Skip to content

Commit b7cc318

Browse files
Advisory Database Sync
1 parent e04acc7 commit b7cc318

37 files changed

Lines changed: 1459 additions & 8 deletions

File tree

advisories/github-reviewed/2022/02/GHSA-3h2h-xqr2-2jp7/GHSA-3h2h-xqr2-2jp7.json

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3h2h-xqr2-2jp7",
4-
"modified": "2021-04-05T22:56:52Z",
4+
"modified": "2026-06-15T15:31:29Z",
55
"published": "2022-02-09T22:14:01Z",
66
"aliases": [
77
"CVE-2020-13932"
@@ -44,14 +44,26 @@
4444
"type": "WEB",
4545
"url": "https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt"
4646
},
47+
{
48+
"type": "WEB",
49+
"url": "https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb%40%3Cusers.activemq.apache.org%3E"
50+
},
4751
{
4852
"type": "WEB",
4953
"url": "https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb@%3Cusers.activemq.apache.org%3E"
5054
},
55+
{
56+
"type": "WEB",
57+
"url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
58+
},
5159
{
5260
"type": "WEB",
5361
"url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E"
5462
},
63+
{
64+
"type": "WEB",
65+
"url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E"
66+
},
5567
{
5668
"type": "WEB",
5769
"url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E"
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2fc2-fmg6-qjpw",
4+
"modified": "2026-06-15T15:31:33Z",
5+
"published": "2026-06-15T15:31:33Z",
6+
"aliases": [
7+
"CVE-2026-49064"
8+
],
9+
"details": "Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data.\n\nThis issue affects GetPaid: from n/a through 2.8.49.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49064"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://patchstack.com/database/wordpress/plugin/invoicing/vulnerability/wordpress-getpaid-plugin-2-8-49-sensitive-data-exposure-vulnerability?_s_id=cve"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-201"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-15T14:16:35Z"
35+
}
36+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2v73-958c-qpgj",
4+
"modified": "2026-06-15T15:31:32Z",
5+
"published": "2026-06-15T15:31:32Z",
6+
"aliases": [
7+
"CVE-2018-25436"
8+
],
9+
"details": "WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the upload handler, which moves files without validation to the plugin upload directory, enabling remote code execution.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25436"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://kaimi.io"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://wordpress.org/plugins/baggage-freight"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.exploit-db.com/exploits/46061"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.vulncheck.com/advisories/wordpress-plugin-baggage-freight-shipping-australia-arbitrary-file-upload"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-434"
46+
],
47+
"severity": "CRITICAL",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-06-15T14:16:32Z"
51+
}
52+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2wmq-3m94-g4jr",
4+
"modified": "2026-06-15T15:31:33Z",
5+
"published": "2026-06-15T15:31:33Z",
6+
"aliases": [
7+
"CVE-2026-6517"
8+
],
9+
"details": "Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that routes to an external web server. Mattermost Advisory ID: MMSA-2026-00651",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6517"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://mattermost.com/security-updates"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-522"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-15T14:16:37Z"
35+
}
36+
}
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-32mr-83fc-82g5",
4+
"modified": "2026-06-15T15:31:32Z",
5+
"published": "2026-06-15T15:31:32Z",
6+
"aliases": [
7+
"CVE-2016-20071"
8+
],
9+
"details": "The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloads to manipulate database queries and extract sensitive information from the WordPress database.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20071"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://wordpress.org/plugins/404-redirection-manager"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.exploit-db.com/exploits/40941"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.vulncheck.com/advisories/wordpress-404-redirection-manager-plugin-sql-injection"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-89"
42+
],
43+
"severity": "HIGH",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2026-06-15T14:16:30Z"
47+
}
48+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4mxv-55rp-8c89",
4+
"modified": "2026-06-15T15:31:32Z",
5+
"published": "2026-06-15T15:31:32Z",
6+
"aliases": [
7+
"CVE-2016-20073"
8+
],
9+
"details": "Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20073"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://wordpress.org/plugins/answer-my-question"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.exploit-db.com/exploits/40771"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.vulncheck.com/advisories/answer-my-question-plugin-wordpress-sql-injection-via-modal-php"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "http://lenonleite.com.br"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-89"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-06-15T14:16:30Z"
51+
}
52+
}

advisories/unreviewed/2026/06/GHSA-4w8g-q38j-gm8m/GHSA-4w8g-q38j-gm8m.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-4w8g-q38j-gm8m",
4-
"modified": "2026-06-15T12:32:44Z",
4+
"modified": "2026-06-15T15:31:31Z",
55
"published": "2026-06-15T12:32:44Z",
66
"aliases": [
77
"CVE-2026-34021"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://r.sec-consult.com/wertdev"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-wertheim-safecontroller-hardware-for-vault-rooms-safe-deposit-locker-system-microcontroller"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://wertheim-safes.com/safe-deposit-boxes"
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6554-rh36-hfh2",
4+
"modified": "2026-06-15T15:31:33Z",
5+
"published": "2026-06-15T15:31:33Z",
6+
"aliases": [
7+
"CVE-2026-5233"
8+
],
9+
"details": "Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.\n\nThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5233"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-799"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-15T14:16:37Z"
35+
}
36+
}
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6j5g-h4rw-c3j4",
4+
"modified": "2026-06-15T15:31:32Z",
5+
"published": "2026-06-15T15:31:32Z",
6+
"aliases": [
7+
"CVE-2016-20074"
8+
],
9+
"details": "WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20074"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/40070"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/wordpress-lazy-content-slider-plugin-csrf"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-352"
38+
],
39+
"severity": "MODERATE",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-06-15T14:16:30Z"
43+
}
44+
}

0 commit comments

Comments
 (0)