Skip to content

File tree

advisories/unreviewed/2026/05/GHSA-9q56-xf64-q987/GHSA-9q56-xf64-q987.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-9q56-xf64-q987",
4-
"modified": "2026-06-24T03:30:34Z",
4+
"modified": "2026-06-27T00:30:29Z",
55
"published": "2026-05-21T00:30:27Z",
66
"aliases": [
77
"CVE-2026-9149"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://github.com/openSUSE/libsolv/pull/617"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://access.redhat.com/errata/RHSA-2026:21333"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://access.redhat.com/errata/RHSA-2026:28236"

advisories/unreviewed/2026/05/GHSA-p4w9-3pj8-mhq7/GHSA-p4w9-3pj8-mhq7.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-p4w9-3pj8-mhq7",
4-
"modified": "2026-06-24T03:30:34Z",
4+
"modified": "2026-06-27T00:30:29Z",
55
"published": "2026-05-21T00:30:27Z",
66
"aliases": [
77
"CVE-2026-9150"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://github.com/openSUSE/libsolv/pull/616"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://access.redhat.com/errata/RHSA-2026:21333"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://access.redhat.com/errata/RHSA-2026:28236"
Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-295j-qvpp-jrgp",
4+
"modified": "2026-06-27T00:30:30Z",
5+
"published": "2026-06-27T00:30:30Z",
6+
"aliases": [
7+
"CVE-2026-50767"
8+
],
9+
"details": "A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg)",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50767"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://lgnas.gitbook.io/findings/cve-2026-50767"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "http://koha.com"
24+
}
25+
],
26+
"database_specific": {
27+
"cwe_ids": [],
28+
"severity": null,
29+
"github_reviewed": false,
30+
"github_reviewed_at": null,
31+
"nvd_published_at": "2026-06-26T22:16:32Z"
32+
}
33+
}
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-65q4-rvjr-c9r5",
4+
"modified": "2026-06-27T00:30:31Z",
5+
"published": "2026-06-27T00:30:31Z",
6+
"aliases": [
7+
"CVE-2026-56414"
8+
],
9+
"details": "A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or malformed data in locations intended for trusted certificate material, which could affect system integrity or behavior even after reboot.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56414"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-05.json"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://hviewsmart.com/pages/contact-us"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-05"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-434"
42+
],
43+
"severity": "HIGH",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2026-06-26T23:17:09Z"
47+
}
48+
}
Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7xhj-grfg-56xm",
4+
"modified": "2026-06-27T00:30:30Z",
5+
"published": "2026-06-27T00:30:30Z",
6+
"aliases": [
7+
"CVE-2026-36907"
8+
],
9+
"details": "A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36907"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://github.com/Aleksoid1978/MPC-BE/issues/1005"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://github.com/axiomatic-systems/Bento4/issues/614"
24+
}
25+
],
26+
"database_specific": {
27+
"cwe_ids": [],
28+
"severity": null,
29+
"github_reviewed": false,
30+
"github_reviewed_at": null,
31+
"nvd_published_at": "2026-06-26T22:16:31Z"
32+
}
33+
}

advisories/unreviewed/2026/06/GHSA-c2rx-36v4-qc8g/GHSA-c2rx-36v4-qc8g.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-c2rx-36v4-qc8g",
4-
"modified": "2026-06-16T21:31:57Z",
4+
"modified": "2026-06-27T00:30:29Z",
55
"published": "2026-06-16T21:31:57Z",
66
"aliases": [
77
"CVE-2026-4367"
@@ -19,6 +19,10 @@
1919
"type": "ADVISORY",
2020
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4367"
2121
},
22+
{
23+
"type": "WEB",
24+
"url": "https://access.redhat.com/errata/RHSA-2026:30354"
25+
},
2226
{
2327
"type": "WEB",
2428
"url": "https://access.redhat.com/security/cve/CVE-2026-4367"
Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-fq83-8h88-7gf5",
4+
"modified": "2026-06-27T00:30:30Z",
5+
"published": "2026-06-27T00:30:30Z",
6+
"aliases": [
7+
"CVE-2026-36478"
8+
],
9+
"details": "An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36478"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://github.com/TechnitiumSoftware/DnsServer/blob/aa9044d4df9d739b6a6e428bb77cecb3356b775b/CHANGELOG.md?plain=1#L45"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "http://technitium.com"
24+
}
25+
],
26+
"database_specific": {
27+
"cwe_ids": [],
28+
"severity": null,
29+
"github_reviewed": false,
30+
"github_reviewed_at": null,
31+
"nvd_published_at": "2026-06-26T22:16:31Z"
32+
}
33+
}
Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h2mr-gm7g-c3gr",
4+
"modified": "2026-06-27T00:30:30Z",
5+
"published": "2026-06-27T00:30:30Z",
6+
"aliases": [
7+
"CVE-2026-36908"
8+
],
9+
"details": "A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36908"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://github.com/Aleksoid1978/MPC-BE/issues/1005"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://github.com/axiomatic-systems/Bento4/issues/842"
24+
}
25+
],
26+
"database_specific": {
27+
"cwe_ids": [],
28+
"severity": null,
29+
"github_reviewed": false,
30+
"github_reviewed_at": null,
31+
"nvd_published_at": "2026-06-26T22:16:31Z"
32+
}
33+
}
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h59c-hv3v-mj8q",
4+
"modified": "2026-06-27T00:30:30Z",
5+
"published": "2026-06-27T00:30:30Z",
6+
"aliases": [
7+
"CVE-2026-38571"
8+
],
9+
"details": "Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write arbitrary memory via the serial console.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38571"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://github.com/ZEssaidi-CS/Vulnerability-research/tree/main/CVE-2026-38571"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-06-26T22:16:31Z"
28+
}
29+
}
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j595-prhp-3r49",
4+
"modified": "2026-06-27T00:30:31Z",
5+
"published": "2026-06-27T00:30:31Z",
6+
"aliases": [
7+
"CVE-2026-33560"
8+
],
9+
"details": "The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33560"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-04.json"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-434"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-06-26T23:17:08Z"
43+
}
44+
}

0 commit comments

Comments
 (0)