Skip to content

Commit cf6d960

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-7786-mqff-chgr GHSA-8q43-5p52-h357 GHSA-fjp8-jqj5-cwp2 GHSA-m9r6-cg89-ghg2
1 parent 23e8964 commit cf6d960

File tree

4 files changed

+208
-0
lines changed

4 files changed

+208
-0
lines changed

advisories/unreviewed/2026/04/GHSA-7786-mqff-chgr/GHSA-7786-mqff-chgr.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7786-mqff-chgr",
4+
"modified": "2026-04-19T09:30:13Z",
5+
"published": "2026-04-19T09:30:13Z",
6+
"aliases": [
7+
"CVE-2026-6562"
8+
],
9+
"details": "A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6562"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://thinhneee.github.io/posts/muucmf-sqli"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/789501"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/358199"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/358199/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-74"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-19T09:16:10Z"
51+
}
52+
}

advisories/unreviewed/2026/04/GHSA-8q43-5p52-h357/GHSA-8q43-5p52-h357.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8q43-5p52-h357",
4+
"modified": "2026-04-19T09:30:13Z",
5+
"published": "2026-04-19T09:30:13Z",
6+
"aliases": [
7+
"CVE-2026-6563"
8+
],
9+
"details": "A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6563"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/K4ptor/H3C-routers-vulnerability"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/789531"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/358200"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/358200/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-119"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-19T09:16:11Z"
51+
}
52+
}

advisories/unreviewed/2026/04/GHSA-fjp8-jqj5-cwp2/GHSA-fjp8-jqj5-cwp2.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-fjp8-jqj5-cwp2",
4+
"modified": "2026-04-19T09:30:13Z",
5+
"published": "2026-04-19T09:30:13Z",
6+
"aliases": [
7+
"CVE-2026-6561"
8+
],
9+
"details": "A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6561"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/zzk6th/my-cve-notes/blob/main/EyouCMS%20Arbitrary%20File%20Copy%20Vulnerability%20in%20edit_adminlogo()%20Leading%20to%20Sensitive%20Information%20Disclosure.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/788038"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/358198"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/358198/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-284"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-19T08:16:26Z"
51+
}
52+
}

advisories/unreviewed/2026/04/GHSA-m9r6-cg89-ghg2/GHSA-m9r6-cg89-ghg2.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-m9r6-cg89-ghg2",
4+
"modified": "2026-04-19T09:30:13Z",
5+
"published": "2026-04-19T09:30:13Z",
6+
"aliases": [
7+
"CVE-2026-6560"
8+
],
9+
"details": "A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6560"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/xiaohaiyang-ai/CVE-Reports/blob/main/Vulnerability-Report.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/788021"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/358197"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/358197/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-119"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-19T07:16:05Z"
51+
}
52+
}

0 commit comments

Comments
 (0)