Publish Advisories

GHSA-2vwv-vqpv-v8vc
GHSA-c75f-55f6-f63q
GHSA-xrqh-48jh-pjv2
GHSA-fjqg-327f-q6hw
GHSA-gq9g-w427-pc6x
GHSA-hhv5-qpmh-pc66
GHSA-j3m8-qm5j-mgwc
GHSA-vjmw-64m9-xqq5

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-2vwv-vqpv-v8vc/GHSA-2vwv-vqpv-v8vc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2vwv-vqpv-v8vc",
-  "modified": "2026-04-22T18:31:37Z",
+  "modified": "2026-04-23T09:32:56Z",
   "published": "2026-03-30T09:31:29Z",
   "aliases": [
     "CVE-2026-5121"
@@ -82,6 +82,10 @@
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:8510"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:10065"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-c75f-55f6-f63q/GHSA-c75f-55f6-f63q.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c75f-55f6-f63q",
-  "modified": "2026-04-22T21:31:37Z",
+  "modified": "2026-04-23T09:32:56Z",
   "published": "2026-03-19T15:31:21Z",
   "aliases": [
     "CVE-2026-4424"
@@ -90,6 +90,10 @@
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:8492"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:10065"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-xrqh-48jh-pjv2/GHSA-xrqh-48jh-pjv2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xrqh-48jh-pjv2",
-  "modified": "2026-04-22T18:31:36Z",
+  "modified": "2026-04-23T09:32:56Z",
   "published": "2026-03-13T21:31:51Z",
   "aliases": [
     "CVE-2026-4111"
@@ -90,6 +90,10 @@
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:5063"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:10065"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/04/GHSA-fjqg-327f-q6hw/GHSA-fjqg-327f-q6hw.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fjqg-327f-q6hw",
+  "modified": "2026-04-23T09:32:57Z",
+  "published": "2026-04-23T09:32:57Z",
+  "aliases": [
+    "CVE-2026-4106"
+  ],
+  "details": "The HT Mega Addons for Elementor  WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4106"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/9477ead2-3990-4aae-8e66-09ee2f4daa3e"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T07:16:41Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-gq9g-w427-pc6x/GHSA-gq9g-w427-pc6x.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gq9g-w427-pc6x",
+  "modified": "2026-04-23T09:32:57Z",
+  "published": "2026-04-23T09:32:57Z",
+  "aliases": [
+    "CVE-2026-4512"
+  ],
+  "details": "The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptcha_js() function. This allows administrators on multisite installations (who do not have the unfiltered_html capability) to inject arbitrary JavaScript that executes for all visitors to the WordPress login page.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4512"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/6dfb4378-fe6a-4462-af10-8e7504e3d593"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T07:16:41Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-hhv5-qpmh-pc66/GHSA-hhv5-qpmh-pc66.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hhv5-qpmh-pc66",
+  "modified": "2026-04-23T09:32:56Z",
+  "published": "2026-04-23T09:32:56Z",
+  "aliases": [
+    "CVE-2025-10549"
+  ],
+  "details": "EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\\SYSTEM.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10549"
+    },
+    {
+      "type": "WEB",
+      "url": "https://kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/controlio"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-427"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T07:16:39Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-j3m8-qm5j-mgwc/GHSA-j3m8-qm5j-mgwc.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j3m8-qm5j-mgwc",
+  "modified": "2026-04-23T09:32:56Z",
+  "published": "2026-04-23T09:32:56Z",
+  "aliases": [
+    "CVE-2026-34488"
+  ],
+  "details": "IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34488"
+    },
+    {
+      "type": "WEB",
+      "url": "https://i-pro.com/products_and_solutions/en/surveillance/solutions/technologies/cyber-security/psirt/security-advisories"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN42090270"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-427"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T07:16:40Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-vjmw-64m9-xqq5/GHSA-vjmw-64m9-xqq5.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vjmw-64m9-xqq5",
+  "modified": "2026-04-23T09:32:57Z",
+  "published": "2026-04-23T09:32:57Z",
+  "aliases": [
+    "CVE-2026-41040"
+  ],
+  "details": "GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41040"
+    },
+    {
+      "type": "WEB",
+      "url": "https://growi.co.jp/news/44"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN46728373"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1333"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-23T07:16:41Z"
+  }
+}