Publish Advisories

GHSA-2738-x33m-p89q
GHSA-fvhw-hg3x-xxxp
GHSA-gqj9-6pwj-7952
GHSA-pqp9-2cmp-fx98
GHSA-v4fr-cg8r-vwm7
GHSA-r93p-9jjr-wjhj
GHSA-5w7p-v6h9-q8c5
GHSA-85hw-hqj5-m956
GHSA-88cw-hhx8-8crw
GHSA-ccr7-c63m-8vgm
GHSA-fx2x-5jph-mxxh
GHSA-jxwc-xxjw-356x
GHSA-q5xq-rvph-wwgr
GHSA-xrc8-933j-f74c

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-2738-x33m-p89q/GHSA-2738-x33m-p89q.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2738-x33m-p89q",
-  "modified": "2022-05-17T04:51:45Z",
+  "modified": "2026-04-03T00:31:08Z",
   "published": "2022-05-17T04:51:45Z",
   "aliases": [
     "CVE-2011-2927"
   ],
   "details": "Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/05/GHSA-fvhw-hg3x-xxxp/GHSA-fvhw-hg3x-xxxp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fvhw-hg3x-xxxp",
-  "modified": "2022-05-17T04:51:45Z",
+  "modified": "2026-04-03T00:31:08Z",
   "published": "2022-05-17T04:51:45Z",
   "aliases": [
     "CVE-2011-3344"
   ],
   "details": "Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/05/GHSA-gqj9-6pwj-7952/GHSA-gqj9-6pwj-7952.json

@@ -1,19 +1,28 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gqj9-6pwj-7952",
-  "modified": "2022-05-04T00:27:49Z",
+  "modified": "2026-04-03T00:31:08Z",
   "published": "2022-05-04T00:27:49Z",
   "aliases": [
     "CVE-2012-0059"
   ],
   "details": "Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0059"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2012-0059"
+    },
     {
       "type": "WEB",
       "url": "http://rhn.redhat.com/errata/RHSA-2012-0101.html"
@@ -24,7 +33,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-209"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2022/05/GHSA-pqp9-2cmp-fx98/GHSA-pqp9-2cmp-fx98.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pqp9-2cmp-fx98",
-  "modified": "2022-05-17T04:51:45Z",
+  "modified": "2026-04-03T00:31:08Z",
   "published": "2022-05-17T04:51:45Z",
   "aliases": [
     "CVE-2011-2920"
   ],
   "details": "Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the \"Filter by Synopsis\" field and other unspecified filter forms.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/05/GHSA-v4fr-cg8r-vwm7/GHSA-v4fr-cg8r-vwm7.json

@@ -1,19 +1,28 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v4fr-cg8r-vwm7",
-  "modified": "2022-05-17T04:51:45Z",
+  "modified": "2026-04-03T00:31:08Z",
   "published": "2022-05-17T04:51:45Z",
   "aliases": [
     "CVE-2011-1594"
   ],
   "details": "Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1594"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2011-1594"
+    },
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=672167"
@@ -29,7 +38,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-601"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/05/GHSA-r93p-9jjr-wjhj/GHSA-r93p-9jjr-wjhj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r93p-9jjr-wjhj",
-  "modified": "2025-05-14T21:31:18Z",
+  "modified": "2026-04-03T00:31:08Z",
   "published": "2025-05-14T21:31:17Z",
   "aliases": [
     "CVE-2025-0133"

advisories/unreviewed/2026/04/GHSA-5w7p-v6h9-q8c5/GHSA-5w7p-v6h9-q8c5.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5w7p-v6h9-q8c5",
+  "modified": "2026-04-03T00:31:09Z",
+  "published": "2026-04-03T00:31:09Z",
+  "aliases": [
+    "CVE-2026-32211"
+  ],
+  "details": "Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32211"
+    },
+    {
+      "type": "WEB",
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32211"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-03T00:16:04Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-85hw-hqj5-m956/GHSA-85hw-hqj5-m956.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-85hw-hqj5-m956",
+  "modified": "2026-04-03T00:31:09Z",
+  "published": "2026-04-03T00:31:09Z",
+  "aliases": [
+    "CVE-2026-32173"
+  ],
+  "details": "Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32173"
+    },
+    {
+      "type": "WEB",
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32173"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-03T00:16:04Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-88cw-hhx8-8crw/GHSA-88cw-hhx8-8crw.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-88cw-hhx8-8crw",
+  "modified": "2026-04-03T00:31:09Z",
+  "published": "2026-04-03T00:31:09Z",
+  "aliases": [
+    "CVE-2026-26135"
+  ],
+  "details": "Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26135"
+    },
+    {
+      "type": "WEB",
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26135"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-03T00:16:04Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-ccr7-c63m-8vgm/GHSA-ccr7-c63m-8vgm.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-ccr7-c63m-8vgm",
+  "modified": "2026-04-03T00:31:09Z",
+  "published": "2026-04-03T00:31:09Z",
+  "aliases": [
+    "CVE-2026-32213"
+  ],
+  "details": "Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32213"
+    },
+    {
+      "type": "WEB",
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32213"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-03T00:16:04Z"
+  }
+}