Publish Advisories

GHSA-2cqx-6pqq-j99h
GHSA-hgx9-j277-fq3j
GHSA-w5v4-r6mh-235c
GHSA-mhxp-2mqc-j942
GHSA-wch8-cq6g-885r
GHSA-2qjg-jrhf-99vr
GHSA-8hfg-9c72-535r
GHSA-frqp-x7gx-64vp
GHSA-g54x-w5rq-2789
GHSA-gf2c-cq33-9pf7
GHSA-hff3-38mc-m39m
GHSA-mxxm-7p9v-jm2c
GHSA-qqmj-w4wh-9w2h
GHSA-wc73-5vxp-xx43

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-2cqx-6pqq-j99h/GHSA-2cqx-6pqq-j99h.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-89"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-hgx9-j277-fq3j/GHSA-hgx9-j277-fq3j.json

@@ -54,7 +54,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-77"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-w5v4-r6mh-235c/GHSA-w5v4-r6mh-235c.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w5v4-r6mh-235c",
-  "modified": "2025-12-29T21:30:25Z",
+  "modified": "2026-03-08T03:30:27Z",
   "published": "2025-12-29T21:30:25Z",
   "aliases": [
     "CVE-2025-14175"
   ],
   "details": "A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-mhxp-2mqc-j942/GHSA-mhxp-2mqc-j942.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-284"
+      "CWE-284",
+      "CWE-434"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/01/GHSA-wch8-cq6g-885r/GHSA-wch8-cq6g-885r.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-284"
+      "CWE-284",
+      "CWE-434"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/03/GHSA-2qjg-jrhf-99vr/GHSA-2qjg-jrhf-99vr.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2qjg-jrhf-99vr",
+  "modified": "2026-03-08T03:30:28Z",
+  "published": "2026-03-08T03:30:28Z",
+  "aliases": [
+    "CVE-2026-30910"
+  ],
+  "details": "Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.\n\nCombined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow.\n\nEncountering this issue is unlikely as the message length would need to be very large.\n\nFor bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30910"
+    },
+    {
+      "type": "WEB",
+      "url": "https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-190"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-08T02:16:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-8hfg-9c72-535r/GHSA-8hfg-9c72-535r.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8hfg-9c72-535r",
+  "modified": "2026-03-08T03:30:28Z",
+  "published": "2026-03-08T03:30:28Z",
+  "aliases": [
+    "CVE-2026-3695"
+  ],
+  "details": "A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3695"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218#-detailed-proof-of-concept-poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349641"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349641"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.765591"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-08T01:15:49Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-frqp-x7gx-64vp/GHSA-frqp-x7gx-64vp.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-frqp-x7gx-64vp",
+  "modified": "2026-03-08T03:30:28Z",
+  "published": "2026-03-08T03:30:28Z",
+  "aliases": [
+    "CVE-2026-3693"
+  ],
+  "details": "A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument user_id causes improper control of resource identifiers. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3693"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349640"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349640"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.765589"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.765590"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-99"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-08T01:15:49Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-g54x-w5rq-2789/GHSA-g54x-w5rq-2789.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g54x-w5rq-2789",
+  "modified": "2026-03-08T03:30:28Z",
+  "published": "2026-03-08T03:30:28Z",
+  "aliases": [
+    "CVE-2026-3696"
+  ],
+  "details": "A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3696"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/JXBbozaihuang/vuln-research/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349642"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349642"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.765681"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.totolink.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-08T01:15:49Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-gf2c-cq33-9pf7/GHSA-gf2c-cq33-9pf7.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gf2c-cq33-9pf7",
+  "modified": "2026-03-08T03:30:28Z",
+  "published": "2026-03-08T03:30:28Z",
+  "aliases": [
+    "CVE-2026-3700"
+  ],
+  "details": "A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3700"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/7wkajk/CVE-VUL/blob/main/1.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349646"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349646"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.765750"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-08T03:16:05Z"
+  }
+}