Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit c10895b36346 · 2026-02-08T06:33:29.000Z
GHSA-3grf-qxvr-p8vp GHSA-c9jx-x7v4-4qjv GHSA-cp9m-vc98-h8c6 GHSA-hgh5-fxqq-8cf2 GHSA-hjhh-36m7-qvw6 GHSA-jc7h-xwvq-gmqx GHSA-q54x-333x-p582
diff --git a/advisories/unreviewed/2026/02/GHSA-3grf-qxvr-p8vp/GHSA-3grf-qxvr-p8vp.json b/advisories/unreviewed/2026/02/GHSA-3grf-qxvr-p8vp/GHSA-3grf-qxvr-p8vp.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3grf-qxvr-p8vp",
+  "modified": "2026-02-08T06:31:44Z",
+  "published": "2026-02-08T06:31:44Z",
+  "aliases": [
+    "CVE-2026-2136"
+  ],
+  "details": "A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2136"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/hater-us/CVE/issues/4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344771"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344771"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.747230"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-08T06:16:16Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-c9jx-x7v4-4qjv/GHSA-c9jx-x7v4-4qjv.json b/advisories/unreviewed/2026/02/GHSA-c9jx-x7v4-4qjv/GHSA-c9jx-x7v4-4qjv.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c9jx-x7v4-4qjv",
+  "modified": "2026-02-08T06:31:43Z",
+  "published": "2026-02-08T06:31:43Z",
+  "aliases": [
+    "CVE-2026-2132"
+  ],
+  "details": "A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2132"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Volije/AdminUpdateCategory/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344767"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344767"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.747210"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-08T04:15:53Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-cp9m-vc98-h8c6/GHSA-cp9m-vc98-h8c6.json b/advisories/unreviewed/2026/02/GHSA-cp9m-vc98-h8c6/GHSA-cp9m-vc98-h8c6.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cp9m-vc98-h8c6",
+  "modified": "2026-02-08T06:31:44Z",
+  "published": "2026-02-08T06:31:44Z",
+  "aliases": [
+    "CVE-2026-2137"
+  ],
+  "details": "A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2137"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx3/fromSetIpMacBind.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx3/fromSetIpMacBind.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344772"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344772"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.747239"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-08T06:16:17Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-hgh5-fxqq-8cf2/GHSA-hgh5-fxqq-8cf2.json b/advisories/unreviewed/2026/02/GHSA-hgh5-fxqq-8cf2/GHSA-hgh5-fxqq-8cf2.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hgh5-fxqq-8cf2",
+  "modified": "2026-02-08T06:31:43Z",
+  "published": "2026-02-08T06:31:43Z",
+  "aliases": [
+    "CVE-2026-2134"
+  ],
+  "details": "A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2134"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Shaon-Xis/PHPGurukul-HMS-SQL-Injection"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phpgurukul.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344769"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344769"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.747214"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-08T05:16:04Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-hjhh-36m7-qvw6/GHSA-hjhh-36m7-qvw6.json b/advisories/unreviewed/2026/02/GHSA-hjhh-36m7-qvw6/GHSA-hjhh-36m7-qvw6.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hjhh-36m7-qvw6",
+  "modified": "2026-02-08T06:31:43Z",
+  "published": "2026-02-08T06:31:43Z",
+  "aliases": [
+    "CVE-2026-2133"
+  ],
+  "details": "A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2133"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Volije/cve2/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344768"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344768"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.747213"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-08T04:15:55Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-jc7h-xwvq-gmqx/GHSA-jc7h-xwvq-gmqx.json b/advisories/unreviewed/2026/02/GHSA-jc7h-xwvq-gmqx/GHSA-jc7h-xwvq-gmqx.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jc7h-xwvq-gmqx",
+  "modified": "2026-02-08T06:31:44Z",
+  "published": "2026-02-08T06:31:44Z",
+  "aliases": [
+    "CVE-2026-2135"
+  ],
+  "details": "A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2135"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cha0yang1/UTT810CVE/blob/main/CVEreadme2.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344770"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344770"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.747222"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-08T05:16:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-q54x-333x-p582/GHSA-q54x-333x-p582.json b/advisories/unreviewed/2026/02/GHSA-q54x-333x-p582/GHSA-q54x-333x-p582.json
