Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-279c-6crv-5wxc/GHSA-279c-6crv-5wxc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-279c-6crv-5wxc",
-  "modified": "2026-02-20T18:31:37Z",
+  "modified": "2026-02-24T00:31:33Z",
   "published": "2026-02-20T18:31:37Z",
   "aliases": [
     "CVE-2025-69390"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Business Template Blocks for WPBakery (Visual Composer) Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for WPBakery (Visual Composer) Page Builder: from n/a through <= 1.3.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:24Z"

advisories/unreviewed/2026/02/GHSA-2v7m-mcj3-m7h7/GHSA-2v7m-mcj3-m7h7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2v7m-mcj3-m7h7",
-  "modified": "2026-02-20T18:31:35Z",
+  "modified": "2026-02-24T00:31:33Z",
   "published": "2026-02-20T18:31:35Z",
   "aliases": [
     "CVE-2025-68842"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through <= 1.52.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:12Z"

advisories/unreviewed/2026/02/GHSA-2whc-3gm8-r8v3/GHSA-2whc-3gm8-r8v3.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2whc-3gm8-r8v3",
-  "modified": "2026-02-20T18:31:35Z",
+  "modified": "2026-02-24T00:31:33Z",
   "published": "2026-02-20T18:31:35Z",
   "aliases": [
     "CVE-2025-68844"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaleAB Membee Login membees-member-login-widget allows Reflected XSS.This issue affects Membee Login: from n/a through <= 2.3.6.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:13Z"

advisories/unreviewed/2026/02/GHSA-33jq-j95r-2gpj/GHSA-33jq-j95r-2gpj.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-33jq-j95r-2gpj",
+  "modified": "2026-02-24T00:31:34Z",
+  "published": "2026-02-24T00:31:34Z",
+  "aliases": [
+    "CVE-2026-3063"
+  ],
+  "details": "Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3063"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/485287859"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T23:16:16Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-34rh-x3gg-rqg4/GHSA-34rh-x3gg-rqg4.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-34rh-x3gg-rqg4",
+  "modified": "2026-02-24T00:31:34Z",
+  "published": "2026-02-24T00:31:33Z",
+  "aliases": [
+    "CVE-2026-3041"
+  ],
+  "details": "A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3041"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xingfuggz/baykeShop/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xingfuggz/baykeShop/issues/1#issue-3931488211"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xingfuggz/baykeShop"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347397"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347397"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.757165"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T22:16:26Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-3m9c-j7xc-gc2c/GHSA-3m9c-j7xc-gc2c.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3m9c-j7xc-gc2c",
+  "modified": "2026-02-24T00:31:34Z",
+  "published": "2026-02-24T00:31:34Z",
+  "aliases": [
+    "CVE-2026-3044"
+  ],
+  "details": "A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3044"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/master-abc/cve/issues/43"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347400"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347400"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.757240"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-24T00:16:19Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-3r56-xx7r-cr9c/GHSA-3r56-xx7r-cr9c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3r56-xx7r-cr9c",
-  "modified": "2026-02-20T18:31:37Z",
+  "modified": "2026-02-24T00:31:33Z",
   "published": "2026-02-20T18:31:37Z",
   "aliases": [
     "CVE-2025-69388"
   ],
   "details": "Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through <= 3.0.4.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:24Z"

advisories/unreviewed/2026/02/GHSA-43rm-rg7w-7rjf/GHSA-43rm-rg7w-7rjf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-43rm-rg7w-7rjf",
-  "modified": "2026-02-20T18:31:35Z",
+  "modified": "2026-02-24T00:31:33Z",
   "published": "2026-02-20T18:31:35Z",
   "aliases": [
     "CVE-2025-68863"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through <= 1.3.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:14Z"

advisories/unreviewed/2026/02/GHSA-4fwr-9c58-jg7x/GHSA-4fwr-9c58-jg7x.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4fwr-9c58-jg7x",
-  "modified": "2026-02-20T18:31:35Z",
+  "modified": "2026-02-24T00:31:33Z",
   "published": "2026-02-20T18:31:35Z",
   "aliases": [
     "CVE-2025-68856"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeswolters Mopinion Feedback Form mopinion-feedback-form allows DOM-Based XSS.This issue affects Mopinion Feedback Form: from n/a through <= 1.1.1.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:14Z"

advisories/unreviewed/2026/02/GHSA-4pmr-jmj5-4gwv/GHSA-4pmr-jmj5-4gwv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4pmr-jmj5-4gwv",
-  "modified": "2026-02-20T18:31:34Z",
+  "modified": "2026-02-24T00:31:33Z",
   "published": "2026-02-20T18:31:34Z",
   "aliases": [
     "CVE-2025-68495"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T16:22:09Z"