Advisory Database Sync

advisory-database[bot] · advisory-database[bot] · commit 4282cb09d1e0 · 2026-02-27T15:35:42.000Z
diff --git a/advisories/unreviewed/2026/01/GHSA-3737-xm99-hq62/GHSA-3737-xm99-hq62.json b/advisories/unreviewed/2026/01/GHSA-3737-xm99-hq62/GHSA-3737-xm99-hq62.json
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-863"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/01/GHSA-6qp4-m27m-3pjj/GHSA-6qp4-m27m-3pjj.json b/advisories/unreviewed/2026/01/GHSA-6qp4-m27m-3pjj/GHSA-6qp4-m27m-3pjj.json
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-77"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/01/GHSA-8fmp-6g38-h9j8/GHSA-8fmp-6g38-h9j8.json b/advisories/unreviewed/2026/01/GHSA-8fmp-6g38-h9j8/GHSA-8fmp-6g38-h9j8.json
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-22"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/01/GHSA-jw7f-48gr-mm37/GHSA-jw7f-48gr-mm37.json b/advisories/unreviewed/2026/01/GHSA-jw7f-48gr-mm37/GHSA-jw7f-48gr-mm37.json
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-78"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/01/GHSA-mwfw-2px5-7mxx/GHSA-mwfw-2px5-7mxx.json b/advisories/unreviewed/2026/01/GHSA-mwfw-2px5-7mxx/GHSA-mwfw-2px5-7mxx.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mwfw-2px5-7mxx",
-  "modified": "2026-01-27T18:32:18Z",
+  "modified": "2026-02-27T15:34:09Z",
   "published": "2026-01-27T18:32:17Z",
   "aliases": [
     "CVE-2026-23592"
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-78"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/01/GHSA-rqq8-2mxg-mgr6/GHSA-rqq8-2mxg-mgr6.json b/advisories/unreviewed/2026/01/GHSA-rqq8-2mxg-mgr6/GHSA-rqq8-2mxg-mgr6.json
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-233"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/01/GHSA-vf8g-fqmm-6vc5/GHSA-vf8g-fqmm-6vc5.json b/advisories/unreviewed/2026/01/GHSA-vf8g-fqmm-6vc5/GHSA-vf8g-fqmm-6vc5.json
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-22"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/02/GHSA-2qjx-h626-j6v4/GHSA-2qjx-h626-j6v4.json b/advisories/unreviewed/2026/02/GHSA-2qjx-h626-j6v4/GHSA-2qjx-h626-j6v4.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2qjx-h626-j6v4",
-  "modified": "2026-02-26T21:31:30Z",
+  "modified": "2026-02-27T15:34:17Z",
   "published": "2026-02-26T18:31:41Z",
   "aliases": [
     "CVE-2026-23749"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://github.com/golioth/golioth-firmware-sdk/commit/0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d"
     },
+    {
+      "type": "WEB",
+      "url": "https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0"
diff --git a/advisories/unreviewed/2026/02/GHSA-3f33-44xm-29m7/GHSA-3f33-44xm-29m7.json b/advisories/unreviewed/2026/02/GHSA-3f33-44xm-29m7/GHSA-3f33-44xm-29m7.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3f33-44xm-29m7",
-  "modified": "2026-02-12T09:30:58Z",
+  "modified": "2026-02-27T15:34:11Z",
   "published": "2026-02-12T09:30:58Z",
   "aliases": [
     "CVE-2026-21722"
@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-200"
+      "CWE-200",
+      "CWE-863"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,
diff --git a/advisories/unreviewed/2026/02/GHSA-5wx9-6p5v-7r76/GHSA-5wx9-6p5v-7r76.json b/advisories/unreviewed/2026/02/GHSA-5wx9-6p5v-7r76/GHSA-5wx9-6p5v-7r76.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5wx9-6p5v-7r76",
