github
diff --git a/‎advisories/unreviewed/2026/03/GHSA-25hq-fgwv-mq8p/GHSA-25hq-fgwv-mq8p.json‎
Lines changed: 52 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-25hq-fgwv-mq8p/GHSA-25hq-fgwv-mq8p.json‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-2mxw-7frq-fx3r/GHSA-2mxw-7frq-fx3r.json‎
Lines changed: 56 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-2mxw-7frq-fx3r/GHSA-2mxw-7frq-fx3r.json‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-37g4-3496-g55p/GHSA-37g4-3496-g55p.json‎
Lines changed: 64 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-37g4-3496-g55p/GHSA-37g4-3496-g55p.json‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-3v7f-822w-wj7f/GHSA-3v7f-822w-wj7f.json‎
Lines changed: 52 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-3v7f-822w-wj7f/GHSA-3v7f-822w-wj7f.json‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-3vfg-jj7g-vwj6/GHSA-3vfg-jj7g-vwj6.json‎
Lines changed: 48 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-3vfg-jj7g-vwj6/GHSA-3vfg-jj7g-vwj6.json‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-3w7j-p64w-xf85/GHSA-3w7j-p64w-xf85.json‎
Lines changed: 48 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-3w7j-p64w-xf85/GHSA-3w7j-p64w-xf85.json‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-4c7p-c7mq-74m6/GHSA-4c7p-c7mq-74m6.json‎
Lines changed: 52 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-4c7p-c7mq-74m6/GHSA-4c7p-c7mq-74m6.json‎
Lines changed: 52 additions & 0 deletions
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-25hq-fgwv-mq8p",
+  "modified": "2026-03-22T15:31:28Z",
+  "published": "2026-03-22T15:31:28Z",
+  "aliases": [
+    "CVE-2019-25608"
+  ],
+  "details": "Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25608"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46863"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.iperiusbackup.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.iperiusbackup.com/download.aspx"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/iperius-backup-privilege-escalation-via-backup-job"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-520"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T14:16:28Z"
+  }
+}
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2mxw-7frq-fx3r",
+  "modified": "2026-03-22T15:31:29Z",
+  "published": "2026-03-22T15:31:28Z",
+  "aliases": [
+    "CVE-2026-4551"
+  ],
+  "details": "A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4551"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vul_db/blob/main/F453/vul_86/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352378"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352378"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774929"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T15:17:09Z"
+  }
+}
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-37g4-3496-g55p",
+  "modified": "2026-03-22T15:31:29Z",
+  "published": "2026-03-22T15:31:28Z",
+  "aliases": [
+    "CVE-2026-4550"
+  ],
+  "details": "A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4550"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Time-Based%20Blind%20SQL%20Injection%20in%20%20Simple%20Gym%20Management%20System%20in%20PHP%20Product.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Time-Based%20Blind%20SQL%20Injection%20in%20Simple%20Gym%20Management%20System%20in%20PHP.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352377"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352377"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774838"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.774839"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T14:16:35Z"
+  }
+}
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3v7f-822w-wj7f",
+  "modified": "2026-03-22T15:31:28Z",
+  "published": "2026-03-22T15:31:28Z",
+  "aliases": [
+    "CVE-2019-25593"
+  ],
+  "details": "jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25593"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46819"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/jetcast-server-denial-of-service-via-log-directory"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.jetaudio.com"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/Download/jetCast/build/JCS2000.exe"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1285"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T14:16:26Z"
+  }
+}
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3vfg-jj7g-vwj6",
+  "modified": "2026-03-22T15:31:28Z",
+  "published": "2026-03-22T15:31:28Z",
+  "aliases": [
+    "CVE-2019-25596"
+  ],
+  "details": "SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25596"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46778"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/spotauditor-name-field-denial-of-service"
+    },
+    {
+      "type": "WEB",
+      "url": "http://spotauditor.nsauditor.com/downloads/spotauditor_setup.exe"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1287"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T14:16:26Z"
+  }
+}
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3w7j-p64w-xf85",
+  "modified": "2026-03-22T15:31:28Z",
+  "published": "2026-03-22T15:31:28Z",
+  "aliases": [
+    "CVE-2019-25597"
+  ],
+  "details": "NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25597"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46757"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/nsauditor-denial-of-service-via-community-field"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.nsauditor.com/downloads/nsauditor_setup.exe"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T14:16:26Z"
+  }
+}
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4c7p-c7mq-74m6",
+  "modified": "2026-03-22T15:31:28Z",
+  "published": "2026-03-22T15:31:28Z",
+  "aliases": [
+    "CVE-2019-25594"
+  ],
+  "details": "ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger an application crash.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25594"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/46823"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/asprunner-net-denial-of-service-via-table-name-field"
+    },
+    {
+      "type": "WEB",
+      "url": "https://xlinesoft.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://xlinesoft.com/asprunnernet/download.htm"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-807"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-22T14:16:26Z"
+  }
+}