Publish Advisories

GHSA-2fhq-mmhr-8hcv
GHSA-f26x-8245-j3vw
GHSA-r3pp-rgp6-46vg
GHSA-rgc7-cqpm-cvh8

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-2fhq-mmhr-8hcv/GHSA-2fhq-mmhr-8hcv.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2fhq-mmhr-8hcv",
+  "modified": "2026-03-06T03:31:34Z",
+  "published": "2026-03-06T03:31:34Z",
+  "aliases": [
+    "CVE-2026-3613"
+  ],
+  "details": "A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3613"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Wlz1112/WAVLINK-NU516-V240425/blob/main/ipaddr_Stack%20Buffer%20Overflow.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349221"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349221"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755341"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-06T02:15:51Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-f26x-8245-j3vw/GHSA-f26x-8245-j3vw.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f26x-8245-j3vw",
+  "modified": "2026-03-06T03:31:34Z",
+  "published": "2026-03-06T03:31:34Z",
+  "aliases": [
+    "CVE-2026-3616"
+  ],
+  "details": "A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The patch is named f0e991870e9d33701cca3a1d0fd4eec135af01a6. It is suggested to install a patch to address this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3616"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/1#issue-3972001812"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/1#issuecomment-3982939567"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/commit/f0e991870e9d33701cca3a1d0fd4eec135af01a6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349234"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349234"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.765096"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-06T03:15:52Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-r3pp-rgp6-46vg/GHSA-r3pp-rgp6-46vg.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r3pp-rgp6-46vg",
+  "modified": "2026-03-06T03:31:34Z",
+  "published": "2026-03-06T03:31:33Z",
+  "aliases": [
+    "CVE-2026-3612"
+  ],
+  "details": "A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmware_url causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3612"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Wlz1112/WAVLINK-NU516-V240425/blob/main/firmware_url.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349220"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349220"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754668"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-06T01:15:54Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-rgc7-cqpm-cvh8/GHSA-rgc7-cqpm-cvh8.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rgc7-cqpm-cvh8",
+  "modified": "2026-03-06T03:31:33Z",
+  "published": "2026-03-06T03:31:33Z",
+  "aliases": [
+    "CVE-2026-3610"
+  ],
+  "details": "A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument error_description results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. Upgrading to version 5.4.0 can resolve this issue. You should upgrade the affected component. The vendor was contacted early and responded very professional: \"We have already implemented the fix and made a hotfix available to affected customers, ensuring mitigation while the official release 5.4.0 has not yet been published. This allows customers to address the issue immediately, outside the regular release cycle.\"",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3610"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.google.com/document/d/1KI2SIDcVm5U3Yzo5tNT5YOwREQWe_5BJaWe-ctRmLoI/edit?usp=sharing"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349219"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349219"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.748710"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-06T01:15:53Z"
+  }
+}