-  "modified": "2026-02-26T21:31:30Z",
+  "modified": "2026-02-27T15:34:17Z",
   "published": "2026-02-26T18:31:41Z",
   "aliases": [
     "CVE-2026-23747"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://github.com/golioth/golioth-firmware-sdk/commit/48f521bcc0187ada2b9cbdad31dc380e6c7b7332"
     },
+    {
+      "type": "WEB",
+      "url": "https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0"
diff --git a/advisories/unreviewed/2026/02/GHSA-66jp-xvmj-6q6f/GHSA-66jp-xvmj-6q6f.json b/advisories/unreviewed/2026/02/GHSA-66jp-xvmj-6q6f/GHSA-66jp-xvmj-6q6f.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-66jp-xvmj-6q6f",
+  "modified": "2026-02-27T15:34:19Z",
+  "published": "2026-02-27T15:34:19Z",
+  "aliases": [
+    "CVE-2025-15498"
+  ],
+  "details": "Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. \n\nThis issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15498"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert.pl/posts/2026/02/CVE-2025-15498"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.pro3w.pl"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T14:16:27Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-68xj-h57p-gg5j/GHSA-68xj-h57p-gg5j.json b/advisories/unreviewed/2026/02/GHSA-68xj-h57p-gg5j/GHSA-68xj-h57p-gg5j.json
@@ -29,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-183"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/02/GHSA-849j-jr65-wp89/GHSA-849j-jr65-wp89.json b/advisories/unreviewed/2026/02/GHSA-849j-jr65-wp89/GHSA-849j-jr65-wp89.json
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-849j-jr65-wp89",
-  "modified": "2026-02-19T18:31:53Z",
+  "modified": "2026-02-27T15:34:11Z",
   "published": "2026-02-19T18:31:53Z",
   "aliases": [
     "CVE-2026-25422"
   ],
   "details": "Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through <= 1.2.10.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-352"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-19T09:16:23Z"
diff --git a/advisories/unreviewed/2026/02/GHSA-8w4r-hqf6-jg5f/GHSA-8w4r-hqf6-jg5f.json b/advisories/unreviewed/2026/02/GHSA-8w4r-hqf6-jg5f/GHSA-8w4r-hqf6-jg5f.json
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8w4r-hqf6-jg5f",
-  "modified": "2026-02-03T15:30:25Z",
+  "modified": "2026-02-27T15:34:11Z",
   "published": "2026-02-03T15:30:25Z",
   "aliases": [
     "CVE-2026-24984"
   ],
   "details": "Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-03T15:16:17Z"
diff --git a/advisories/unreviewed/2026/02/GHSA-99wh-hc39-j65q/GHSA-99wh-hc39-j65q.json b/advisories/unreviewed/2026/02/GHSA-99wh-hc39-j65q/GHSA-99wh-hc39-j65q.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-99wh-hc39-j65q",
+  "modified": "2026-02-27T15:34:19Z",
+  "published": "2026-02-27T15:34:19Z",
+  "aliases": [
+    "CVE-2025-11950"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affects EduAsist: through 27022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11950"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usom.gov.tr/bildirim/tr-26-0086"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T13:16:01Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-f6m7-39fm-3hwq/GHSA-f6m7-39fm-3hwq.json b/advisories/unreviewed/2026/02/GHSA-f6m7-39fm-3hwq/GHSA-f6m7-39fm-3hwq.json
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f6m7-39fm-3hwq",
