Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-26rx-qf83-fc58/GHSA-26rx-qf83-fc58.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-26rx-qf83-fc58",
+  "modified": "2026-02-27T03:30:27Z",
+  "published": "2026-02-27T03:30:27Z",
+  "aliases": [
+    "CVE-2026-24452"
+  ],
+  "details": "An OS command injection \n vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n supplying a crafted template file to the devices route.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24452"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T02:16:18Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-28pj-7rwg-vxrf/GHSA-28pj-7rwg-vxrf.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-28pj-7rwg-vxrf",
+  "modified": "2026-02-27T03:30:26Z",
+  "published": "2026-02-27T03:30:26Z",
+  "aliases": [
+    "CVE-2026-25774"
+  ],
+  "details": "Charging station authentication identifiers are publicly accessible via web-based mapping platforms.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25774"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-07.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-07"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ev.energy/en-us"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-522"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T01:16:20Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-5m2v-c6pj-9qqh/GHSA-5m2v-c6pj-9qqh.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5m2v-c6pj-9qqh",
+  "modified": "2026-02-27T03:30:26Z",
+  "published": "2026-02-27T03:30:26Z",
+  "aliases": [
+    "CVE-2026-24663"
+  ],
+  "details": "An OS command injection vulnerability exists in XWEB Pro version 1.12.1 \nand prior, enabling an unauthenticated attacker to achieve remote code \nexecution on the system by sending a crafted request to the libraries \ninstallation route and injecting malicious input into the request body.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24663"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T01:16:18Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-5wgh-57jj-2j34/GHSA-5wgh-57jj-2j34.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5wgh-57jj-2j34",
+  "modified": "2026-02-27T03:30:27Z",
+  "published": "2026-02-27T03:30:27Z",
+  "aliases": [
+    "CVE-2026-25196"
+  ],
+  "details": "An OS command injection \nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into the Wi-Fi SSID and/or password fields \ncan lead to remote code execution when the configuration is processed.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25196"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T02:16:20Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-6pvr-hxgm-74hg/GHSA-6pvr-hxgm-74hg.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6pvr-hxgm-74hg",
+  "modified": "2026-02-27T03:30:26Z",
+  "published": "2026-02-27T03:30:26Z",
+  "aliases": [
+    "CVE-2026-20910"
+  ],
+  "details": "An OS command injection \nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into the devices field of the firmware update\n update action to achieve remote code execution.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20910"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T01:16:17Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-6xjh-63ff-92mc/GHSA-6xjh-63ff-92mc.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6xjh-63ff-92mc",
+  "modified": "2026-02-27T03:30:26Z",
+  "published": "2026-02-27T03:30:26Z",
+  "aliases": [
+    "CVE-2021-4456"
+  ],
+  "details": "Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact.\n\nThe functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker may be able to leverage this to bypass access controls based on IP addresses.\n\nThe documentation advises validating untrusted CIDR strings with the `cidrvalidate` function. However, this mitigation is optional and not enforced by default. In practice, users may call `addr2cidr` or `cidrlookup` with untrusted input and without validation, incorrectly assuming that this is safe.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4456"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/svarshavchik/Net-CIDR/commit/e3648c6bc6bdd018f90cca4149c467017d42bd10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros"
+    },
+    {
+      "type": "WEB",
+      "url": "https://metacpan.org/dist/Net-CIDR/changes"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-704"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T01:16:13Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-7r34-g88h-g49f/GHSA-7r34-g88h-g49f.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7r34-g88h-g49f",
+  "modified": "2026-02-27T03:30:26Z",
+  "published": "2026-02-27T03:30:26Z",
+  "aliases": [
+    "CVE-2026-21718"
+  ],
+  "details": "An authentication bypass vulnerability exists in Copeland XWEB Pro \nversion 1.12.1 and prior, enabling any attackers to bypass the \nauthentication requirement and achieve pre-authenticated code execution \non the system.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21718"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-327"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T01:16:18Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-92fm-h5h6-cjf9/GHSA-92fm-h5h6-cjf9.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-92fm-h5h6-cjf9",
+  "modified": "2026-02-27T03:30:26Z",
+  "published": "2026-02-27T03:30:26Z",
+  "aliases": [
+    "CVE-2026-21389"
+  ],
+  "details": "An OS command injection \nvulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an \nauthenticated attacker to achieve remote code execution on the system by\n injecting malicious input into the request body sent to the contacts \nimport route.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21389"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T01:16:17Z"
+  }
+}