Publish Advisories

GHSA-3p5v-c45v-mqqc
GHSA-42m2-x7rv-fg34
GHSA-4m3v-5p6w-fv99
GHSA-595f-wpcr-x297
GHSA-7w6x-pfmg-76xx
GHSA-8q42-qfhf-592h
GHSA-cr8r-qr27-mm7q
GHSA-g3wg-j2ff-prcp
GHSA-hp4v-mqpf-9mwh
GHSA-m76h-rrc9-vvgj
GHSA-qmcv-hh7c-3m56
GHSA-qxgc-wc3f-24c9
GHSA-wx6x-8rvm-6rmr

Author: advisory-database[bot]

advisories/unreviewed/2026/04/GHSA-3p5v-c45v-mqqc/GHSA-3p5v-c45v-mqqc.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3p5v-c45v-mqqc",
+  "modified": "2026-04-23T12:31:34Z",
+  "published": "2026-04-23T12:31:34Z",
+  "aliases": [
+    "CVE-2025-62104"
+  ],
+  "details": "Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62104"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/wordpress/plugin/acf-galerie-4/vulnerability/wordpress-acf-galerie-4-plugin-1-4-2-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T12:17:01Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-42m2-x7rv-fg34/GHSA-42m2-x7rv-fg34.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-42m2-x7rv-fg34",
+  "modified": "2026-04-23T12:31:34Z",
+  "published": "2026-04-23T12:31:34Z",
+  "aliases": [
+    "CVE-2026-6903"
+  ],
+  "details": "The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the LabOne software.\n\nAdditionally, the Web Server does not sufficiently restrict cross-origin requests, which could allow a remote attacker to trigger file access from a victim's browser by directing the victim to a malicious website.\n\nThe vulnerability is only exploitable when the LabOne Web Server is running. Installations using only the LabOne APIs without starting the Web Server are not exposed.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6903"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zhinst.com/support/download-center"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zhinst.com/support/security/2026/zi-sa-2026-001"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T10:16:18Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-4m3v-5p6w-fv99/GHSA-4m3v-5p6w-fv99.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4m3v-5p6w-fv99",
+  "modified": "2026-04-23T12:31:34Z",
+  "published": "2026-04-23T12:31:34Z",
+  "aliases": [
+    "CVE-2026-6885"
+  ],
+  "details": "Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6885"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/en/cp-139-10863-2f48e-2.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-434"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T10:16:18Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-595f-wpcr-x297/GHSA-595f-wpcr-x297.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-595f-wpcr-x297",
+  "modified": "2026-04-23T12:31:34Z",
+  "published": "2026-04-23T12:31:34Z",
+  "aliases": [
+    "CVE-2025-62110"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62110"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/wordpress/plugin/rescue-shortcodes/vulnerability/wordpress-rescue-shortcodes-plugin-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T12:17:01Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-7w6x-pfmg-76xx/GHSA-7w6x-pfmg-76xx.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7w6x-pfmg-76xx",
+  "modified": "2026-04-23T12:31:35Z",
+  "published": "2026-04-23T12:31:34Z",
+  "aliases": [
+    "CVE-2026-31532"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: raw: fix ro->uniq use-after-free in raw_rcv()\n\nraw_release() unregisters raw CAN receive filters via can_rx_unregister(),\nbut receiver deletion is deferred with call_rcu(). This leaves a window\nwhere raw_rcv() may still be running in an RCU read-side critical section\nafter raw_release() frees ro->uniq, leading to a use-after-free of the\npercpu uniq storage.\n\nMove free_percpu(ro->uniq) out of raw_release() and into a raw-specific\nsocket destructor. can_rx_unregister() takes an extra reference to the\nsocket and only drops it from the RCU callback, so freeing uniq from\nsk_destruct ensures the percpu area is not released until the relevant\ncallbacks have drained.\n\n[mkl: applied manually]",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31532"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1a0f2de81f7fbdc538fc72d7d74609b79bc83cc0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/34c1741254ff972e8375faf176678a248826fe3a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/572f0bf536ebc14f6e7da3d21a85cf076de8358e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/7201a531b9a5ed892bfda5ded9194ef622de8ffa"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T12:17:01Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-8q42-qfhf-592h/GHSA-8q42-qfhf-592h.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8q42-qfhf-592h",
