Skip to content

Commit fd8ff64

Browse files
1 parent 11d752f commit fd8ff64

8 files changed

Lines changed: 200 additions & 3 deletions

File tree

advisories/unreviewed/2026/07/GHSA-6j76-xrvp-5rhc/GHSA-6j76-xrvp-5rhc.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6j76-xrvp-5rhc",
4-
"modified": "2026-07-03T09:31:28Z",
4+
"modified": "2026-07-03T12:31:44Z",
55
"published": "2026-07-03T09:31:28Z",
66
"aliases": [
77
"CVE-2026-47897"
@@ -22,6 +22,10 @@
2222
{
2323
"type": "WEB",
2424
"url": "https://lists.apache.org/thread/on1j3zmvgtf8n9fw78z3lyf6dn94p5zc"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "http://www.openwall.com/lists/oss-security/2026/07/03/2"
2529
}
2630
],
2731
"database_specific": {
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6pr5-9p6v-xxrq",
4+
"modified": "2026-07-03T12:31:45Z",
5+
"published": "2026-07-03T12:31:45Z",
6+
"aliases": [
7+
"CVE-2026-13341"
8+
],
9+
"details": "A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "WEB",
20+
"url": "https://github.com/Kong/mcp-konnect/security/advisories/GHSA-7767-3m3w-2p44"
21+
},
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13341"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-20"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-07-03T11:16:27Z"
35+
}
36+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9g8c-cjxj-24g2",
4+
"modified": "2026-07-03T12:31:45Z",
5+
"published": "2026-07-03T12:31:45Z",
6+
"aliases": [
7+
"CVE-2026-5137"
8+
],
9+
"details": "The RTMKit (rometheme-for-elementor) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the render_templates AJAX endpoint, which is used directly in a require/include statement without sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute files on the server ending in _templates.php, allowing the execution of any PHP code in those files.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5137"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/rometheme-for-elementor/tags/2.0.3/Inc/Modules/Templatekits/TemplatekitAPI.php#L39"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/rometheme-for-elementor/trunk/Inc/Modules/Templatekits/TemplatekitAPI.php#L39"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/changeset/3568335/rometheme-for-elementor/trunk/Inc/Modules/Templatekits/TemplatekitAPI.php"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Frometheme-for-elementor/tags/2.0.7&new_path=%2Frometheme-for-elementor/tags/2.0.8"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22172d16-bcde-4516-bce0-222fbb7a76f7?source=cve"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-98"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-07-03T10:16:33Z"
51+
}
52+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-fvc7-x7g6-74xj",
4+
"modified": "2026-07-03T12:31:44Z",
5+
"published": "2026-07-03T12:31:44Z",
6+
"aliases": [
7+
"CVE-2026-4321"
8+
],
9+
"details": "Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection.\n\nThis issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4321"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0488"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-89"
30+
],
31+
"severity": "CRITICAL",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-07-03T10:16:32Z"
35+
}
36+
}
Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jvh2-vvr7-ffhw",
4+
"modified": "2026-07-03T12:31:45Z",
5+
"published": "2026-07-03T12:31:45Z",
6+
"aliases": [
7+
"CVE-2026-50238"
8+
],
9+
"details": "Rejected reason: Red Hat Product Security has concluded that this CVE is not required. The reported issue has been classified as a regular bug and will be addressed through the standard bug-fixing process.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50238"
16+
}
17+
],
18+
"database_specific": {
19+
"cwe_ids": [],
20+
"severity": null,
21+
"github_reviewed": false,
22+
"github_reviewed_at": null,
23+
"nvd_published_at": "2026-07-03T11:16:27Z"
24+
}
25+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-m2vv-wr2h-x573",
4+
"modified": "2026-07-03T12:31:44Z",
5+
"published": "2026-07-03T12:31:44Z",
6+
"aliases": [
7+
"CVE-2026-4322"
8+
],
9+
"details": "Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS.\n\nThis issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4322"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0488"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-07-03T10:16:32Z"
35+
}
36+
}

advisories/unreviewed/2026/07/GHSA-m739-f9cm-66x2/GHSA-m739-f9cm-66x2.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-m739-f9cm-66x2",
4-
"modified": "2026-07-03T09:31:28Z",
4+
"modified": "2026-07-03T12:31:44Z",
55
"published": "2026-07-03T09:31:28Z",
66
"aliases": [
77
"CVE-2026-47898"
@@ -22,6 +22,10 @@
2222
{
2323
"type": "WEB",
2424
"url": "https://lists.apache.org/thread/7yn9k6sbbsk18yco5y2hszpcf8dst489"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "http://www.openwall.com/lists/oss-security/2026/07/03/3"
2529
}
2630
],
2731
"database_specific": {

advisories/unreviewed/2026/07/GHSA-mggp-f2j5-mm3g/GHSA-mggp-f2j5-mm3g.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-mggp-f2j5-mm3g",
4-
"modified": "2026-07-03T09:31:29Z",
4+
"modified": "2026-07-03T12:31:44Z",
55
"published": "2026-07-03T09:31:29Z",
66
"aliases": [
77
"CVE-2026-47896"
@@ -22,6 +22,10 @@
2222
{
2323
"type": "WEB",
2424
"url": "https://lists.apache.org/thread/7y9gbt17p55fh1zltks4pnh719wq9sqt"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "http://www.openwall.com/lists/oss-security/2026/07/03/1"
2529
}
2630
],
2731
"database_specific": {

0 commit comments

Comments
 (0)