Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 555285466760 · 2026-02-22T09:32:04.000Z
GHSA-3jg4-mfj9-3m8j GHSA-786c-jm2j-j6xw GHSA-7mmp-vchm-mm2p GHSA-9cqv-87fq-8fjx GHSA-c5fm-9xmx-m8v3 GHSA-f5hx-m48w-jh25 GHSA-rm9x-gmj8-vfxh
diff --git a/advisories/unreviewed/2026/02/GHSA-3jg4-mfj9-3m8j/GHSA-3jg4-mfj9-3m8j.json b/advisories/unreviewed/2026/02/GHSA-3jg4-mfj9-3m8j/GHSA-3jg4-mfj9-3m8j.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3jg4-mfj9-3m8j",
+  "modified": "2026-02-22T09:30:26Z",
+  "published": "2026-02-22T09:30:26Z",
+  "aliases": [
+    "CVE-2026-2933"
+  ],
+  "details": "A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2933"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ZZCTD/CVE/issues/4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347279"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347279"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755295"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T08:15:56Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-786c-jm2j-j6xw/GHSA-786c-jm2j-j6xw.json b/advisories/unreviewed/2026/02/GHSA-786c-jm2j-j6xw/GHSA-786c-jm2j-j6xw.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-786c-jm2j-j6xw",
+  "modified": "2026-02-22T09:30:26Z",
+  "published": "2026-02-22T09:30:26Z",
+  "aliases": [
+    "CVE-2026-2934"
+  ],
+  "details": "A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2934"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ZZCTD/CVE/issues/5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347280"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347280"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755296"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T09:16:11Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-7mmp-vchm-mm2p/GHSA-7mmp-vchm-mm2p.json b/advisories/unreviewed/2026/02/GHSA-7mmp-vchm-mm2p/GHSA-7mmp-vchm-mm2p.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7mmp-vchm-mm2p",
+  "modified": "2026-02-22T09:30:26Z",
+  "published": "2026-02-22T09:30:26Z",
+  "aliases": [
+    "CVE-2026-2385"
+  ],
+  "details": "The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting attacker-controlled email_data in an unauthenticated AJAX handler without cryptographic authenticity guarantees. This makes it possible for unauthenticated attackers to tamper with form email routing and redirection values to trigger unauthorized email relay and attacker-controlled redirection via the 'email_data' parameter.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2385"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3463156/the-plus-addons-for-elementor-page-builder"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9176535c-8e37-4a18-b458-a71c4a84daa4?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-345"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T09:16:10Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-9cqv-87fq-8fjx/GHSA-9cqv-87fq-8fjx.json b/advisories/unreviewed/2026/02/GHSA-9cqv-87fq-8fjx/GHSA-9cqv-87fq-8fjx.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9cqv-87fq-8fjx",
+  "modified": "2026-02-22T09:30:26Z",
+  "published": "2026-02-22T09:30:26Z",
+  "aliases": [
+    "CVE-2026-2935"
+  ],
+  "details": "A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2935"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/alc9700jmo/CVE/issues/23"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347297"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347297"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755297"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T09:16:11Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-c5fm-9xmx-m8v3/GHSA-c5fm-9xmx-m8v3.json b/advisories/unreviewed/2026/02/GHSA-c5fm-9xmx-m8v3/GHSA-c5fm-9xmx-m8v3.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c5fm-9xmx-m8v3",
+  "modified": "2026-02-22T09:30:26Z",
+  "published": "2026-02-22T09:30:26Z",
+  "aliases": [
+    "CVE-2026-2930"
+  ],
+  "details": "A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2930"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/master-abc/cve/issues/40"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347277"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347277"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755227"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T07:16:15Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-f5hx-m48w-jh25/GHSA-f5hx-m48w-jh25.json b/advisories/unreviewed/2026/02/GHSA-f5hx-m48w-jh25/GHSA-f5hx-m48w-jh25.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f5hx-m48w-jh25",
+  "modified": "2026-02-22T09:30:26Z",
+  "published": "2026-02-22T09:30:26Z",
+  "aliases": [
+    "CVE-2026-2938"
+  ],
+  "details": "A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2938"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Shaon-Xis/SRMS-1.0---Unauthenticated-SMTP-Hijacking-to-Account-Takeover"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347310"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347310"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755345"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T09:16:11Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-rm9x-gmj8-vfxh/GHSA-rm9x-gmj8-vfxh.json b/advisories/unreviewed/2026/02/GHSA-rm9x-gmj8-vfxh/GHSA-rm9x-gmj8-vfxh.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rm9x-gmj8-vfxh",
+  "modified": "2026-02-22T09:30:26Z",
+  "published": "2026-02-22T09:30:26Z",
+  "aliases": [
+    "CVE-2026-2932"
+  ],
+  "details": "A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2932"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ZZCTD/CVE/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ZZCTD/CVE/issues/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347278"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347278"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755281"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755286"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T08:15:55Z"
+  }
+}