+  "modified": "2026-04-23T12:31:34Z",
+  "published": "2026-04-23T12:31:34Z",
+  "aliases": [
+    "CVE-2026-31531"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()\n\nWhen querying a nexthop object via RTM_GETNEXTHOP, the kernel currently\nallocates a fixed-size skb using NLMSG_GOODSIZE. While sufficient for\nsingle nexthops and small Equal-Cost Multi-Path groups, this fixed\nallocation fails for large nexthop groups like 512 nexthops.\n\nThis results in the following warning splat:\n\n WARNING: net/ipv4/nexthop.c:3395 at rtm_get_nexthop+0x176/0x1c0, CPU#20: rep/4608\n [...]\n RIP: 0010:rtm_get_nexthop (net/ipv4/nexthop.c:3395)\n [...]\n Call Trace:\n  <TASK>\n  rtnetlink_rcv_msg (net/core/rtnetlink.c:6989)\n  netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n  netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\n  netlink_sendmsg (net/netlink/af_netlink.c:1894)\n  ____sys_sendmsg (net/socket.c:721 net/socket.c:736 net/socket.c:2585)\n  ___sys_sendmsg (net/socket.c:2641)\n  __sys_sendmsg (net/socket.c:2671)\n  do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n  </TASK>\n\nFix this by allocating the size dynamically using nh_nlmsg_size() and\nusing nlmsg_new(), this is consistent with nexthop_notify() behavior. In\naddition, adjust nh_nlmsg_size_grp() so it calculates the size needed\nbased on flags passed. While at it, also add the size of NHA_FDB for\nnexthop group size calculation as it was missing too.\n\nThis cannot be reproduced via iproute2 as the group size is currently\nlimited and the command fails as follows:\n\naddattr_l ERROR: message exceeded bound of 1048",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31531"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/14cf0cd35361f4e94824bf8a42f72713d7702a73"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/40bd39e383a0478fd5c221f393df05fd9d70cfbc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/615517f3f8d53b0cf41507c7599971e17adfdfa5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/635038fe19db391117e66b46bdc2b6e447ac801d"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T12:17:01Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-cr8r-qr27-mm7q/GHSA-cr8r-qr27-mm7q.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cr8r-qr27-mm7q",
+  "modified": "2026-04-23T12:31:34Z",
+  "published": "2026-04-23T12:31:34Z",
+  "aliases": [
+    "CVE-2026-28040"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.0.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28040"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/wordpress/plugin/ecab-taxi-booking-manager/vulnerability/wordpress-taxi-booking-manager-for-woocommerce-plugin-2-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T12:17:01Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-g3wg-j2ff-prcp/GHSA-g3wg-j2ff-prcp.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g3wg-j2ff-prcp",
+  "modified": "2026-04-23T12:31:34Z",
+  "published": "2026-04-23T12:31:34Z",
+  "aliases": [
+    "CVE-2026-3259"
+  ],
+  "details": "A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error during the refresh process.\n\nThis vulnerability was patched on 29 January 2026, and no customer action is needed.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3259"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.cloud.google.com/bigquery/docs/release-notes/#April_15_2026"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-209"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T10:16:16Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-hp4v-mqpf-9mwh/GHSA-hp4v-mqpf-9mwh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hp4v-mqpf-9mwh",
-  "modified": "2026-04-13T21:30:36Z",
+  "modified": "2026-04-23T12:31:34Z",
   "published": "2026-04-08T09:31:34Z",
   "aliases": [
     "CVE-2026-39669"

advisories/unreviewed/2026/04/GHSA-m76h-rrc9-vvgj/GHSA-m76h-rrc9-vvgj.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m76h-rrc9-vvgj",
+  "modified": "2026-04-23T12:31:34Z",
+  "published": "2026-04-23T12:31:34Z",
+  "aliases": [
+    "CVE-2026-6887"
+  ],
+  "details": "Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6887"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/en/cp-139-10863-2f48e-2.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T10:16:18Z"
+  }
+}