Publish Advisories

GHSA-3xw3-8j95-46mv
GHSA-vfh6-r892-92wv

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-3xw3-8j95-46mv/GHSA-3xw3-8j95-46mv.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3xw3-8j95-46mv",
+  "modified": "2026-03-28T09:31:07Z",
+  "published": "2026-03-28T09:31:07Z",
+  "aliases": [
+    "CVE-2026-1307"
+  ],
+  "details": "The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1307"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3489168/ninja-forms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df4f4358-af6a-4a1a-bb83-afe31b3cdb9f?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T07:15:55Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-vfh6-r892-92wv/GHSA-vfh6-r892-92wv.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vfh6-r892-92wv",
+  "modified": "2026-03-28T09:31:07Z",
+  "published": "2026-03-28T09:31:07Z",
+  "aliases": [
+    "CVE-2026-23399"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnf_tables: nft_dynset: fix possible stateful expression memleak in error path\n\nIf cloning the second stateful expression in the element via GFP_ATOMIC\nfails, then the first stateful expression remains in place without being\nreleased.\n\n   unreferenced object (percpu) 0x607b97e9cab8 (size 16):\n     comm \"softirq\", pid 0, jiffies 4294931867\n     hex dump (first 16 bytes on cpu 3):\n       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n     backtrace (crc 0):\n       pcpu_alloc_noprof+0x453/0xd80\n       nft_counter_clone+0x9c/0x190 [nf_tables]\n       nft_expr_clone+0x8f/0x1b0 [nf_tables]\n       nft_dynset_new+0x2cb/0x5f0 [nf_tables]\n       nft_rhash_update+0x236/0x11c0 [nf_tables]\n       nft_dynset_eval+0x11f/0x670 [nf_tables]\n       nft_do_chain+0x253/0x1700 [nf_tables]\n       nft_do_chain_ipv4+0x18d/0x270 [nf_tables]\n       nf_hook_slow+0xaa/0x1e0\n       ip_local_deliver+0x209/0x330",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23399"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/0548a13b5a145b16e4da0628b5936baf35f51b43"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/31641c682db73353e4647e40735c7f2a75ff58ef"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c88a9fd26cee365bec932196f76175772a941cca"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d1354873cbe3b344899c4311ac05897fd83e3f21"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T08:15:56Z"
+  }
+}