Skip to content

Commit ef6b308

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-33r2-hfpx-fx7h GHSA-3pm4-mcqw-jq89 GHSA-49pv-4fw7-7vw4 GHSA-crhx-frv8-2mww GHSA-v5rp-3mcx-fr73 GHSA-vfwc-g9gj-ppmx
1 parent 0e07d0a commit ef6b308

6 files changed

Lines changed: 314 additions & 0 deletions

File tree

advisories/unreviewed/2026/02/GHSA-33r2-hfpx-fx7h/GHSA-33r2-hfpx-fx7h.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-33r2-hfpx-fx7h",
4+
"modified": "2026-02-25T03:30:59Z",
5+
"published": "2026-02-25T03:30:58Z",
6+
"aliases": [
7+
"CVE-2026-3145"
8+
],
9+
"details": "A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is called d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. A patch should be applied to remediate this issue.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3145"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/libvips/libvips/issues/4876"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/libvips/libvips/pull/4888"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/libvips/libvips"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?ctiid.347651"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?id.347651"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/?submit.758690"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-119"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2026-02-25T03:16:07Z"
63+
}
64+
}

advisories/unreviewed/2026/02/GHSA-3pm4-mcqw-jq89/GHSA-3pm4-mcqw-jq89.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3pm4-mcqw-jq89",
4+
"modified": "2026-02-25T03:30:58Z",
5+
"published": "2026-02-25T03:30:58Z",
6+
"aliases": [
7+
"CVE-2025-5781"
8+
],
9+
"details": "Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5781"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-111/index.html"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-532"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-02-25T03:16:04Z"
35+
}
36+
}

advisories/unreviewed/2026/02/GHSA-49pv-4fw7-7vw4/GHSA-49pv-4fw7-7vw4.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-49pv-4fw7-7vw4",
4+
"modified": "2026-02-25T03:30:58Z",
5+
"published": "2026-02-25T03:30:58Z",
6+
"aliases": [
7+
"CVE-2026-3137"
8+
],
9+
"details": "A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3137"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/910biter/cve/issues/3"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://codeastro.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.347631"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.347631"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.758512"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-02-25T01:16:09Z"
55+
}
56+
}

advisories/unreviewed/2026/02/GHSA-crhx-frv8-2mww/GHSA-crhx-frv8-2mww.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-crhx-frv8-2mww",
4+
"modified": "2026-02-25T03:30:58Z",
5+
"published": "2026-02-25T03:30:58Z",
6+
"aliases": [
7+
"CVE-2026-3135"
8+
],
9+
"details": "A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3135"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/910biter/cve/issues/2"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://itsourcecode.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.347630"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.347630"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.758336"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-02-25T01:16:09Z"
55+
}
56+
}

advisories/unreviewed/2026/02/GHSA-v5rp-3mcx-fr73/GHSA-v5rp-3mcx-fr73.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-v5rp-3mcx-fr73",
4+
"modified": "2026-02-25T03:30:59Z",
5+
"published": "2026-02-25T03:30:58Z",
6+
"aliases": [
7+
"CVE-2026-3146"
8+
],
9+
"details": "A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3146"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/libvips/libvips/issues/4875"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/libvips/libvips/pull/4888"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/libvips/libvips"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?ctiid.347652"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?id.347652"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/?submit.758691"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-404"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2026-02-25T03:16:07Z"
63+
}
64+
}

advisories/unreviewed/2026/02/GHSA-vfwc-g9gj-ppmx/GHSA-vfwc-g9gj-ppmx.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-vfwc-g9gj-ppmx",
4+
"modified": "2026-02-25T03:30:58Z",
5+
"published": "2026-02-25T03:30:58Z",
6+
"aliases": [
7+
"CVE-2026-2914"
8+
],
9+
"details": "CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2914"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://docs.cyberark.com/epm/latest/en/content/release%20notes/release-notes.htm"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.cyberark.com/product-security"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [],
33+
"severity": "HIGH",
34+
"github_reviewed": false,
35+
"github_reviewed_at": null,
36+
"nvd_published_at": "2026-02-25T02:16:23Z"
37+
}
38+
}

0 commit comments

Comments
 (0)