Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2021/12/GHSA-xqxh-cq77-r6qh/GHSA-xqxh-cq77-r6qh.json

@@ -1,19 +1,28 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xqxh-cq77-r6qh",
-  "modified": "2021-12-23T00:01:42Z",
+  "modified": "2026-03-09T15:30:31Z",
   "published": "2021-12-18T00:00:51Z",
   "aliases": [
     "CVE-2021-22054"
   ],
   "details": "VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22054"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.greynoise.io/blog/new-ssrf-exploitation-surge"
+    },
     {
       "type": "WEB",
       "url": "https://www.vmware.com/security/advisories/VMSA-2021-0029.html"

advisories/unreviewed/2026/01/GHSA-5hf5-c2h8-jm8p/GHSA-5hf5-c2h8-jm8p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5hf5-c2h8-jm8p",
-  "modified": "2026-01-29T12:30:25Z",
+  "modified": "2026-03-09T15:30:32Z",
   "published": "2026-01-29T12:30:25Z",
   "aliases": [
     "CVE-2025-7015"

advisories/unreviewed/2026/01/GHSA-8p85-wwv8-94x9/GHSA-8p85-wwv8-94x9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8p85-wwv8-94x9",
-  "modified": "2026-01-29T15:30:27Z",
+  "modified": "2026-03-09T15:30:32Z",
   "published": "2026-01-29T15:30:27Z",
   "aliases": [
     "CVE-2025-7013"

advisories/unreviewed/2026/01/GHSA-97vc-35gm-9r7r/GHSA-97vc-35gm-9r7r.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-97vc-35gm-9r7r",
-  "modified": "2026-01-29T12:30:25Z",
+  "modified": "2026-03-09T15:30:32Z",
   "published": "2026-01-29T12:30:25Z",
   "aliases": [
     "CVE-2026-1469"
   ],
   "details": "Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequently displayed without proper sanitization when other users access it. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-fw4r-9q4w-pxx8/GHSA-fw4r-9q4w-pxx8.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fw4r-9q4w-pxx8",
-  "modified": "2026-01-28T21:31:23Z",
+  "modified": "2026-03-09T15:30:32Z",
   "published": "2026-01-28T21:31:23Z",
   "aliases": [
     "CVE-2026-0749"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-gq6h-g93p-6wqx/GHSA-gq6h-g93p-6wqx.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gq6h-g93p-6wqx",
-  "modified": "2026-01-09T18:31:36Z",
+  "modified": "2026-03-09T15:30:31Z",
   "published": "2026-01-09T18:31:36Z",
   "aliases": [
     "CVE-2025-15035"
   ],
   "details": "Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-mwhx-x3mr-hv49/GHSA-mwhx-x3mr-hv49.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mwhx-x3mr-hv49",
-  "modified": "2026-01-29T15:30:27Z",
+  "modified": "2026-03-09T15:30:32Z",
   "published": "2026-01-29T15:30:27Z",
   "aliases": [
     "CVE-2025-7014"

advisories/unreviewed/2026/01/GHSA-mxrg-rhmf-2mjf/GHSA-mxrg-rhmf-2mjf.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mxrg-rhmf-2mjf",
-  "modified": "2026-01-28T21:31:23Z",
+  "modified": "2026-03-09T15:30:32Z",
   "published": "2026-01-28T21:31:23Z",
   "aliases": [
     "CVE-2026-0750"
   ],
   "details": "Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-rgqc-2558-hgcm/GHSA-rgqc-2558-hgcm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rgqc-2558-hgcm",
-  "modified": "2026-01-29T12:30:25Z",
+  "modified": "2026-03-09T15:30:32Z",
   "published": "2026-01-29T12:30:25Z",
   "aliases": [
     "CVE-2025-7016"

advisories/unreviewed/2026/01/GHSA-wgr9-gc72-49xj/GHSA-wgr9-gc72-49xj.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wgr9-gc72-49xj",
-  "modified": "2026-01-27T03:31:33Z",
+  "modified": "2026-03-09T15:30:31Z",
   "published": "2026-01-26T21:30:36Z",
   "aliases": [
     "CVE-2025-14756"
   ],
   "details": "Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"