Publish Advisories

GHSA-34qf-4246-phgf
GHSA-5wr5-vxhh-x7gm
GHSA-2c34-jhww-wwcm
GHSA-2vmw-qjp2-rr96
GHSA-2xm3-5jp9-423w
GHSA-4587-27hr-9q42
GHSA-46m9-h86m-p3xh
GHSA-58xj-93qq-mmvg
GHSA-6rpc-86fm-9prv
GHSA-8pxq-pw5m-8q7x
GHSA-cccx-m78h-m3xw
GHSA-f6qv-f2mh-m4wj
GHSA-fcjm-cm6x-4v66
GHSA-ghjj-x456-6m6f
GHSA-h9r9-rwmc-3wm5
GHSA-hj6r-ww52-66xr
GHSA-hvjp-3x5g-4g4f
GHSA-p322-q4fj-r244
GHSA-pqj4-h6r8-qxjh
GHSA-qg4j-p3wp-3c25
GHSA-qv8q-6q9m-8ch9
GHSA-rqv3-6h29-j2m3
GHSA-vpqx-f7gf-qp3x
GHSA-wm9q-282x-pcmx

Author: advisory-database[bot]

advisories/unreviewed/2024/07/GHSA-34qf-4246-phgf/GHSA-34qf-4246-phgf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-34qf-4246-phgf",
-  "modified": "2026-01-08T12:30:28Z",
+  "modified": "2026-04-14T00:31:11Z",
   "published": "2024-07-04T09:32:49Z",
   "aliases": [
     "CVE-2024-1573"
@@ -30,6 +30,10 @@
     {
       "type": "WEB",
       "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-5wr5-vxhh-x7gm/GHSA-5wr5-vxhh-x7gm.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5wr5-vxhh-x7gm",
-  "modified": "2026-02-13T18:31:25Z",
+  "modified": "2026-04-14T00:31:11Z",
   "published": "2026-02-13T18:31:25Z",
   "aliases": [
     "CVE-2026-26221"
   ],
   "details": "Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g., TimerServiceAPI.rem and TimerServiceEvents.rem for Workflow) to trigger unsafe object unmarshalling, enabling arbitrary file read/write. By writing attacker-controlled content into web-accessible locations or chaining with other OnBase features, this can lead to remote code execution. The same primitive can be abused by supplying a UNC path to coerce outbound NTLM authentication (SMB coercion) to an attacker-controlled host.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/04/GHSA-2c34-jhww-wwcm/GHSA-2c34-jhww-wwcm.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2c34-jhww-wwcm",
+  "modified": "2026-04-14T00:31:13Z",
+  "published": "2026-04-14T00:31:13Z",
+  "aliases": [
+    "CVE-2026-27674"
+  ],
+  "details": "Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, that attacker-controlled content could be executed in the victim�s browser, potentially resulting in session compromise. This could allow the attacker to execute arbitrary client-side code, impacting the confidentiality and integrity of the application, with no impact to availability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27674"
+    },
+    {
+      "type": "WEB",
+      "url": "https://me.sap.com/notes/3719397"
+    },
+    {
+      "type": "WEB",
+      "url": "https://url.sap/sapsecuritypatchday"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-14T00:16:05Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2vmw-qjp2-rr96/GHSA-2vmw-qjp2-rr96.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vmw-qjp2-rr96",
+  "modified": "2026-04-14T00:31:12Z",
+  "published": "2026-04-14T00:31:12Z",
+  "aliases": [
+    "CVE-2026-6203"
+  ],
+  "details": "The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The `redirect_to_on_logout` GET parameter is passed directly to WordPress's `wp_redirect()` function instead of the domain-restricted `wp_safe_redirect()`. While `esc_url_raw()` is applied to sanitize malformed URLs, it does not restrict the redirect destination to the local domain, allowing an attacker to craft a specially formed link that redirects users to potentially malicious external URLs after logout, which could be used to facilitate phishing attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6203"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/5.1.4/includes/functions-ur-template.php#L39"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/functions-ur-template.php#L39"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/020bed37-9544-49b7-941d-3b7f509fdfdf?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-601"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-13T23:16:28Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2xm3-5jp9-423w/GHSA-2xm3-5jp9-423w.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2xm3-5jp9-423w",
+  "modified": "2026-04-14T00:31:12Z",
+  "published": "2026-04-14T00:31:12Z",
+  "aliases": [
+    "CVE-2026-5086"
+  ],
+  "details": "Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.\n\nFor example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5086"
+    },
+    {
+      "type": "WEB",
+      "url": "https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-208"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-13T23:16:27Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-4587-27hr-9q42/GHSA-4587-27hr-9q42.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4587-27hr-9q42",
+  "modified": "2026-04-14T00:31:13Z",
+  "published": "2026-04-14T00:31:13Z",
+  "aliases": [
+    "CVE-2026-27673"
+  ],
+  "details": "Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27673"
+    },
+    {
+      "type": "WEB",
+      "url": "https://me.sap.com/notes/3703813"
+    },
+    {
+      "type": "WEB",
+      "url": "https://url.sap/sapsecuritypatchday"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-14T00:16:05Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-46m9-h86m-p3xh/GHSA-46m9-h86m-p3xh.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-46m9-h86m-p3xh",
+  "modified": "2026-04-14T00:31:12Z",
+  "published": "2026-04-14T00:31:12Z",
+  "aliases": [
+    "CVE-2026-6220"
+  ],
+  "details": "A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handler. Such manipulation of the argument streamIp leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6220"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/785855"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/357141"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/357141/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-13T22:16:30Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-58xj-93qq-mmvg/GHSA-58xj-93qq-mmvg.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-58xj-93qq-mmvg",
+  "modified": "2026-04-14T00:31:13Z",
+  "published": "2026-04-14T00:31:13Z",
+  "aliases": [
+    "CVE-2026-27677"
+  ],
+  "details": "Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27677"
+    },
+    {
+      "type": "WEB",
+      "url": "https://me.sap.com/notes/3715097"
+    },
+    {
+      "type": "WEB",
+      "url": "https://url.sap/sapsecuritypatchday"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-14T00:16:06Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-6rpc-86fm-9prv/GHSA-6rpc-86fm-9prv.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6rpc-86fm-9prv",
+  "modified": "2026-04-14T00:31:11Z",
+  "published": "2026-04-14T00:31:11Z",
+  "aliases": [
+    "CVE-2026-22563"
+  ],
+  "details": "A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.\n \nAffected Products:\nUniFi Play PowerAmp (Version 1.0.35 and earlier)\n\nUniFi Play Audio Port  (Version 1.0.24 and earlier)\n \n\nMitigation:\nUpdate UniFi Play PowerAmp to Version 1.0.38 or later\n\nUpdate UniFi Play Audio Port  to Version 1.1.9 or later",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22563"
+    },
+    {
+      "type": "WEB",
+      "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-13T22:16:28Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-8pxq-pw5m-8q7x/GHSA-8pxq-pw5m-8q7x.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8pxq-pw5m-8q7x",
+  "modified": "2026-04-14T00:31:13Z",
+  "published": "2026-04-14T00:31:13Z",
+  "aliases": [
+    "CVE-2026-27678"
+  ],
+  "details": "Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27678"
+    },
+    {
+      "type": "WEB",
+      "url": "https://me.sap.com/notes/3715177"
+    },
+    {
+      "type": "WEB",
+      "url": "https://url.sap/sapsecuritypatchday"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-14T00:16:06Z"
+  }
+}