Skip to content

File tree

advisories/unreviewed/2026/05/GHSA-59rx-q76w-hqrw/GHSA-59rx-q76w-hqrw.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-59rx-q76w-hqrw",
4-
"modified": "2026-06-23T06:30:40Z",
4+
"modified": "2026-06-23T09:32:23Z",
55
"published": "2026-05-27T12:31:22Z",
66
"aliases": [
77
"CVE-2026-3012"
@@ -35,6 +35,10 @@
3535
"type": "WEB",
3636
"url": "https://access.redhat.com/errata/RHSA-2026:25979"
3737
},
38+
{
39+
"type": "WEB",
40+
"url": "https://access.redhat.com/errata/RHSA-2026:28053"
41+
},
3842
{
3943
"type": "WEB",
4044
"url": "https://access.redhat.com/errata/RHSA-2026:28054"

advisories/unreviewed/2026/05/GHSA-c866-5hw6-cqf9/GHSA-c866-5hw6-cqf9.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-c866-5hw6-cqf9",
4-
"modified": "2026-06-23T06:30:40Z",
4+
"modified": "2026-06-23T09:32:23Z",
55
"published": "2026-05-27T15:33:10Z",
66
"aliases": [
77
"CVE-2026-1933"
@@ -35,6 +35,10 @@
3535
"type": "WEB",
3636
"url": "https://access.redhat.com/errata/RHSA-2026:25979"
3737
},
38+
{
39+
"type": "WEB",
40+
"url": "https://access.redhat.com/errata/RHSA-2026:28053"
41+
},
3842
{
3943
"type": "WEB",
4044
"url": "https://access.redhat.com/errata/RHSA-2026:28054"

advisories/unreviewed/2026/05/GHSA-ccmj-8c3p-4qwj/GHSA-ccmj-8c3p-4qwj.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-ccmj-8c3p-4qwj",
4-
"modified": "2026-05-29T12:31:25Z",
4+
"modified": "2026-06-23T09:32:23Z",
55
"published": "2026-05-29T12:31:25Z",
66
"aliases": [
77
"CVE-2026-46579"
@@ -19,6 +19,14 @@
1919
"type": "ADVISORY",
2020
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46579"
2121
},
22+
{
23+
"type": "WEB",
24+
"url": "https://access.redhat.com/errata/RHSA-2026:27044"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://access.redhat.com/errata/RHSA-2026:27063"
29+
},
2230
{
2331
"type": "WEB",
2432
"url": "https://access.redhat.com/security/cve/CVE-2026-46579"

advisories/unreviewed/2026/05/GHSA-hwwh-4hhw-h9jf/GHSA-hwwh-4hhw-h9jf.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-hwwh-4hhw-h9jf",
4-
"modified": "2026-06-23T06:30:39Z",
4+
"modified": "2026-06-23T09:32:22Z",
55
"published": "2026-05-26T15:32:11Z",
66
"aliases": [
77
"CVE-2026-4480"
@@ -35,6 +35,10 @@
3535
"type": "WEB",
3636
"url": "https://access.redhat.com/errata/RHSA-2026:25979"
3737
},
38+
{
39+
"type": "WEB",
40+
"url": "https://access.redhat.com/errata/RHSA-2026:28053"
41+
},
3842
{
3943
"type": "WEB",
4044
"url": "https://access.redhat.com/errata/RHSA-2026:28054"
@@ -55,6 +59,10 @@
5559
"type": "WEB",
5660
"url": "https://access.redhat.com/errata/RHSA-2026:28058"
5761
},
62+
{
63+
"type": "WEB",
64+
"url": "https://access.redhat.com/errata/RHSA-2026:28132"
65+
},
5866
{
5967
"type": "WEB",
6068
"url": "https://access.redhat.com/security/cve/CVE-2026-4480"

