github
diff --git a/‎advisories/unreviewed/2026/02/GHSA-pm8w-jq9r-x5rp/GHSA-pm8w-jq9r-x5rp.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2026/02/GHSA-pm8w-jq9r-x5rp/GHSA-pm8w-jq9r-x5rp.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/02/GHSA-qvwr-8759-6g2c/GHSA-qvwr-8759-6g2c.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2026/02/GHSA-qvwr-8759-6g2c/GHSA-qvwr-8759-6g2c.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/03/GHSA-3xw8-g6v7-h2gh/GHSA-3xw8-g6v7-h2gh.json‎
Lines changed: 18 additions & 1 deletion b/‎advisories/unreviewed/2026/03/GHSA-3xw8-g6v7-h2gh/GHSA-3xw8-g6v7-h2gh.json‎
Lines changed: 18 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/03/GHSA-c75f-55f6-f63q/GHSA-c75f-55f6-f63q.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2026/03/GHSA-c75f-55f6-f63q/GHSA-c75f-55f6-f63q.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/03/GHSA-q226-8c4v-p73w/GHSA-q226-8c4v-p73w.json‎
Lines changed: 22 additions & 1 deletion b/‎advisories/unreviewed/2026/03/GHSA-q226-8c4v-p73w/GHSA-q226-8c4v-p73w.json‎
Lines changed: 22 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/03/GHSA-qgvm-cj9x-53jj/GHSA-qgvm-cj9x-53jj.json‎
Lines changed: 18 additions & 1 deletion b/‎advisories/unreviewed/2026/03/GHSA-qgvm-cj9x-53jj/GHSA-qgvm-cj9x-53jj.json‎
Lines changed: 18 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/04/GHSA-24rc-w3ff-pw6w/GHSA-24rc-w3ff-pw6w.json‎
Lines changed: 100 additions & 0 deletions b/‎advisories/unreviewed/2026/04/GHSA-24rc-w3ff-pw6w/GHSA-24rc-w3ff-pw6w.json‎
Lines changed: 100 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/04/GHSA-2755-2mm4-rm5c/GHSA-2755-2mm4-rm5c.json‎
Lines changed: 48 additions & 0 deletions b/‎advisories/unreviewed/2026/04/GHSA-2755-2mm4-rm5c/GHSA-2755-2mm4-rm5c.json‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/04/GHSA-3hwj-7r29-g5vv/GHSA-3hwj-7r29-g5vv.json‎
Lines changed: 33 additions & 0 deletions b/‎advisories/unreviewed/2026/04/GHSA-3hwj-7r29-g5vv/GHSA-3hwj-7r29-g5vv.json‎
Lines changed: 33 additions & 0 deletions
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pm8w-jq9r-x5rp",
-  "modified": "2026-04-17T15:31:05Z",
+  "modified": "2026-04-22T21:31:17Z",
   "published": "2026-02-09T15:30:31Z",
   "aliases": [
     "CVE-2025-14831"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:8746"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7477"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:7335"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qvwr-8759-6g2c",
-  "modified": "2026-02-25T12:30:29Z",
+  "modified": "2026-04-22T21:31:17Z",
   "published": "2026-02-25T12:30:29Z",
   "aliases": [
     "CVE-2026-3118"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3118"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:9742"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-3118"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3xw8-g6v7-h2gh",
-  "modified": "2026-03-13T21:31:46Z",
+  "modified": "2026-04-22T21:31:32Z",
   "published": "2026-03-13T21:31:46Z",
   "aliases": [
     "CVE-2026-22192"
@@ -23,6 +23,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22192"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt"
+    },
+    {
+      "type": "WEB",
+      "url": "https://voltronicpower.com"
+    },
     {
       "type": "WEB",
       "url": "https://wordpress.org/plugins/wpdiscuz"
@@ -31,13 +39,22 @@
       "type": "WEB",
       "url": "https://wordpress.org/plugins/wpdiscuz/#developers"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-authentication-bypass-via-localstorage"
+    },
     {
       "type": "WEB",
       "url": "https://www.vulncheck.com/advisories/wpdiscuz-before-stored-cross-site-scripting-via-malicious-options-import"
     }
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-306",
       "CWE-79"
     ],
     "severity": "MODERATE",
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c75f-55f6-f63q",
-  "modified": "2026-04-22T18:31:37Z",
+  "modified": "2026-04-22T21:31:37Z",
   "published": "2026-03-19T15:31:21Z",
   "aliases": [
     "CVE-2026-4424"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:9026"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:8944"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:8908"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q226-8c4v-p73w",
-  "modified": "2026-03-13T21:31:46Z",
+  "modified": "2026-04-22T21:31:32Z",
   "published": "2026-03-13T21:31:46Z",
   "aliases": [
     "CVE-2026-22191"
@@ -23,6 +23,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22191"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txt"
+    },
     {
       "type": "WEB",
