Skip to content

File tree

advisories/unreviewed/2024/02/GHSA-7ww5-chp8-5mwj/GHSA-7ww5-chp8-5mwj.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-7ww5-chp8-5mwj",
4-
"modified": "2024-12-06T18:30:44Z",
4+
"modified": "2026-06-15T12:32:44Z",
55
"published": "2024-02-28T09:30:36Z",
66
"aliases": [
77
"CVE-2020-36785"
@@ -19,6 +19,10 @@
1919
"type": "ADVISORY",
2020
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36785"
2121
},
22+
{
23+
"type": "WEB",
24+
"url": "https://git.kernel.org/stable/c/51b8dc5163d2ff2bf04019f8bf7e3bd0e75bb654"
25+
},
2226
{
2327
"type": "WEB",
2428
"url": "https://git.kernel.org/stable/c/801c1d505894008c888bc71d08d5cff5d87f8aba"

advisories/unreviewed/2025/08/GHSA-44rm-frxc-c6v7/GHSA-44rm-frxc-c6v7.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-44rm-frxc-c6v7",
4-
"modified": "2025-11-26T18:30:57Z",
4+
"modified": "2026-06-15T12:32:44Z",
55
"published": "2025-08-19T18:31:33Z",
66
"aliases": [
77
"CVE-2025-38585"
@@ -27,6 +27,10 @@
2727
"type": "WEB",
2828
"url": "https://git.kernel.org/stable/c/3d672fe065aa00f4d66f42e3c9720f69a3ed43e7"
2929
},
30+
{
31+
"type": "WEB",
32+
"url": "https://git.kernel.org/stable/c/51b8dc5163d2ff2bf04019f8bf7e3bd0e75bb654"
33+
},
3034
{
3135
"type": "WEB",
3236
"url": "https://git.kernel.org/stable/c/e6d3453a002e89537e6136f6c774659b297a549b"

advisories/unreviewed/2026/05/GHSA-qv25-8qcj-cc95/GHSA-qv25-8qcj-cc95.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-qv25-8qcj-cc95",
4-
"modified": "2026-06-01T18:31:41Z",
4+
"modified": "2026-06-15T12:32:44Z",
55
"published": "2026-05-28T12:30:32Z",
66
"aliases": [
77
"CVE-2026-46205"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://git.kernel.org/stable/c/2b7eb2c5dc72f0fc954ac4aa155f9e285e937f7c"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://git.kernel.org/stable/c/51b8dc5163d2ff2bf04019f8bf7e3bd0e75bb654"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://git.kernel.org/stable/c/64e85679beafe082fc2e70a557ec356c7fd27548"
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3pvv-gjhm-83qj",
4+
"modified": "2026-06-15T12:32:45Z",
5+
"published": "2026-06-15T12:32:45Z",
6+
"aliases": [
7+
"CVE-2026-5482"
8+
],
9+
"details": "Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. \n\nThis project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5482"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://cert.pl/en/posts/2026/06/CVE-2026-5482"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/trippo/ResponsiveFilemanager"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-434"
34+
],
35+
"severity": "CRITICAL",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-15T12:16:25Z"
39+
}
40+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4w8g-q38j-gm8m",
4+
"modified": "2026-06-15T12:32:44Z",
5+
"published": "2026-06-15T12:32:44Z",
6+
"aliases": [
7+
"CVE-2026-34021"
8+
],
9+
"details": "The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485 messages and replay previously observed messages. This can be used, for example, to spoof a \"quit alarm\" message and continuously deactivate the safe alarm.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34021"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://r.sec-consult.com/wertdev"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://wertheim-safes.com/safe-deposit-boxes"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-294"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-15T12:16:24Z"
39+
}
40+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-69r2-vwm9-7qqc",
4+
"modified": "2026-06-15T12:32:44Z",
5+
"published": "2026-06-15T12:32:44Z",
6+
"aliases": [
7+
"CVE-2026-34024"
8+
],
9+
"details": "The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34024"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://r.sec-consult.com/wertheim"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://wertheim-safes.com/safe-deposit-box-management"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-862"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-15T12:16:24Z"
39+
}
40+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7c4j-4vwf-c9vr",
4+
"modified": "2026-06-15T12:32:44Z",
5+
"published": "2026-06-15T12:32:44Z",
6+
"aliases": [
7+
"CVE-2026-50100"
8+
],
9+
"details": "Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially crafted driver.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50100"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000002"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://jvn.jp/en/jp/JVN55319858"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.konicaminolta.jp/business/support/important/260615_01_01.html"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000002"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-427"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-06-15T10:16:28Z"
51+
}
52+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9jq6-3jwj-jrfh",
4+
"modified": "2026-06-15T12:32:44Z",
5+
"published": "2026-06-15T12:32:44Z",
6+
"aliases": [
7+
"CVE-2026-12057"
8+
],
9+
"details": "When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12057"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.foxit.com/support/security-bulletins.html"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-829"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-15T12:16:23Z"
35+
}
36+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-c97r-mff8-694v",
4+
"modified": "2026-06-15T12:32:45Z",
5+
"published": "2026-06-15T12:32:44Z",
6+
"aliases": [
7+
"CVE-2026-34025"
8+
],
9+
"details": "The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP X-Forwarded-For header when that header is present. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header during login to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34025"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://r.sec-consult.com/wertheim"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://wertheim-safes.com/safe-deposit-box-management"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-290"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-15T12:16:24Z"
39+
}
40+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-gr5m-9xq3-vhc7",
4+
"modified": "2026-06-15T12:32:45Z",
5+
"published": "2026-06-15T12:32:45Z",
6+
"aliases": [
7+
"CVE-2026-34027"
8+
],
9+
"details": "The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload if this value contains an allowed string such as pdf, jpeg, tiff, or png. An authenticated attacker with any role or permission level can spoof the Content-Type value and upload arbitrary file content.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34027"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://r.sec-consult.com/wertheim"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://wertheim-safes.com/safe-deposit-box-management"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-434"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-15T12:16:25Z"
39+
}
40+
}

0 commit comments

Comments
 (0)