Publish Advisories

GHSA-mcx7-55c8-m5jv
GHSA-8v28-3j53-xvq8
GHSA-998w-jcr6-gwpq
GHSA-gcwp-v2vv-8h27
GHSA-23j5-87fx-hgc9
GHSA-2r7h-m6jv-58qc
GHSA-7977-c43c-xpwj
GHSA-7cj7-hvph-vvv7
GHSA-7mf8-hqh9-29fx
GHSA-8xwf-cr4r-856r
GHSA-99wf-f9rf-jh8p
GHSA-g54x-7hpm-29q8
GHSA-gx6c-pv62-9mcf
GHSA-j682-47rx-fxrp
GHSA-jppp-pmhm-3cp9
GHSA-m56j-8cwc-qgv8
GHSA-pw4j-xhwf-vgmr
GHSA-rwvh-hmmf-wpqx
GHSA-w36g-f98m-wm99

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-mcx7-55c8-m5jv/GHSA-mcx7-55c8-m5jv.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mcx7-55c8-m5jv",
-  "modified": "2025-12-08T12:30:25Z",
+  "modified": "2026-02-27T06:31:28Z",
   "published": "2025-12-08T12:30:25Z",
   "aliases": [
     "CVE-2025-14262"
   ],
   "details": "A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions.\n\nThere is no workaround.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Green"

advisories/unreviewed/2026/01/GHSA-8v28-3j53-xvq8/GHSA-8v28-3j53-xvq8.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-502"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/01/GHSA-998w-jcr6-gwpq/GHSA-998w-jcr6-gwpq.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-77"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/01/GHSA-gcwp-v2vv-8h27/GHSA-gcwp-v2vv-8h27.json

@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-284"
+      "CWE-284",
+      "CWE-434"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/02/GHSA-23j5-87fx-hgc9/GHSA-23j5-87fx-hgc9.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-23j5-87fx-hgc9",
+  "modified": "2026-02-27T06:31:28Z",
+  "published": "2026-02-27T06:31:28Z",
+  "aliases": [
+    "CVE-2026-2428"
+  ],
+  "details": "The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN (Instant Payment Notification) verification being disabled by default (`disable_ipn_verification` defaults to `'yes'` in `PayPalSettings.php`). This makes it possible for unauthenticated attackers to send forged PayPal IPN notifications to the publicly accessible IPN endpoint, marking unpaid form submissions as \"paid\" and triggering post-payment automation (emails, access grants, digital product delivery).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2428"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fluentforms.com/docs/changelog/#2-toc-title"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5c62e54-da06-4b44-ba70-63065e664b0d?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-345"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T04:16:03Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-2r7h-m6jv-58qc/GHSA-2r7h-m6jv-58qc.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2r7h-m6jv-58qc",
+  "modified": "2026-02-27T06:31:29Z",
+  "published": "2026-02-27T06:31:28Z",
+  "aliases": [
+    "CVE-2026-1558"
+  ],
+  "details": "The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR) in versions up to, and including, 10.3.2. This is due to the /wp-json/wp-recipe-maker/v1/integrations/instacart REST API endpoint's permission_callback being set to __return_true and a lack of subsequent authorization or ownership checks on the user-supplied recipeId. This makes it possible for unauthenticated attackers to overwrite arbitrary post metadata (wprm_instacart_combinations) for any post ID on the site via the recipeId parameter.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1558"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/tags/10.3.2/includes/public/api/class-wprm-api-integrations.php#L40"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/tags/10.3.2/includes/public/class-wprm-instacart.php#L110"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3464195%40wp-recipe-maker%2Ftrunk&old=3441130%40wp-recipe-maker%2Ftrunk&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90a5589f-f0e9-4511-9c5e-0afcee0824d5?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T05:18:19Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-7977-c43c-xpwj/GHSA-7977-c43c-xpwj.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7977-c43c-xpwj",
+  "modified": "2026-02-27T06:31:28Z",
+  "published": "2026-02-27T06:31:28Z",
+  "aliases": [
+    "CVE-2026-28363"
+  ],
+  "details": "In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28363"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-184"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T04:16:03Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-7cj7-hvph-vvv7/GHSA-7cj7-hvph-vvv7.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7cj7-hvph-vvv7",
+  "modified": "2026-02-27T06:31:28Z",
+  "published": "2026-02-27T06:31:28Z",
+  "aliases": [
+    "CVE-2026-3286"
+  ],
+  "details": "A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the argument img leads to server-side request forgery. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3286"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fx4tqqfvdw4.feishu.cn/docx/NK7KdbIrboeB6WxwfhucW1YgnCb?from=from_copylink"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.348015"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.348015"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.758974"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T04:16:03Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-7mf8-hqh9-29fx/GHSA-7mf8-hqh9-29fx.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7mf8-hqh9-29fx",
+  "modified": "2026-02-27T06:31:28Z",
+  "published": "2026-02-27T06:31:28Z",
+  "aliases": [
+    "CVE-2026-3287"
+  ],
+  "details": "A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of the argument sortField/sort results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3287"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fx4tqqfvdw4.feishu.cn/docx/E1YgdZUApoBU2bxDl37cLgqsnof?from=from_copylink"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.348016"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.348016"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.758977"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T05:18:21Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-8xwf-cr4r-856r/GHSA-8xwf-cr4r-856r.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8xwf-cr4r-856r",
+  "modified": "2026-02-27T06:31:28Z",
+  "published": "2026-02-27T06:31:28Z",
+  "aliases": [
+    "CVE-2026-28370"
+  ],
+  "details": "In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise of the Vitrage service. All deployments exposing the Vitrage API are affected. This occurs in _create_query_function in vitrage/graph/query.py.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28370"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openstack/vitrage/blob/a1f86950e1314b0c740f9cd9b7e9dbab7d02af51/vitrage/graph/query.py#L70"
+    },
+    {
+      "type": "WEB",
+      "url": "https://storyboard.openstack.org/#%21/story/2011539"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-95"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-27T05:18:20Z"
+  }
+}