       "url": "https://wordpress.org/plugins/wpdiscuz"
@@ -31,13 +39,26 @@
       "type": "WEB",
       "url": "https://wordpress.org/plugins/wpdiscuz/#developers"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.beghelli.it"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-template-injection"
+    },
     {
       "type": "WEB",
       "url": "https://www.vulncheck.com/advisories/wpdiscuz-before-server-side-shortcode-injection-via-email-notifications"
     }
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-1336",
       "CWE-94"
     ],
     "severity": "MODERATE",
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qgvm-cj9x-53jj",
-  "modified": "2026-03-13T21:31:46Z",
+  "modified": "2026-04-22T21:31:32Z",
   "published": "2026-03-13T21:31:46Z",
   "aliases": [
     "CVE-2026-22199"
@@ -23,6 +23,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22199"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt"
+    },
+    {
+      "type": "WEB",
+      "url": "https://voltronicpower.com"
+    },
     {
       "type": "WEB",
       "url": "https://wordpress.org/plugins/wpdiscuz"
@@ -31,13 +39,22 @@
       "type": "WEB",
       "url": "https://wordpress.org/plugins/wpdiscuz/#developers"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-path-traversal-via-upload-cgi"
+    },
     {
       "type": "WEB",
       "url": "https://www.vulncheck.com/advisories/wpdiscuz-before-vote-manipulation-via-nonce-oracle-and-ip-rotation"
     }
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-22",
       "CWE-290"
     ],
     "severity": "MODERATE",
 
@@ -0,0 +1,100 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-24rc-w3ff-pw6w",
+  "modified": "2026-04-22T21:31:44Z",
+  "published": "2026-04-22T21:31:43Z",
+  "aliases": [
+    "CVE-2026-4812"
+  ],
+  "details": "The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions without proper authorization checks. This makes it possible for unauthenticated attackers with access to a frontend ACF form to enumerate and disclose information about draft/private posts, restricted post types, and other data that should be restricted by field configuration.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4812"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-page_link.php#L144"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-post_object.php#L155"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-post_object.php#L92"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-relationship.php#L118"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-relationship.php#L171"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-relationship.php#L180"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-relationship.php#L187"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-user.php#L435"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-page_link.php#L144"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-post_object.php#L155"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-post_object.php#L92"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-relationship.php#L118"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-relationship.php#L171"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-relationship.php#L180"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-relationship.php#L187"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-user.php#L435"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/51e3a976-a1a3-411a-b88c-f1cb2aa8d5eb?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-15T04:17:48Z"
+  }
+}
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2755-2mm4-rm5c",
+  "modified": "2026-04-22T21:32:11Z",
+  "published": "2026-04-22T21:32:11Z",
+  "aliases": [
+    "CVE-2026-6019"
+  ],
+  "details": "http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes \" for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6019"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/python/cpython/issues/90309"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/python/cpython/pull/148848"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-150"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-22T20:16:42Z"
+  }
+}
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3hwj-7r29-g5vv",
+  "modified": "2026-04-22T21:32:10Z",
+  "published": "2026-04-22T21:32:10Z",
+  "aliases": [
+    "CVE-2026-28950"
+  ],
+  "details": "A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28950"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/127002"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/127003"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-22T19:17:00Z"
+  }
+}