Publish Advisories

GHSA-5r25-p9f2-w2xv
GHSA-cqj4-fp95-jqxq
GHSA-h592-gmp8-rvr7
GHSA-j3qr-8f3v-fgjj
GHSA-vjmw-pmxv-8c6w
GHSA-vpmj-h28j-ffpp
GHSA-6c6m-rc4v-fp65
GHSA-923r-23pf-6337
GHSA-9jvv-qw4v-hm39
GHSA-fmg2-6qx8-qwc3
GHSA-v4c4-58mq-6g8m
GHSA-vmc5-xpp6-2j82

Author: advisory-database[bot]

advisories/unreviewed/2025/02/GHSA-5r25-p9f2-w2xv/GHSA-5r25-p9f2-w2xv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5r25-p9f2-w2xv",
-  "modified": "2025-09-18T09:31:12Z",
+  "modified": "2026-03-25T00:31:11Z",
   "published": "2025-02-19T18:32:24Z",
   "aliases": [
     "CVE-2025-1118"
@@ -30,6 +30,14 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346137"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/02/GHSA-cqj4-fp95-jqxq/GHSA-cqj4-fp95-jqxq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cqj4-fp95-jqxq",
-  "modified": "2025-10-06T12:30:29Z",
+  "modified": "2026-03-25T00:31:10Z",
   "published": "2025-02-10T18:30:46Z",
   "aliases": [
     "CVE-2024-12243"
@@ -47,6 +47,10 @@
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344615"
     },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.com/gnutls/gnutls/-/issues/1553"
+    },
     {
       "type": "WEB",
       "url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"

advisories/unreviewed/2025/02/GHSA-h592-gmp8-rvr7/GHSA-h592-gmp8-rvr7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h592-gmp8-rvr7",
-  "modified": "2025-09-18T09:31:12Z",
+  "modified": "2026-03-25T00:31:11Z",
   "published": "2025-02-19T21:31:38Z",
   "aliases": [
     "CVE-2025-0677"
@@ -34,6 +34,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346116"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/02/GHSA-j3qr-8f3v-fgjj/GHSA-j3qr-8f3v-fgjj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j3qr-8f3v-fgjj",
-  "modified": "2025-10-06T03:31:37Z",
+  "modified": "2026-03-25T00:31:10Z",
   "published": "2025-02-10T18:30:47Z",
   "aliases": [
     "CVE-2024-12133"
@@ -47,6 +47,10 @@
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
     },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md"
+    },
     {
       "type": "WEB",
       "url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"

advisories/unreviewed/2025/02/GHSA-vjmw-pmxv-8c6w/GHSA-vjmw-pmxv-8c6w.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vjmw-pmxv-8c6w",
-  "modified": "2025-09-18T09:31:12Z",
+  "modified": "2026-03-25T00:31:10Z",
   "published": "2025-02-18T21:32:52Z",
   "aliases": [
     "CVE-2025-0622"
@@ -34,6 +34,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345865"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/03/GHSA-vpmj-h28j-ffpp/GHSA-vpmj-h28j-ffpp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vpmj-h28j-ffpp",
-  "modified": "2025-03-03T18:31:28Z",
+  "modified": "2026-03-25T00:31:11Z",
   "published": "2025-03-03T18:31:28Z",
   "aliases": [
     "CVE-2024-45778"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345640"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-6c6m-rc4v-fp65/GHSA-6c6m-rc4v-fp65.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6c6m-rc4v-fp65",
+  "modified": "2026-03-25T00:31:11Z",
+  "published": "2026-03-25T00:31:11Z",
+  "aliases": [
+    "CVE-2026-4779"
+  ],
+  "details": "A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4779"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateCustomerDetails-sid.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352797"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352797"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.775172"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T23:17:12Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-923r-23pf-6337/GHSA-923r-23pf-6337.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-923r-23pf-6337",
+  "modified": "2026-03-25T00:31:11Z",
+  "published": "2026-03-25T00:31:11Z",
+  "aliases": [
+    "CVE-2026-4781"
+  ],
+  "details": "A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4781"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdatePurchase-sid.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352799"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352799"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.775174"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-25T00:16:41Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-9jvv-qw4v-hm39/GHSA-9jvv-qw4v-hm39.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9jvv-qw4v-hm39",
+  "modified": "2026-03-25T00:31:11Z",
+  "published": "2026-03-25T00:31:11Z",
+  "aliases": [
+    "CVE-2026-4777"
+  ],
+  "details": "A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4777"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-ViewSupplier-searchtxt.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352795"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352795"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.775169"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T22:16:24Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-fmg2-6qx8-qwc3/GHSA-fmg2-6qx8-qwc3.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fmg2-6qx8-qwc3",
+  "modified": "2026-03-25T00:31:11Z",
+  "published": "2026-03-25T00:31:11Z",
+  "aliases": [
+    "CVE-2026-4778"
+  ],
+  "details": "A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4778"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateCategory-sid.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.352796"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.352796"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.775171"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-24T23:17:12Z"
+  }
+}