2026-37337"
   ],
   "details": "SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-16T15:17:36Z"

advisories/unreviewed/2026/04/GHSA-3xhp-52jc-www8/GHSA-3xhp-52jc-www8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3xhp-52jc-www8",
-  "modified": "2026-04-16T15:31:33Z",
+  "modified": "2026-04-16T18:31:21Z",
   "published": "2026-04-16T15:31:32Z",
   "aliases": [
     "CVE-2026-37346"
   ],
   "details": "SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-16T15:17:37Z"

advisories/unreviewed/2026/04/GHSA-69rx-rvq8-835f/GHSA-69rx-rvq8-835f.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-69rx-rvq8-835f",
-  "modified": "2026-04-02T00:31:04Z",
+  "modified": "2026-04-16T18:31:16Z",
   "published": "2026-04-02T00:31:04Z",
   "aliases": [
     "CVE-2026-21767"

advisories/unreviewed/2026/04/GHSA-7c2r-j947-3p6p/GHSA-7c2r-j947-3p6p.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7c2r-j947-3p6p",
-  "modified": "2026-04-13T06:30:31Z",
+  "modified": "2026-04-16T18:31:21Z",
   "published": "2026-04-13T06:30:31Z",
   "aliases": [
     "CVE-2026-21013"
   ],
   "details": "Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
@@ -25,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-276"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/04/GHSA-8x4h-8ccm-x267/GHSA-8x4h-8ccm-x267.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8x4h-8ccm-x267",
-  "modified": "2026-04-13T06:30:30Z",
+  "modified": "2026-04-16T18:31:21Z",
   "published": "2026-04-13T06:30:30Z",
   "aliases": [
     "CVE-2026-21003"
   ],
   "details": "Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"