Publish Advisories

GHSA-62m6-f67r-3r6p
GHSA-m4cp-qj9v-7wpc
GHSA-hm8v-8c3v-cxfq
GHSA-25cv-hf25-fqf8
GHSA-438c-878c-qvmf
GHSA-4h76-926q-wxxw
GHSA-c85p-r6x8-fqgr
GHSA-cqp7-wf4c-3xgc
GHSA-g666-g65w-p8mh
GHSA-jxwm-5mrm-6h8j
GHSA-mc6c-v4m2-858f
GHSA-rq7m-qrq2-mrg5
GHSA-ww95-r66q-v2hh

Author: advisory-database[bot]

advisories/unreviewed/2025/02/GHSA-62m6-f67r-3r6p/GHSA-62m6-f67r-3r6p.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-62m6-f67r-3r6p",
-  "modified": "2025-02-15T00:32:47Z",
+  "modified": "2026-02-23T15:31:14Z",
   "published": "2025-02-15T00:32:47Z",
   "aliases": [
     "CVE-2024-5462"
   ],
   "details": "If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/02/GHSA-m4cp-qj9v-7wpc/GHSA-m4cp-qj9v-7wpc.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m4cp-qj9v-7wpc",
-  "modified": "2025-02-15T00:32:47Z",
+  "modified": "2026-02-23T15:31:13Z",
   "published": "2025-02-15T00:32:47Z",
   "aliases": [
     "CVE-2024-5461"
   ],
   "details": "Implementation of the Simple Network \nManagement Protocol (SNMP) operating on the Brocade 6547 (FC5022) \nembedded switch blade, makes internal script calls to system.sh from \nwithin the SNMP binary. An authenticated attacker could perform command \nor parameter injection on SNMP operations that are only enabled on the \nBrocade 6547 (FC5022) embedded switch. This injection could allow the \nauthenticated attacker to issue commands as Root.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/10/GHSA-hm8v-8c3v-cxfq/GHSA-hm8v-8c3v-cxfq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hm8v-8c3v-cxfq",
-  "modified": "2026-02-05T21:32:35Z",
+  "modified": "2026-02-23T15:31:14Z",
   "published": "2025-10-03T12:33:14Z",
   "aliases": [
     "CVE-2025-11234"
@@ -39,6 +39,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:1831"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3077"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-11234"

advisories/unreviewed/2026/02/GHSA-25cv-hf25-fqf8/GHSA-25cv-hf25-fqf8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-25cv-hf25-fqf8",
-  "modified": "2026-02-19T18:31:54Z",
+  "modified": "2026-02-23T15:31:14Z",
   "published": "2026-02-19T18:31:54Z",
   "aliases": [
     "CVE-2025-69674"
   ],
   "details": "Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an attacker to execute arbitrary code via the node_mac, node_opt, opt_param, and domainblk parameters of the mesh_node_config and domiainblk_config modules",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-19T17:24:39Z"

advisories/unreviewed/2026/02/GHSA-438c-878c-qvmf/GHSA-438c-878c-qvmf.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-438c-878c-qvmf",
+  "modified": "2026-02-23T15:31:15Z",
+  "published": "2026-02-23T15:31:15Z",
+  "aliases": [
+    "CVE-2025-69700"
+  ],
+  "details": "Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69700"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xhh0124/SemVulLLM"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T14:16:21Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-4h76-926q-wxxw/GHSA-4h76-926q-wxxw.json

@@ -29,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-601"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/02/GHSA-c85p-r6x8-fqgr/GHSA-c85p-r6x8-fqgr.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c85p-r6x8-fqgr",
+  "modified": "2026-02-23T15:31:15Z",
+  "published": "2026-02-23T15:31:15Z",
+  "aliases": [
+    "CVE-2026-21420"
+  ],
+  "details": "Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21420"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000430183/dsa-2026-059-security-update-for-dell-repository-manager-vulnerability"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-427"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T14:16:21Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-cqp7-wf4c-3xgc/GHSA-cqp7-wf4c-3xgc.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/02/GHSA-g666-g65w-p8mh/GHSA-g666-g65w-p8mh.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g666-g65w-p8mh",
-  "modified": "2026-02-12T09:30:59Z",
+  "modified": "2026-02-23T15:31:14Z",
   "published": "2026-02-12T09:30:59Z",
   "aliases": [
     "CVE-2025-15577"
   ],
   "details": "An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:D/RE:M/U:Green"

advisories/unreviewed/2026/02/GHSA-jxwm-5mrm-6h8j/GHSA-jxwm-5mrm-6h8j.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jxwm-5mrm-6h8j",
-  "modified": "2026-02-19T21:30:47Z",
+  "modified": "2026-02-23T15:31:14Z",
   "published": "2026-02-19T21:30:47Z",
   "aliases": [
     "CVE-2025-67304"
   ],
   "details": "In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate remotely, gaining superuser access to the database. This allows creation of administrative users for the web interface, extraction of password hashes, and execution of arbitrary OS commands.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-798"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-19T20:25:24Z"