Skip to content

Commit d78096b

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-3x5c-cv6h-7vvm GHSA-f56p-8g2x-4rg5 GHSA-rp5p-5955-26x3 GHSA-v45g-2vh5-9jj2
1 parent 454ab95 commit d78096b

4 files changed

Lines changed: 224 additions & 0 deletions

File tree

advisories/unreviewed/2026/02/GHSA-3x5c-cv6h-7vvm/GHSA-3x5c-cv6h-7vvm.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3x5c-cv6h-7vvm",
4+
"modified": "2026-02-07T15:30:14Z",
5+
"published": "2026-02-07T15:30:14Z",
6+
"aliases": [
7+
"CVE-2026-2087"
8+
],
9+
"details": "A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument user_email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2087"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/xiaoccm07/cve/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.344654"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.344654"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.746510"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.sourcecodester.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-02-07T14:16:08Z"
55+
}
56+
}

advisories/unreviewed/2026/02/GHSA-f56p-8g2x-4rg5/GHSA-f56p-8g2x-4rg5.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-f56p-8g2x-4rg5",
4+
"modified": "2026-02-07T15:30:14Z",
5+
"published": "2026-02-07T15:30:14Z",
6+
"aliases": [
7+
"CVE-2026-2088"
8+
],
9+
"details": "A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2088"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Shaon-Xis/cve/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://phpgurukul.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.344655"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.344655"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.746520"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-02-07T15:15:57Z"
55+
}
56+
}

advisories/unreviewed/2026/02/GHSA-rp5p-5955-26x3/GHSA-rp5p-5955-26x3.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-rp5p-5955-26x3",
4+
"modified": "2026-02-07T15:30:14Z",
5+
"published": "2026-02-07T15:30:14Z",
6+
"aliases": [
7+
"CVE-2026-2086"
8+
],
9+
"details": "A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2086"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/alc9700jmo/CVE/issues/22"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/alc9700jmo/CVE/issues/22#issue-3851242657"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.344653"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.344653"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.746502"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-02-07T14:16:08Z"
55+
}
56+
}

advisories/unreviewed/2026/02/GHSA-v45g-2vh5-9jj2/GHSA-v45g-2vh5-9jj2.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-v45g-2vh5-9jj2",
4+
"modified": "2026-02-07T15:30:14Z",
5+
"published": "2026-02-07T15:30:14Z",
6+
"aliases": [
7+
"CVE-2026-2089"
8+
],
9+
"details": "A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2089"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/xiaoccm07/cve/issues/2"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.344656"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.344656"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.746550"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.sourcecodester.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-02-07T15:15:57Z"
55+
}
56+
}

0 commit comments

Comments
 (0)