Publish Advisories

GHSA-88cv-g9gq-h6pq
GHSA-4f54-m9cc-h3ch
GHSA-764c-2rh3-p2wj
GHSA-8cv4-qwjg-mxw5
GHSA-9gr5-mvp6-h2hx
GHSA-c39m-mx52-7rcr
GHSA-f93m-5ch9-5cqf
GHSA-phg7-w8vm-9cqf
GHSA-qj4q-79hc-9854
GHSA-qq7p-wh5q-7f3r
GHSA-qwvc-m955-qj8v
GHSA-r7j5-cv7f-qr4c
GHSA-x4r3-2p23-jwm4

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-88cv-g9gq-h6pq/GHSA-88cv-g9gq-h6pq.json

@@ -34,7 +34,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-749"
+      "CWE-749",
+      "CWE-79"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/03/GHSA-4f54-m9cc-h3ch/GHSA-4f54-m9cc-h3ch.json

@@ -42,6 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-434",
       "CWE-79"
     ],
     "severity": "HIGH",

advisories/unreviewed/2026/03/GHSA-764c-2rh3-p2wj/GHSA-764c-2rh3-p2wj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-764c-2rh3-p2wj",
-  "modified": "2026-03-25T03:31:31Z",
+  "modified": "2026-03-26T00:30:55Z",
   "published": "2026-03-25T03:31:31Z",
   "aliases": [
     "CVE-2026-28820"
   ],
   "details": "This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-25T01:17:07Z"

advisories/unreviewed/2026/03/GHSA-8cv4-qwjg-mxw5/GHSA-8cv4-qwjg-mxw5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8cv4-qwjg-mxw5",
-  "modified": "2026-03-25T03:31:28Z",
+  "modified": "2026-03-26T00:30:54Z",
   "published": "2026-03-25T03:31:28Z",
   "aliases": [
     "CVE-2026-20631"
   ],
   "details": "A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-25T01:17:04Z"

advisories/unreviewed/2026/03/GHSA-9gr5-mvp6-h2hx/GHSA-9gr5-mvp6-h2hx.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9gr5-mvp6-h2hx",
+  "modified": "2026-03-26T00:30:57Z",
+  "published": "2026-03-26T00:30:57Z",
+  "aliases": [
+    "CVE-2026-4826"
+  ],
+  "details": "A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. If you want to get best quality of vulnerability data, you may have to visit VulDB.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4826"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateStock-sid.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.353126"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.353126"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.775177"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T00:16:41Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-c39m-mx52-7rcr/GHSA-c39m-mx52-7rcr.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c39m-mx52-7rcr",
+  "modified": "2026-03-26T00:30:55Z",
+  "published": "2026-03-26T00:30:55Z",
+  "aliases": [
+    "CVE-2025-2535"
+  ],
+  "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2535"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-25T23:17:07Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-f93m-5ch9-5cqf/GHSA-f93m-5ch9-5cqf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f93m-5ch9-5cqf",
-  "modified": "2026-03-23T15:30:33Z",
+  "modified": "2026-03-26T00:30:54Z",
   "published": "2026-03-20T21:31:28Z",
   "aliases": [
     "CVE-2025-63261"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00013.html"
+    },
     {
       "type": "WEB",
       "url": "https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf"

advisories/unreviewed/2026/03/GHSA-phg7-w8vm-9cqf/GHSA-phg7-w8vm-9cqf.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-phg7-w8vm-9cqf",
+  "modified": "2026-03-26T00:30:56Z",
+  "published": "2026-03-26T00:30:56Z",
+  "aliases": [
+    "CVE-2026-4825"
+  ],
+  "details": "A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4825"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateSales-sid.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.353125"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.353125"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.775175"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-25T23:17:10Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-qj4q-79hc-9854/GHSA-qj4q-79hc-9854.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qj4q-79hc-9854",
+  "modified": "2026-03-26T00:30:55Z",
+  "published": "2026-03-26T00:30:55Z",
+  "aliases": [
+    "CVE-2026-4823"
+  ],
+  "details": "A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highly complex. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 8.7.4 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4823"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/0truust/iperius-backup-security-advisories/blob/main/advisories/ntlm-relay-credential-exposure.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.353123"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.353123"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774218"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.iperiusbackup.com/download-software-backup.aspx"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-25T22:16:19Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-qq7p-wh5q-7f3r/GHSA-qq7p-wh5q-7f3r.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qq7p-wh5q-7f3r",
+  "modified": "2026-03-26T00:30:57Z",
+  "published": "2026-03-26T00:30:57Z",
+  "aliases": [
+    "CVE-2026-4758"
+  ],
+  "details": "The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4758"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.4.9/includes/classes/customfields.php#L1558"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.5.0/includes/classes/customfields.php?rev=3490490#L1558"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e96f31e0-4b2e-4ea1-a3e5-fd7452a2fea9?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T00:16:41Z"
+  }
+}