-  "modified": "2026-02-19T21:30:48Z",
+  "modified": "2026-02-27T15:34:11Z",
   "published": "2026-02-19T21:30:48Z",
   "aliases": [
     "CVE-2026-27327"
   ],
   "details": "Missing Authorization vulnerability in YayCommerce YayMail – WooCommerce Email Customizer yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail – WooCommerce Email Customizer: from n/a through <= 4.3.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-19T21:18:32Z"
diff --git a/advisories/unreviewed/2026/02/GHSA-h52p-5g3g-rxjm/GHSA-h52p-5g3g-rxjm.json b/advisories/unreviewed/2026/02/GHSA-h52p-5g3g-rxjm/GHSA-h52p-5g3g-rxjm.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h52p-5g3g-rxjm",
-  "modified": "2026-02-26T21:31:30Z",
+  "modified": "2026-02-27T15:34:17Z",
   "published": "2026-02-26T18:31:41Z",
   "aliases": [
     "CVE-2026-23748"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://github.com/golioth/golioth-firmware-sdk/commit/d7f55b380d8be8b29bd101ce06e421af2e88c12b"
     },
+    {
+      "type": "WEB",
+      "url": "https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0"
diff --git a/advisories/unreviewed/2026/02/GHSA-mmcc-ppg6-c7j2/GHSA-mmcc-ppg6-c7j2.json b/advisories/unreviewed/2026/02/GHSA-mmcc-ppg6-c7j2/GHSA-mmcc-ppg6-c7j2.json
@@ -29,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-22"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/02/GHSA-p5p3-cc32-x85v/GHSA-p5p3-cc32-x85v.json b/advisories/unreviewed/2026/02/GHSA-p5p3-cc32-x85v/GHSA-p5p3-cc32-x85v.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p5p3-cc32-x85v",
+  "modified": "2026-02-27T15:34:19Z",
+  "published": "2026-02-27T15:34:18Z",
+  "aliases": [
+    "CVE-2025-11252"
+  ],
+  "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11252"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usom.gov.tr/bildirim/tr-26-0085"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T13:16:01Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-pcr3-6v45-6mc2/GHSA-pcr3-6v45-6mc2.json b/advisories/unreviewed/2026/02/GHSA-pcr3-6v45-6mc2/GHSA-pcr3-6v45-6mc2.json
diff --git a/advisories/unreviewed/2026/02/GHSA-qg2f-7w4r-25f2/GHSA-qg2f-7w4r-25f2.json b/advisories/unreviewed/2026/02/GHSA-qg2f-7w4r-25f2/GHSA-qg2f-7w4r-25f2.json
diff --git a/advisories/unreviewed/2026/02/GHSA-rfgr-cv32-cqmh/GHSA-rfgr-cv32-cqmh.json b/advisories/unreviewed/2026/02/GHSA-rfgr-cv32-cqmh/GHSA-rfgr-cv32-cqmh.json
diff --git a/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json b/advisories/unreviewed/2026/02/GHSA-v929-j8mj-vc74/GHSA-v929-j8mj-vc74.json
diff --git a/advisories/unreviewed/2026/02/GHSA-w44h-2j78-hvfm/GHSA-w44h-2j78-hvfm.json b/advisories/unreviewed/2026/02/GHSA-w44h-2j78-hvfm/GHSA-w44h-2j78-hvfm.json
diff --git a/advisories/unreviewed/2026/02/GHSA-w49w-5662-qw44/GHSA-w49w-5662-qw44.json b/advisories/unreviewed/2026/02/GHSA-w49w-5662-qw44/GHSA-w49w-5662-qw44.json
diff --git a/advisories/unreviewed/2026/02/GHSA-x8p2-g6vv-f5mr/GHSA-x8p2-g6vv-f5mr.json b/advisories/unreviewed/2026/02/GHSA-x8p2-g6vv-f5mr/GHSA-x8p2-g6vv-f5mr.json
diff --git a/advisories/unreviewed/2026/02/GHSA-xcg8-xp62-9p7g/GHSA-xcg8-xp62-9p7g.json b/advisories/unreviewed/2026/02/GHSA-xcg8-xp62-9p7g/GHSA-xcg8-xp62-9p7g.json
diff --git a/advisories/unreviewed/2026/02/GHSA-xj9r-5fj6-ggxg/GHSA-xj9r-5fj6-ggxg.json b/advisories/unreviewed/2026/02/GHSA-xj9r-5fj6-ggxg/GHSA-xj9r-5fj6-ggxg.json
