Publish Advisories

GHSA-7p2j-mg94-f4j6
GHSA-cv79-qfjv-wpvr
GHSA-qqmj-6rm4-v4q6
GHSA-wh45-rv58-w5rc

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-7p2j-mg94-f4j6/GHSA-7p2j-mg94-f4j6.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7p2j-mg94-f4j6",
+  "modified": "2026-02-22T12:30:26Z",
+  "published": "2026-02-22T12:30:26Z",
+  "aliases": [
+    "CVE-2026-2939"
+  ],
+  "details": "A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2939"
+    },
+    {
+      "type": "WEB",
+      "url": "https://drive.google.com/file/d/1a-qY55pgynQviBw9UxPoIDs-UNgz6zOH/view"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/AS-AbdulSamad/CVE-1/tree/main"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347311"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347311"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755977"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T10:15:56Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-cv79-qfjv-wpvr/GHSA-cv79-qfjv-wpvr.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cv79-qfjv-wpvr",
+  "modified": "2026-02-22T12:30:26Z",
+  "published": "2026-02-22T12:30:26Z",
+  "aliases": [
+    "CVE-2026-2940"
+  ],
+  "details": "A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the component URL Handler. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2940"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Zaher1307/tiny_web_server/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Zaher1307/tiny_web_server/issues/1#issue-3924357507"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Zaher1307/tiny_web_server"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347312"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347312"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.756036"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T10:15:56Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-qqmj-6rm4-v4q6/GHSA-qqmj-6rm4-v4q6.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qqmj-6rm4-v4q6",
+  "modified": "2026-02-22T12:30:26Z",
+  "published": "2026-02-22T12:30:26Z",
+  "aliases": [
+    "CVE-2026-2943"
+  ],
+  "details": "A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2943"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/duckpigdog/CVE/blob/main/XSS%E2%80%94%E2%80%94SapneshNaik_Student-Management-System.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347313"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347313"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754035"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T11:16:11Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-wh45-rv58-w5rc/GHSA-wh45-rv58-w5rc.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wh45-rv58-w5rc",
+  "modified": "2026-02-22T12:30:26Z",
+  "published": "2026-02-22T12:30:26Z",
+  "aliases": [
+    "CVE-2026-2944"
+  ],
+  "details": "A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2944"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/CVE-Hunter-Leo/CVE/issues/9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347314"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347314"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754579"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T11:16:13Z"
+  }
+}