Skip to content

Commit bba2d59

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2mx9-mg2h-r94x GHSA-4mh9-5chc-pq5p GHSA-632x-p8x5-j45w GHSA-h8wx-vp38-6823 GHSA-jrr9-9f8v-x4vc GHSA-mxm9-6hj4-g563 GHSA-pwcm-mpvj-rqx4 GHSA-pxcf-6j8x-3v58 GHSA-qqp5-j8mq-9px7 GHSA-v8m9-5jwp-92pf GHSA-x4fr-7g44-prw4
1 parent 874139e commit bba2d59

File tree

11 files changed

+620
-0
lines changed

11 files changed

+620
-0
lines changed

advisories/unreviewed/2026/03/GHSA-2mx9-mg2h-r94x/GHSA-2mx9-mg2h-r94x.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2mx9-mg2h-r94x",
4+
"modified": "2026-03-08T15:30:30Z",
5+
"published": "2026-03-08T15:30:30Z",
6+
"aliases": [
7+
"CVE-2026-3741"
8+
],
9+
"details": "A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3741"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/ZZCTD/CVE/issues/6"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.349719"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.349719"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.767273"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-79"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-08T15:15:48Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-4mh9-5chc-pq5p/GHSA-4mh9-5chc-pq5p.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4mh9-5chc-pq5p",
4+
"modified": "2026-03-08T15:30:30Z",
5+
"published": "2026-03-08T15:30:30Z",
6+
"aliases": [
7+
"CVE-2026-3740"
8+
],
9+
"details": "A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_student causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3740"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/DaMaTou00/project/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://itsourcecode.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.349718"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.349718"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.767341"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-08T15:15:48Z"
55+
}
56+
}

advisories/unreviewed/2026/03/GHSA-632x-p8x5-j45w/GHSA-632x-p8x5-j45w.json

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-632x-p8x5-j45w",
4+
"modified": "2026-03-08T15:30:30Z",
5+
"published": "2026-03-08T15:30:30Z",
6+
"aliases": [
7+
"CVE-2026-3739"
8+
],
9+
"details": "A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.3.0 is capable of addressing this issue. The patch is identified as d7729f4b885449f6dee3faf8b5f2a05769fb3d6e. The affected component should be upgraded.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/suitenumerique/messages/security/advisories/GHSA-7476-6crq-4cw9"
25+
},
26+
{
27+
"type": "ADVISORY",
28+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3739"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/suitenumerique/messages/pull/557"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/suitenumerique/messages/commit/d7729f4b885449f6dee3faf8b5f2a05769fb3d6e"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/suitenumerique/messages"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/suitenumerique/messages/releases/tag/v0.3.0"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?ctiid.349717"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/?id.349717"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://vuldb.com/?submit.767329"
57+
}
58+
],
59+
"database_specific": {
60+
"cwe_ids": [
61+
"CWE-287"
62+
],
63+
"severity": "MODERATE",
64+
"github_reviewed": false,
65+
"github_reviewed_at": null,
66+
"nvd_published_at": "2026-03-08T14:15:54Z"
67+
}
68+
}

advisories/unreviewed/2026/03/GHSA-h8wx-vp38-6823/GHSA-h8wx-vp38-6823.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h8wx-vp38-6823",
4+
"modified": "2026-03-08T15:30:29Z",
5+
"published": "2026-03-08T15:30:29Z",
6+
"aliases": [
7+
"CVE-2026-3734"
8+
],
9+
"details": "A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3734"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://gist.github.com/Adarshh-A/f25452a4fe736babd39b9a1b800e98d0"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.349712"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.349712"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.767227"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.sourcecodester.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-266"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-08T13:16:00Z"
55+
}
56+
}

advisories/unreviewed/2026/03/GHSA-jrr9-9f8v-x4vc/GHSA-jrr9-9f8v-x4vc.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jrr9-9f8v-x4vc",
4+
"modified": "2026-03-08T15:30:29Z",
5+
"published": "2026-03-08T15:30:29Z",
6+
"aliases": [
7+
"CVE-2026-3736"
8+
],
9+
"details": "A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3736"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/6Justdododo6/CVE/issues/12"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.349714"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.349714"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.768093"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-08T13:16:01Z"
55+
}
56+
}

advisories/unreviewed/2026/03/GHSA-mxm9-6hj4-g563/GHSA-mxm9-6hj4-g563.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-mxm9-6hj4-g563",
4+
"modified": "2026-03-08T15:30:30Z",
5+
"published": "2026-03-08T15:30:30Z",
6+
"aliases": [
7+
"CVE-2026-3738"
8+
],
9+
"details": "A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3738"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/hiranerakkot/Pet-Grooming-Software/blob/main/Vulnerability_2.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.349716"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.349716"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.767321"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.sourcecodester.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-266"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-08T14:15:54Z"
55+
}
56+
}

0 commit comments

Comments
 (0)