Reality2byte · pull · Feb 25, 2026 · Feb 25, 2026 · Feb 25, 2026
diff --git a/advisories/unreviewed/2025/07/GHSA-82xm-jwxq-4436/GHSA-82xm-jwxq-4436.json b/advisories/unreviewed/2025/07/GHSA-82xm-jwxq-4436/GHSA-82xm-jwxq-4436.json
@@ -30,7 +30,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-77"
+      "CWE-77",
+      "CWE-924"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

diff --git a/advisories/unreviewed/2025/11/GHSA-j47g-6v72-x3wr/GHSA-j47g-6v72-x3wr.json b/advisories/unreviewed/2025/11/GHSA-j47g-6v72-x3wr/GHSA-j47g-6v72-x3wr.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j47g-6v72-x3wr",
-  "modified": "2025-11-12T18:31:26Z",
+  "modified": "2026-02-25T06:31:14Z",
   "published": "2025-11-12T18:31:26Z",
   "aliases": [
     "CVE-2025-65001"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-FCCL-2025-072319-Security-Notice.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://ydinkin.substack.com/p/200-kernel-bugs-in-30-days"
     }
   ],
   "database_specific": {

diff --git a/advisories/unreviewed/2026/02/GHSA-3224-p867-265f/GHSA-3224-p867-265f.json b/advisories/unreviewed/2026/02/GHSA-3224-p867-265f/GHSA-3224-p867-265f.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3224-p867-265f",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-3100"
+  ],
+  "details": "Improper Certificate Validation vulnerability in ASUSTOR ADM FTP Backup on Linux, x86, ARM, 64 bit allows Sniffing Attacks.This issue affects ADM: from 4.1.0 through 4.3.3.ROF1, from 5.0.0 through 5.1.2.RE51.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3100"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.asustor.com/security/security_advisory_detail?id=53"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-295"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T06:16:26Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-3h75-x2ww-p6ww/GHSA-3h75-x2ww-p6ww.json b/advisories/unreviewed/2026/02/GHSA-3h75-x2ww-p6ww/GHSA-3h75-x2ww-p6ww.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3h75-x2ww-p6ww",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-25785"
+  ],
+  "details": "Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25785"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN79096585"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.motex.co.jp/news/notice/2026/release260225"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T06:16:25Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-4jxf-pwgr-9m4j/GHSA-4jxf-pwgr-9m4j.json b/advisories/unreviewed/2026/02/GHSA-4jxf-pwgr-9m4j/GHSA-4jxf-pwgr-9m4j.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4jxf-pwgr-9m4j",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-3163"
+  ],
+  "details": "A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3163"
+    },
+    {
+      "type": "WEB",
+      "url": "https://medium.com/@hemantrajbhati5555/ssrf-vulnerability-in-sourcecodester-website-link-extractor-v1-0-5df6bb708f5e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347670"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347670"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.758932"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T06:16:26Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-4v56-g6h4-6655/GHSA-4v56-g6h4-6655.json b/advisories/unreviewed/2026/02/GHSA-4v56-g6h4-6655/GHSA-4v56-g6h4-6655.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4v56-g6h4-6655",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-3150"
+  ],
+  "details": "A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacher_id leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3150"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Zhangchao404/cve/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347658"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347658"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.758829"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T05:17:29Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-55xf-4pmg-v3xm/GHSA-55xf-4pmg-v3xm.json b/advisories/unreviewed/2026/02/GHSA-55xf-4pmg-v3xm/GHSA-55xf-4pmg-v3xm.json
@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-55xf-4pmg-v3xm",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-3147"
+  ],
+  "details": "A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as b3ab458a25e0e261cbd1788474bbc763f7435780. It is advisable to implement a patch to correct this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3147"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libvips/libvips/issues/4874"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libvips/libvips/issues/4874#issue-3943617697"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libvips/libvips/pull/4894"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libvips/libvips/commit/b3ab458a25e0e261cbd1788474bbc763f7435780"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libvips/libvips"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347653"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347653"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.758692"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T04:16:05Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-5825-95cg-hj5r/GHSA-5825-95cg-hj5r.json b/advisories/unreviewed/2026/02/GHSA-5825-95cg-hj5r/GHSA-5825-95cg-hj5r.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5825-95cg-hj5r",
+  "modified": "2026-02-25T09:30:27Z",
+  "published": "2026-02-25T09:30:27Z",
+  "aliases": [
+    "CVE-2026-2416"
+  ],
+  "details": "The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.17. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2416"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/geo-mashup/tags/1.13.17/geo-mashup-db.php#L1530"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/geo-mashup/tags/1.13.17/geo-mashup-db.php#L1701"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3461591/geo-mashup"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ab5ca55-0a8a-45a8-9ab0-aa3bbfa85417?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T09:16:15Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-68cf-j259-wgr8/GHSA-68cf-j259-wgr8.json b/advisories/unreviewed/2026/02/GHSA-68cf-j259-wgr8/GHSA-68cf-j259-wgr8.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-68cf-j259-wgr8",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:14Z",
+  "aliases": [
+    "CVE-2026-27744"
+  ],
+  "details": "The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment rendering (#ENV**), which disables SPIP output filtering. As a result, an unauthenticated attacker can inject crafted content that is evaluated through SPIP's template processing chain, leading to execution of code in the context of the web server.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27744"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.spip.net/spip-contrib-extensions/tickets/-/commit/869935b6687822ed79ad5477626a664d8ea6dcf7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.spip.net/tickets"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/spip-tickets-unauthenticated-rce"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T04:16:04Z"
+  }
+}