Skip to content

Commit b2b61ba

Browse files
author
cvelistV5 Github Action
committed
45 changes (42 new | 3 updated):
 - 42 new CVEs: CVE-2026-40520, CVE-2026-6746, CVE-2026-6747, CVE-2026-6748, CVE-2026-6749, CVE-2026-6750, CVE-2026-6751, CVE-2026-6752, CVE-2026-6753, CVE-2026-6754, CVE-2026-6755, CVE-2026-6756, CVE-2026-6757, CVE-2026-6758, CVE-2026-6759, CVE-2026-6760, CVE-2026-6761, CVE-2026-6762, CVE-2026-6763, CVE-2026-6764, CVE-2026-6765, CVE-2026-6766, CVE-2026-6767, CVE-2026-6768, CVE-2026-6769, CVE-2026-6770, CVE-2026-6771, CVE-2026-6772, CVE-2026-6773, CVE-2026-6774, CVE-2026-6775, CVE-2026-6776, CVE-2026-6777, CVE-2026-6778, CVE-2026-6779, CVE-2026-6780, CVE-2026-6781, CVE-2026-6782, CVE-2026-6783, CVE-2026-6784, CVE-2026-6785, CVE-2026-6786 - 3 updated CVEs: CVE-2026-2781, CVE-2026-41300, CVE-2026-6674
1 parent 059ba39 commit b2b61ba

47 files changed

Lines changed: 3735 additions & 15 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

cves/2026/2xxx/CVE-2026-2781.json

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "mozilla",
99
"dateReserved": "2026-02-19T15:06:13.592Z",
1010
"datePublished": "2026-02-24T13:33:15.551Z",
11-
"dateUpdated": "2026-04-13T13:53:25.426Z"
11+
"dateUpdated": "2026-04-21T12:40:43.312Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -17,6 +17,12 @@
1717
"product": "Firefox",
1818
"vendor": "Mozilla",
1919
"versions": [
20+
{
21+
"status": "unaffected",
22+
"version": "115.35",
23+
"lessThanOrEqual": "115.*",
24+
"versionType": "rpm"
25+
},
2026
{
2127
"status": "unaffected",
2228
"version": "140.8",
@@ -53,12 +59,12 @@
5359
"descriptions": [
5460
{
5561
"lang": "en",
56-
"value": "Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.",
62+
"value": "Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35.",
5763
"supportingMedia": [
5864
{
5965
"type": "text/html",
6066
"base64": false,
61-
"value": "Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8."
67+
"value": "Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35."
6268
}
6369
]
6470
}
@@ -79,6 +85,9 @@
7985
},
8086
{
8187
"url": "https://www.mozilla.org/security/advisories/mfsa2026-17/"
88+
},
89+
{
90+
"url": "https://www.mozilla.org/security/advisories/mfsa2026-31/"
8291
}
8392
],
8493
"credits": [
@@ -90,7 +99,7 @@
9099
"providerMetadata": {
91100
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
92101
"shortName": "mozilla",
93-
"dateUpdated": "2026-04-13T13:53:25.426Z"
102+
"dateUpdated": "2026-04-21T12:40:43.312Z"
94103
}
95104
},
96105
"adp": [