advisories/unreviewed/2026/05/GHSA-jg8v-92xc-cx65/GHSA-jg8v-92xc-cx65.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-jg8v-92xc-cx65",
4-
"modified": "2026-06-23T06:30:41Z",
4+
"modified": "2026-06-23T09:32:23Z",
55
"published": "2026-05-28T09:31:19Z",
66
"aliases": [
77
"CVE-2026-4408"
@@ -35,6 +35,10 @@
3535
"type": "WEB",
3636
"url": "https://access.redhat.com/errata/RHSA-2026:25979"
3737
},
38+
{
39+
"type": "WEB",
40+
"url": "https://access.redhat.com/errata/RHSA-2026:28053"
41+
},
3842
{
3943
"type": "WEB",
4044
"url": "https://access.redhat.com/errata/RHSA-2026:28054"
@@ -55,6 +59,10 @@
5559
"type": "WEB",
5660
"url": "https://access.redhat.com/errata/RHSA-2026:28058"
5761
},
62+
{
63+
"type": "WEB",
64+
"url": "https://access.redhat.com/errata/RHSA-2026:28132"
65+
},
5866
{
5967
"type": "WEB",
6068
"url": "https://access.redhat.com/security/cve/CVE-2026-4408"

advisories/unreviewed/2026/05/GHSA-m6w2-p258-gxqp/GHSA-m6w2-p258-gxqp.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-m6w2-p258-gxqp",
4-
"modified": "2026-06-23T06:30:40Z",
4+
"modified": "2026-06-23T09:32:23Z",
55
"published": "2026-05-27T15:33:11Z",
66
"aliases": [
77
"CVE-2026-2340"
@@ -35,6 +35,10 @@
3535
"type": "WEB",
3636
"url": "https://access.redhat.com/errata/RHSA-2026:25979"
3737
},
38+
{
39+
"type": "WEB",
40+
"url": "https://access.redhat.com/errata/RHSA-2026:28053"
41+
},
3842
{
3943
"type": "WEB",
4044
"url": "https://access.redhat.com/errata/RHSA-2026:28054"
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2hm5-4cpf-66vx",
4+
"modified": "2026-06-23T09:32:23Z",
5+
"published": "2026-06-23T09:32:23Z",
6+
"aliases": [
7+
"CVE-2026-8163"
8+
],
9+
"details": "The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8163"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://wpscan.com/vulnerability/e471516a-6f43-4a89-8486-7a638845e197"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-06-23T07:16:20Z"
28+
}
29+
}
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9v4r-j6qw-wjw2",
4+
"modified": "2026-06-23T09:32:23Z",
5+
"published": "2026-06-23T09:32:23Z",
6+
"aliases": [
7+
"CVE-2026-8379"
8+
],
9+
"details": "The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8379"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://wpscan.com/vulnerability/71619406-19bb-437f-9538-fdf73de98827"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-06-23T07:16:21Z"
28+
}
29+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hp5g-5g9f-49wq",
4+
"modified": "2026-06-23T09:32:23Z",
5+
"published": "2026-06-23T09:32:23Z",
6+
"aliases": [
7+
"CVE-2026-11374"
8+
],
9+
"details": "In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11374"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-287"
30+
],
31+
"severity": "CRITICAL",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-23T09:16:28Z"
35+
}
36+
}
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jgxx-4fc8-ff8f",
4+
"modified": "2026-06-23T09:32:23Z",
5+
"published": "2026-06-23T09:32:23Z",
6+
"aliases": [
7+
"CVE-2026-7842"
8+
],
9+
"details": "The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level access or higher to perform time-based blind SQL injection and extract sensitive data from the database. The ImportData module must be enabled via the Infility Global WordPress plugin before 2.15.20's module toggle page.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7842"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://wpscan.com/vulnerability/210303c4-0964-4a01-ac8e-13d7c7f424a2"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-06-23T07:16:20Z"
28+
}
29+
}

0 commit comments

Comments
 (0)