Skip to content

Commit d11add3

Browse files
Advisory Database Sync
1 parent edd99ac commit d11add3

59 files changed

Lines changed: 1536 additions & 63 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

advisories/unreviewed/2026/05/GHSA-48v9-p8g8-55vg/GHSA-48v9-p8g8-55vg.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-48v9-p8g8-55vg",
4-
"modified": "2026-05-26T18:31:38Z",
4+
"modified": "2026-06-22T18:34:00Z",
55
"published": "2026-05-18T15:30:38Z",
66
"aliases": [
77
"CVE-2026-41947"
@@ -42,6 +42,10 @@
4242
{
4343
"type": "WEB",
4444
"url": "https://www.vulncheck.com/advisories/dify-authorization-bypass-via-trace-configuration-endpoints"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps"
4549
}
4650
],
4751
"database_specific": {

advisories/unreviewed/2026/05/GHSA-h666-98mq-949j/GHSA-h666-98mq-949j.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-h666-98mq-949j",
4-
"modified": "2026-05-18T15:30:38Z",
4+
"modified": "2026-06-22T18:34:00Z",
55
"published": "2026-05-18T15:30:38Z",
66
"aliases": [
77
"CVE-2026-41948"
@@ -34,6 +34,10 @@
3434
{
3535
"type": "WEB",
3636
"url": "https://www.vulncheck.com/advisories/dify-path-traversal-via-plugin-daemon-internal-api-access"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps"
3741
}
3842
],
3943
"database_specific": {

advisories/unreviewed/2026/05/GHSA-jv3f-qwf9-wvq9/GHSA-jv3f-qwf9-wvq9.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-jv3f-qwf9-wvq9",
4-
"modified": "2026-05-26T18:31:38Z",
4+
"modified": "2026-06-22T18:34:00Z",
55
"published": "2026-05-18T15:30:38Z",
66
"aliases": [
77
"CVE-2026-41949"
@@ -42,6 +42,10 @@
4242
{
4343
"type": "WEB",
4444
"url": "https://www.vulncheck.com/advisories/dify-authorization-bypass-via-file-preview-endpoint"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps"
4549
}
4650
],
4751
"database_specific": {

advisories/unreviewed/2026/05/GHSA-mpmf-3w4r-qfpf/GHSA-mpmf-3w4r-qfpf.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-mpmf-3w4r-qfpf",
4-
"modified": "2026-06-22T15:30:42Z",
4+
"modified": "2026-06-22T18:34:00Z",
55
"published": "2026-05-28T09:31:20Z",
66
"aliases": [
77
"CVE-2026-9804"
@@ -23,6 +23,14 @@
2323
"type": "WEB",
2424
"url": "https://access.redhat.com/errata/RHSA-2026:27914"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://access.redhat.com/errata/RHSA-2026:27983"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://access.redhat.com/errata/RHSA-2026:28002"
33+
},
2634
{
2735
"type": "WEB",
2836
"url": "https://access.redhat.com/security/cve/CVE-2026-9804"

advisories/unreviewed/2026/05/GHSA-r2m5-9rwx-269r/GHSA-r2m5-9rwx-269r.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-r2m5-9rwx-269r",
4-
"modified": "2026-05-05T21:31:33Z",
4+
"modified": "2026-06-22T18:34:00Z",
55
"published": "2026-05-05T21:31:32Z",
66
"aliases": [
77
"CVE-2026-41950"
@@ -34,6 +34,10 @@
3434
{
3535
"type": "WEB",
3636
"url": "https://www.vulncheck.com/advisories/dify-authorization-bypass-via-file-uuid"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps"
3741
}
3842
],
3943
"database_specific": {
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3777-v3gr-3jr3",
4+
"modified": "2026-06-22T18:34:17Z",
5+
"published": "2026-06-22T18:34:17Z",
6+
"aliases": [
7+
"CVE-2026-11994"
8+
],
9+
"details": "Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11994"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://fluidattacks.com/es/advisories/believer"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/akaunting/akaunting"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-79"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-22T18:16:31Z"
39+
}
40+
}
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3hfq-9fxf-h35p",
4+
"modified": "2026-06-22T18:34:14Z",
5+
"published": "2026-06-22T18:34:14Z",
6+
"aliases": [
7+
"CVE-2026-41046"
8+
],
9+
"details": "A path traversal attack when using a \"configName\" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41046"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1261889"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-path-traversal"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-23"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-06-22T16:16:35Z"
43+
}
44+
}
Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3w66-95m3-8jxg",
4+
"modified": "2026-06-22T18:34:17Z",
5+
"published": "2026-06-22T18:34:17Z",
6+
"aliases": [
7+
"CVE-2026-42127"
8+
],
9+
"details": "The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access token or authentication is required to exploit this vulnerability.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42127"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://grafana.com/security/security-advisories/cve-2026-42127"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [],
29+
"severity": "HIGH",
30+
"github_reviewed": false,
31+
"github_reviewed_at": null,
32+
"nvd_published_at": "2026-06-22T18:16:37Z"
33+
}
34+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4pf4-j777-cgmf",
4+
"modified": "2026-06-22T18:34:16Z",
5+
"published": "2026-06-22T18:34:16Z",
6+
"aliases": [
7+
"CVE-2026-7664"
8+
],
9+
"details": "IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7664"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.ibm.com/support/pages/node/7277243"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-287"
30+
],
31+
"severity": "CRITICAL",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-22T16:16:41Z"
35+
}
36+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4pm6-4pwh-f3gg",
4+
"modified": "2026-06-22T18:34:16Z",
5+
"published": "2026-06-22T18:34:16Z",
6+
"aliases": [
7+
"CVE-2026-7253"
8+
],
9+
"details": "IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7253"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.ibm.com/support/pages/node/7276994"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-918"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-22T16:16:41Z"
35+
}
36+
}

0 commit comments

Comments
 (0)