Skip to content

Commit 3aafded

Browse files
1 parent 58d8670 commit 3aafded

8 files changed

Lines changed: 401 additions & 1 deletion

File tree

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-34wf-crw6-8386",
4+
"modified": "2026-06-21T06:32:07Z",
5+
"published": "2026-06-21T06:32:07Z",
6+
"aliases": [
7+
"CVE-2026-12776"
8+
],
9+
"details": "A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unknown part of the file /index.php?page=houses. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12776"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/yihaofuweng/cve/issues/68"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-12776"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/835037"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/372518"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/372518/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "LOW",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-06-21T06:16:22Z"
55+
}
56+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4jcj-7x88-m979",
4+
"modified": "2026-06-21T06:32:07Z",
5+
"published": "2026-06-21T06:32:07Z",
6+
"aliases": [
7+
"CVE-2026-12773"
8+
],
9+
"details": "A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12773"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://gist.github.com/YLChen-007/3cfaad10a69d7a15e4d4d458cb53309e"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-12773"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/811282"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/372515"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/372515/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-287"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-06-21T04:16:28Z"
55+
}
56+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6373-275m-34g3",
4+
"modified": "2026-06-21T06:32:07Z",
5+
"published": "2026-06-21T06:32:07Z",
6+
"aliases": [
7+
"CVE-2026-12780"
8+
],
9+
"details": "A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can lead to improper access controls. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12780"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://vuldb.com/cve/CVE-2026-12780"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/835609"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/372521"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/372521/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://winslow1984.com/books/cve-collection/page/aomei-backupper-830-kernel-driver-amwrtdrvsys-local-privilege-escalation"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-266"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-06-21T06:16:22Z"
55+
}
56+
}

advisories/unreviewed/2026/06/GHSA-6qr3-3g89-m4jj/GHSA-6qr3-3g89-m4jj.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6qr3-3g89-m4jj",
4-
"modified": "2026-06-21T03:30:24Z",
4+
"modified": "2026-06-21T06:32:07Z",
55
"published": "2026-06-21T03:30:24Z",
66
"aliases": [
77
"CVE-2026-12770"
@@ -23,10 +23,18 @@
2323
"type": "ADVISORY",
2424
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12770"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/BerriAI/litellm/pull/23781"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://gist.github.com/YLChen-007/993c68152b2c770d53590f1684c755d4"
2933
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/BerriAI/litellm"
37+
},
3038
{
3139
"type": "WEB",
3240
"url": "https://vuldb.com/cve/CVE-2026-12770"
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9fg6-8666-rx55",
4+
"modified": "2026-06-21T06:32:07Z",
5+
"published": "2026-06-21T06:32:07Z",
6+
"aliases": [
7+
"CVE-2026-12778"
8+
],
9+
"details": "A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12778"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://vuldb.com/cve/CVE-2026-12778"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/835607"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/372519"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/372519/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://winslow1984.com/books/cve-collection/page/aomei-partition-assistant-10101-kernel-driver-ampa10sys-local-privilege-escalation"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-266"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-06-21T06:16:22Z"
55+
}
56+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h9c7-cfj6-h8j6",
4+
"modified": "2026-06-21T06:32:07Z",
5+
"published": "2026-06-21T06:32:07Z",
6+
"aliases": [
7+
"CVE-2026-12774"
8+
],
9+
"details": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12774"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://gist.github.com/YLChen-007/256c8ff0750e298f89b6b287c90c2981"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-12774"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/811285"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/372516"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/372516/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-918"
50+
],
51+
"severity": "LOW",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-06-21T04:16:31Z"
55+
}
56+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-w6qr-cjgp-ccf7",
4+
"modified": "2026-06-21T06:32:07Z",
5+
"published": "2026-06-21T06:32:07Z",
6+
"aliases": [
7+
"CVE-2026-12775"
8+
],
9+
"details": "A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12775"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/yihaofuweng/cve/issues/67"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-12775"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/835036"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/372517"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/372517/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-06-21T06:16:21Z"
55+
}
56+
}

0 commit comments

Comments
 (0)