Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-56x4-vcv9-c6cw/GHSA-56x4-vcv9-c6cw.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-56x4-vcv9-c6cw",
-  "modified": "2025-12-09T21:31:49Z",
+  "modified": "2026-02-23T21:31:22Z",
   "published": "2025-12-09T21:31:49Z",
   "aliases": [
     "CVE-2021-47729"
   ],
   "details": "Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/12/GHSA-5p74-h2ww-pwhx/GHSA-5p74-h2ww-pwhx.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5p74-h2ww-pwhx",
-  "modified": "2025-12-09T21:31:49Z",
+  "modified": "2026-02-23T21:31:22Z",
   "published": "2025-12-09T21:31:49Z",
   "aliases": [
     "CVE-2021-47731"
   ],
   "details": "Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/12/GHSA-g8pv-w9gq-24x8/GHSA-g8pv-w9gq-24x8.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g8pv-w9gq-24x8",
-  "modified": "2025-12-09T21:31:49Z",
+  "modified": "2026-02-23T21:31:22Z",
   "published": "2025-12-09T21:31:48Z",
   "aliases": [
     "CVE-2021-47730"
   ],
   "details": "Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
@@ -42,6 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-352",
       "CWE-798"
     ],
     "severity": "HIGH",

advisories/unreviewed/2025/12/GHSA-mrj4-3c4j-jh3r/GHSA-mrj4-3c4j-jh3r.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mrj4-3c4j-jh3r",
-  "modified": "2025-12-09T21:31:49Z",
+  "modified": "2026-02-23T21:31:22Z",
   "published": "2025-12-09T21:31:48Z",
   "aliases": [
     "CVE-2021-47727"
   ],
   "details": "Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/12/GHSA-mx39-grv7-hq6w/GHSA-mx39-grv7-hq6w.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mx39-grv7-hq6w",
-  "modified": "2025-12-09T21:31:49Z",
+  "modified": "2026-02-23T21:31:22Z",
   "published": "2025-12-09T21:31:49Z",
   "aliases": [
     "CVE-2021-47728"
   ],
   "details": "Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/02/GHSA-3f33-44xm-29m7/GHSA-3f33-44xm-29m7.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-200"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/02/GHSA-42h9-mr3g-6gc2/GHSA-42h9-mr3g-6gc2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-42h9-mr3g-6gc2",
-  "modified": "2026-02-20T18:31:39Z",
+  "modified": "2026-02-23T21:31:23Z",
   "published": "2026-02-20T18:31:39Z",
   "aliases": [
     "CVE-2026-26721"
   ],
   "details": "An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-598"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-20T17:25:55Z"

advisories/unreviewed/2026/02/GHSA-438c-878c-qvmf/GHSA-438c-878c-qvmf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-438c-878c-qvmf",
-  "modified": "2026-02-23T15:31:15Z",
+  "modified": "2026-02-23T21:31:26Z",
   "published": "2026-02-23T15:31:15Z",
   "aliases": [
     "CVE-2025-69700"
   ],
   "details": "Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-23T14:16:21Z"

advisories/unreviewed/2026/02/GHSA-4phc-m7h5-frwr/GHSA-4phc-m7h5-frwr.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4phc-m7h5-frwr",
+  "modified": "2026-02-23T21:31:27Z",
+  "published": "2026-02-23T21:31:26Z",
+  "aliases": [
+    "CVE-2025-61147"
+  ],
+  "details": "strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61147"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/strukturag/libde265/issues/484"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/strukturag/libde265/commit/8b17e0930f77db07f55e0b89399a8f054ddbecf7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/optionGo/e6567a1c2bc4e0c9fee4e1e8be8d6af9"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T20:28:52Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-5fqg-ph33-v8fc/GHSA-5fqg-ph33-v8fc.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5fqg-ph33-v8fc",
+  "modified": "2026-02-23T21:31:27Z",
+  "published": "2026-02-23T21:31:27Z",
+  "aliases": [
+    "CVE-2025-63945"
+  ],
+  "details": "A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63945"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/alexlee820/CVE-2025-63945-Tencent-iOA-EoP"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/alexlee820/Tencent-iOA-EoP"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-59"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T20:28:52Z"
+  }
+}