cves/2026/40xxx/CVE-2026-40520.json

Lines changed: 166 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,166 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.2",
4+
"cveMetadata": {
5+
"cveId": "CVE-2026-40520",
6+
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "VulnCheck",
9+
"dateReserved": "2026-04-13T20:29:02.810Z",
10+
"datePublished": "2026-04-21T12:41:05.281Z",
11+
"dateUpdated": "2026-04-21T12:41:05.281Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"providerMetadata": {
16+
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
17+
"shortName": "VulnCheck",
18+
"dateUpdated": "2026-04-21T12:41:05.281Z"
19+
},
20+
"title": "FreePBX api module Command Injection via GraphQL",
21+
"problemTypes": [
22+
{
23+
"descriptions": [
24+
{
25+
"lang": "en",
26+
"cweId": "CWE-78",
27+
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
28+
"type": "CWE"
29+
}
30+
]
31+
}
32+
],
33+
"affected": [
34+
{
35+
"vendor": "FreePBX",
36+
"product": "api",
37+
"repo": "https://github.com/FreePBX/api",
38+
"versions": [
39+
{
40+
"status": "affected",
41+
"version": "0",
42+
"lessThanOrEqual": "17.0.8",
43+
"versionType": "semver"
44+
},
45+
{
46+
"status": "unaffected",
47+
"version": "5f194e39a47e5481e8947f9694304d32724175f6",
48+
"versionType": "git"
49+
}
50+
],
51+
"defaultStatus": "unaffected"
52+
}
53+
],
54+
"descriptions": [
55+
{
56+
"lang": "en",
57+
"value": "FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL moduleOperations mutation with backtick-wrapped commands in the module field to execute arbitrary commands on the underlying host as the web server user.",
58+
"supportingMedia": [
59+
{
60+
"type": "text/html",
61+
"base64": false,
62+
"value": "FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL moduleOperations mutation with backtick-wrapped commands in the module field to execute arbitrary commands on the underlying host as the web server user.<br>"
63+
}
64+
]
65+
}
66+
],
67+
"references": [
68+
{
69+
"url": "https://github.com/FreePBX/api/commit/5f194e39a47e5481e8947f9694304d32724175f6",
70+
"tags": [
71+
"patch"
72+
]
73+
},
74+
{
75+
"url": "https://github.com/FreePBX/api/blob/5f194e39a47e5481e8947f9694304d32724175f6/Api.class.php#L546C1-L554C3",
76+
"tags": [
77+
"related"
78+
]
79+
},
80+
{
81+
"url": "https://github.com/FreePBX/api/blob/5f194e39a47e5481e8947f9694304d32724175f6/ApiGqlHelper.class.php#L34C1-L36C136",
82+
"tags": [
83+
"related"
84+
]
85+
},
86+
{
87+
"url": "https://www.vulncheck.com/advisories/freepbx-api-module-command-injection-via-graphql",
88+
"tags": [
89+
"third-party-advisory"
90+
]
91+
}
92+
],
93+
"metrics": [
94+
{
95+
"format": "CVSS",
96+
"scenarios": [
97+
{
98+
"lang": "en",
99+
"value": "GENERAL"
100+
}
101+
],
102+
"cvssV4_0": {
103+
"attackVector": "NETWORK",
104+
"attackComplexity": "LOW",
105+
"attackRequirements": "NONE",
106+
"privilegesRequired": "HIGH",
107+
"userInteraction": "NONE",
108+
"vulnConfidentialityImpact": "HIGH",
109+
"subConfidentialityImpact": "NONE",
110+
"vulnIntegrityImpact": "HIGH",
111+
"subIntegrityImpact": "NONE",
112+
"vulnAvailabilityImpact": "HIGH",
113+
"subAvailabilityImpact": "NONE",
114+
"exploitMaturity": "NOT_DEFINED",
115+
"Safety": "NOT_DEFINED",
116+
"Automatable": "NOT_DEFINED",
117+
"Recovery": "NOT_DEFINED",
118+
"valueDensity": "NOT_DEFINED",
119+
"vulnerabilityResponseEffort": "NOT_DEFINED",
120+
"providerUrgency": "NOT_DEFINED",
121+
"version": "4.0",
122+
"baseSeverity": "HIGH",
123+
"baseScore": 8.6,
124+
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
125+
}
126+
},
127+
{
128+
"format": "CVSS",
129+
"scenarios": [
130+
{
131+
"lang": "en",
132+
"value": "GENERAL"
133+
}
134+
],
135+
"cvssV3_1": {
136+
"version": "3.1",
137+
"attackVector": "NETWORK",
138+
"attackComplexity": "LOW",
139+
"privilegesRequired": "HIGH",
140+
"userInteraction": "NONE",
141+
"scope": "UNCHANGED",
142+
"confidentialityImpact": "HIGH",
143+
"integrityImpact": "HIGH",
144+
"availabilityImpact": "HIGH",
145+
"baseSeverity": "HIGH",
146+
"baseScore": 7.2,
147+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
148+
}
149+
}
150+
],
151+
"credits": [
152+
{
153+
"lang": "en",
154+
"value": "M. Cory Billington of theyhack.me",
155+
"type": "reporter"
156+
}
157+
],
158+
"source": {
159+
"discovery": "INTERNAL"
160+
},
161+
"x_generator": {
162+
"engine": "Vulnogram 1.0.1"
163+
}
164+
}
165+
}
166+
}

cves/2026/41xxx/CVE-2026-41300.json

Lines changed: 36 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "VulnCheck",
99
"dateReserved": "2026-04-20T14:01:13.151Z",
1010
"datePublished": "2026-04-20T23:08:13.304Z",
11-
"dateUpdated": "2026-04-20T23:08:13.304Z"
11+
"dateUpdated": "2026-04-21T13:03:24.309Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -173,6 +173,40 @@
173173
"x_generator": {
174174
"engine": "vulncheck"
175175
}
176-
}
176+
},
177+
"adp": [
178+
{
179+
"metrics": [
180+
{
181+
"other": {
182+
"type": "ssvc",
183+
"content": {
184+
"timestamp": "2026-04-21T13:02:56.193273Z",
185+
"id": "CVE-2026-41300",
186+
"options": [
187+
{
188+
"Exploitation": "none"
189+
},
190+
{
191+
"Automatable": "no"
192+
},
193+
{
194+
"Technical Impact": "partial"
195+
}
196+
],
197+
"role": "CISA Coordinator",
198+
"version": "2.0.3"
199+
}
200+
}
201+
}
202+
],
203+
"title": "CISA ADP Vulnrichment",
204+
"providerMetadata": {
205+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
206+
"shortName": "CISA-ADP",
207+
"dateUpdated": "2026-04-21T13:03:24.309Z"
208+
}
209+
}
210+
]
177211
}
178212
}

cves/2026/6xxx/CVE-2026-6674.json

Lines changed: 36 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "Wordfence",
99
"dateReserved": "2026-04-20T14:05:00.181Z",
1010
"datePublished": "2026-04-21T02:25:40.676Z",
11-
"dateUpdated": "2026-04-21T02:25:40.676Z"
11+
"dateUpdated": "2026-04-21T12:58:21.763Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -92,6 +92,40 @@
9292
"value": "Disclosed"
9393
}
9494
]
95-
}
95+
},
96+
"adp": [
97+
{
98+
"metrics": [
99+
{
100+
"other": {
101+
"type": "ssvc",
102+
"content": {
103+
"timestamp": "2026-04-21T12:58:08.325827Z",
104+
"id": "CVE-2026-6674",
105+
"options": [
106+
{
107+
"Exploitation": "none"
108+
},
109+
{
110+
"Automatable": "no"
111+
},
112+
{
113+
"Technical Impact": "partial"
114+
}
115+
],
116+
"role": "CISA Coordinator",
117+
"version": "2.0.3"
118+
}
119+
}
120+
}
121+
],
122+
"title": "CISA ADP Vulnrichment",
123+
"providerMetadata": {
124+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
125+
"shortName": "CISA-ADP",
126+
"dateUpdated": "2026-04-21T12:58:21.763Z"
127+
}
128+
}
129+
]
96130
}
97131
}

0 commit comments

Comments
 (0)