Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-333w-78wm-wpxh/GHSA-333w-78wm-wpxh.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-333w-78wm-wpxh",
+  "modified": "2026-02-23T06:30:18Z",
+  "published": "2026-02-23T06:30:18Z",
+  "aliases": [
+    "CVE-2026-2971"
+  ],
+  "details": "A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the component Login. Performing a manipulation of the argument redirectUri results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2971"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347338"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347338"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.756025"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/Smart-SSO-Reflected-XSS-vulnerabilities-in-redirectUri-parameter-304ea92a3c41805a8223c4ba75831802"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T05:16:20Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-365g-rr2h-rx65/GHSA-365g-rr2h-rx65.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-365g-rr2h-rx65",
-  "modified": "2026-02-18T18:30:40Z",
+  "modified": "2026-02-23T06:30:17Z",
   "published": "2026-02-18T18:30:40Z",
   "aliases": [
     "CVE-2025-71234"
@@ -22,6 +22,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/5d810ba377eddee95d30766d360a14efbb3d1872"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/86c946bcc00f6390ef65e9614ae60a9377e454f8"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/9a0f3fa6ecd0c9c32dbc367a57482bbf7c7d25bf"

advisories/unreviewed/2026/02/GHSA-3w2g-4qx3-2mmw/GHSA-3w2g-4qx3-2mmw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3w2g-4qx3-2mmw",
-  "modified": "2026-02-19T18:31:43Z",
+  "modified": "2026-02-23T06:30:17Z",
   "published": "2026-02-18T18:30:40Z",
   "aliases": [
     "CVE-2025-71232"
@@ -22,6 +22,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/19ac050ef09a2f0a9d9787540f77bb45cf9033e8"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/7adbd2b7809066c75f0433e5e2a8e114b429f30f"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/8e7597b4efee6143439641bc6522f247d585e060"

advisories/unreviewed/2026/02/GHSA-5jgq-pv8m-5cx7/GHSA-5jgq-pv8m-5cx7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5jgq-pv8m-5cx7",
-  "modified": "2026-02-18T18:30:40Z",
+  "modified": "2026-02-23T06:30:18Z",
   "published": "2026-02-18T18:30:40Z",
   "aliases": [
     "CVE-2026-23226"
@@ -18,6 +18,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/36ef605c0395b94b826a8c8d6f2697071173de6e"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4f3a06cc57976cafa8c6f716646be6c79a99e485"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/e4a8a96a93d08570e0405cfd989a8a07e5b6ff33"

advisories/unreviewed/2026/02/GHSA-5qf3-3gp9-pjx6/GHSA-5qf3-3gp9-pjx6.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5qf3-3gp9-pjx6",
-  "modified": "2026-02-19T18:31:44Z",
+  "modified": "2026-02-23T06:30:18Z",
   "published": "2026-02-18T18:30:40Z",
   "aliases": [
     "CVE-2026-23222"
@@ -14,6 +14,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23222"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1562b1fb7e17c1b3addb15e125c718b2be7f5512"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/2ed27b5a1174351148c3adbfc0cd86d54072ba2e"

advisories/unreviewed/2026/02/GHSA-6h9v-2cfh-rp3v/GHSA-6h9v-2cfh-rp3v.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6h9v-2cfh-rp3v",
+  "modified": "2026-02-23T06:30:19Z",
+  "published": "2026-02-23T06:30:18Z",
+  "aliases": [
+    "CVE-2026-2972"
+  ],
+  "details": "A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2972"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347339"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347339"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.756026"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/Smart-SSO-Stored-Cross-Site-Scripting-XSS-in-Role-Edit-Page-303ea92a3c4180f4beb9c119653ce51d"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T06:16:15Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-6xrx-3vj8-2rjc/GHSA-6xrx-3vj8-2rjc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6xrx-3vj8-2rjc",
-  "modified": "2026-02-18T18:30:39Z",
+  "modified": "2026-02-23T06:30:17Z",
   "published": "2026-02-18T18:30:39Z",
   "aliases": [
     "CVE-2025-71230"
@@ -14,6 +14,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71230"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/05ce49a902be15dc93854cbfc20161205a9ee446"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/399219831514126bc9541e8eadefe02c6fbd9166"

advisories/unreviewed/2026/02/GHSA-78xc-39m5-v2c6/GHSA-78xc-39m5-v2c6.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-78xc-39m5-v2c6",
-  "modified": "2026-02-19T18:31:43Z",
+  "modified": "2026-02-23T06:30:17Z",
   "published": "2026-02-18T18:30:40Z",
   "aliases": [
     "CVE-2025-71233"
@@ -26,6 +26,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/73cee890adafa2c219bb865356e08e7f82423fe5"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/7c5c7d06bd1f86d2c3ebe62be903a4ba42db4d2c"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/8cb905eca73944089a0db01443c7628a9e87012d"

advisories/unreviewed/2026/02/GHSA-876r-52fj-4pxf/GHSA-876r-52fj-4pxf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-876r-52fj-4pxf",
-  "modified": "2026-02-19T18:31:43Z",
+  "modified": "2026-02-23T06:30:17Z",
   "published": "2026-02-18T18:30:40Z",
   "aliases": [
     "CVE-2025-71235"
@@ -22,6 +22,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49"

advisories/unreviewed/2026/02/GHSA-8j5g-3q2r-xfjh/GHSA-8j5g-3q2r-xfjh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8j5g-3q2r-xfjh",
-  "modified": "2026-02-18T18:30:40Z",
+  "modified": "2026-02-23T06:30:18Z",
   "published": "2026-02-18T18:30:40Z",
   "aliases": [
     "CVE-2026-23224"
@@ -14,6 +14,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23224"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1caf50ce4af096d0280d59a31abdd85703cd995c"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/ae385826840a3c8e09bf38cac90adcd690716f57"