Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-65gf-rq85-48c5/GHSA-65gf-rq85-48c5.json

@@ -30,7 +30,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-457"
+      "CWE-457",
+      "CWE-908"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2026/04/GHSA-26j4-477q-gv33/GHSA-26j4-477q-gv33.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-26j4-477q-gv33",
-  "modified": "2026-04-08T09:31:32Z",
+  "modified": "2026-04-10T18:31:15Z",
   "published": "2026-04-08T09:31:32Z",
   "aliases": [
     "CVE-2026-39541"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.38.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T09:16:26Z"

advisories/unreviewed/2026/04/GHSA-28h4-g6r3-j269/GHSA-28h4-g6r3-j269.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-28h4-g6r3-j269",
-  "modified": "2026-04-08T21:33:32Z",
+  "modified": "2026-04-10T18:31:17Z",
   "published": "2026-04-08T21:33:32Z",
   "aliases": [
     "CVE-2025-50666"
   ],
   "details": "A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and time.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T19:24:17Z"

advisories/unreviewed/2026/04/GHSA-2mw3-cgxq-9prq/GHSA-2mw3-cgxq-9prq.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2mw3-cgxq-9prq",
-  "modified": "2026-04-08T09:31:33Z",
+  "modified": "2026-04-10T18:31:16Z",
   "published": "2026-04-08T09:31:33Z",
   "aliases": [
     "CVE-2026-39575"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through <= 5.5.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T09:16:28Z"

advisories/unreviewed/2026/04/GHSA-2qvj-7467-692p/GHSA-2qvj-7467-692p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2qvj-7467-692p",
-  "modified": "2026-04-08T09:31:33Z",
+  "modified": "2026-04-10T18:31:16Z",
   "published": "2026-04-08T09:31:33Z",
   "aliases": [
     "CVE-2026-39611"
   ],
   "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through <= 4.2.9.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-98"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T09:16:30Z"

advisories/unreviewed/2026/04/GHSA-2rj7-q26c-9qc3/GHSA-2rj7-q26c-9qc3.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2rj7-q26c-9qc3",
-  "modified": "2026-04-08T21:33:31Z",
+  "modified": "2026-04-10T18:31:16Z",
   "published": "2026-04-08T21:33:31Z",
   "aliases": [
     "CVE-2025-50648"
   ],
   "details": "A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T19:24:15Z"

advisories/unreviewed/2026/04/GHSA-3896-29g2-49jx/GHSA-3896-29g2-49jx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3896-29g2-49jx",
-  "modified": "2026-04-08T09:31:32Z",
+  "modified": "2026-04-10T18:31:15Z",
   "published": "2026-04-08T09:31:32Z",
   "aliases": [
     "CVE-2026-39563"
   ],
   "details": "Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.12.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T09:16:27Z"

advisories/unreviewed/2026/04/GHSA-396h-m3pm-fpm5/GHSA-396h-m3pm-fpm5.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-396h-m3pm-fpm5",
+  "modified": "2026-04-10T18:31:18Z",
+  "published": "2026-04-10T18:31:18Z",
+  "aliases": [
+    "CVE-2026-40225"
+  ],
+  "details": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40225"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-669"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-10T16:16:33Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3gmf-wjhx-fmw7/GHSA-3gmf-wjhx-fmw7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3gmf-wjhx-fmw7",
-  "modified": "2026-04-08T09:31:33Z",
+  "modified": "2026-04-10T18:31:16Z",
   "published": "2026-04-08T09:31:33Z",
   "aliases": [
     "CVE-2026-39605"
   ],
   "details": "Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T09:16:29Z"

advisories/unreviewed/2026/04/GHSA-3p7h-vrh2-gc3q/GHSA-3p7h-vrh2-gc3q.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3p7h-vrh2-gc3q",
-  "modified": "2026-04-08T09:31:33Z",
+  "modified": "2026-04-10T18:31:16Z",
   "published": "2026-04-08T09:31:33Z",
   "aliases": [
     "CVE-2026-39603"
   ],
   "details": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Forgery.This issue affects Grand Photography: from n/a through <= 5.7.8.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-352"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T09:16:29Z"