github
diff --git a/‎advisories/unreviewed/2026/02/GHSA-2fx4-vwf2-pw99/GHSA-2fx4-vwf2-pw99.json‎
Lines changed: 56 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-2fx4-vwf2-pw99/GHSA-2fx4-vwf2-pw99.json‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-38mc-hhxh-4rgq/GHSA-38mc-hhxh-4rgq.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-38mc-hhxh-4rgq/GHSA-38mc-hhxh-4rgq.json‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-3j9h-rxgh-gc62/GHSA-3j9h-rxgh-gc62.json‎
Lines changed: 56 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-3j9h-rxgh-gc62/GHSA-3j9h-rxgh-gc62.json‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-3mcc-r9wq-f9g6/GHSA-3mcc-r9wq-f9g6.json‎
Lines changed: 56 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-3mcc-r9wq-f9g6/GHSA-3mcc-r9wq-f9g6.json‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-42rf-xhpv-2c8q/GHSA-42rf-xhpv-2c8q.json‎
Lines changed: 40 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-42rf-xhpv-2c8q/GHSA-42rf-xhpv-2c8q.json‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-5hwv-xjx8-73mr/GHSA-5hwv-xjx8-73mr.json‎
Lines changed: 56 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-5hwv-xjx8-73mr/GHSA-5hwv-xjx8-73mr.json‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-7g5x-9c4v-4w5r/GHSA-7g5x-9c4v-4w5r.json‎
Lines changed: 60 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-7g5x-9c4v-4w5r/GHSA-7g5x-9c4v-4w5r.json‎
Lines changed: 60 additions & 0 deletions
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2fx4-vwf2-pw99",
+  "modified": "2026-02-27T09:30:29Z",
+  "published": "2026-02-27T09:30:29Z",
+  "aliases": [
+    "CVE-2025-9909"
+  ],
+  "details": "A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9909"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21768"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21775"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23069"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23131"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2025-9909"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392836"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-647"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T08:17:08Z"
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-38mc-hhxh-4rgq",
+  "modified": "2026-02-27T09:30:29Z",
+  "published": "2026-02-27T09:30:29Z",
+  "aliases": [
+    "CVE-2026-27776"
+  ],
+  "details": "IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27776"
+    },
+    {
+      "type": "WEB",
+      "url": "https://global.intra-mart.support/hc/en-us/articles/55266898383641"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN80500630"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-502"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T08:17:09Z"
+  }
+}
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3j9h-rxgh-gc62",
+  "modified": "2026-02-27T09:30:29Z",
+  "published": "2026-02-27T09:30:29Z",
+  "aliases": [
+    "CVE-2026-3302"
+  ],
+  "details": "A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3302"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/rayficom/Proof-of-Concept/blob/main/20260219/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.348053"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.348053"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.762427"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T07:17:12Z"
+  }
+}
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3mcc-r9wq-f9g6",
+  "modified": "2026-02-27T09:30:29Z",
+  "published": "2026-02-27T09:30:29Z",
+  "aliases": [
+    "CVE-2025-9907"
+  ],
+  "details": "A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9907"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19201"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19221"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23069"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23131"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2025-9907"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392834"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T08:17:06Z"
+  }
+}
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-42rf-xhpv-2c8q",
+  "modified": "2026-02-27T09:30:29Z",
+  "published": "2026-02-27T09:30:29Z",
+  "aliases": [
+    "CVE-2025-14149"
+  ],
+  "details": "The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14149"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3470049/xpro-elementor-addons/trunk/widgets/image-scroller/layout/frontend.php?old=3122565&old_path=xpro-elementor-addons%2Ftrunk%2Fwidgets%2Fimage-scroller%2Flayout%2Ffrontend.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5569e2fa-ce20-4ad0-8089-7c9ec792cc44?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T07:17:09Z"
+  }
+}
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5hwv-xjx8-73mr",
+  "modified": "2026-02-27T09:30:29Z",
+  "published": "2026-02-27T09:30:29Z",
+  "aliases": [
+    "CVE-2026-1626"
+  ],
+  "details": "An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1626"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sick.com/psirt"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.first.org/cvss/calculator/3.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-327"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T09:16:15Z"
+  }
+}
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7g5x-9c4v-4w5r",
+  "modified": "2026-02-27T09:30:29Z",
+  "published": "2026-02-27T09:30:29Z",
+  "aliases": [
+    "CVE-2025-12150"
+  ],
+  "details": "A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12150"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/issues/43723"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21370"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21371"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22088"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22089"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2025-12150"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-347"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T09:16:15Z"
+  }
+}