Publish Advisories

GHSA-2p4m-4mc7-m8w7
GHSA-3w3m-7xpm-xrwg
GHSA-3whp-4f2f-273p
GHSA-642c-46j5-rhcm
GHSA-686w-7c78-3m4c
GHSA-94gm-fw3p-4pf2
GHSA-9r9x-93jv-xc8p
GHSA-fm7r-p7x2-h4j8
GHSA-fvv2-g9g4-w446
GHSA-g3m6-556h-mp43
GHSA-gcmm-29vw-qxj6
GHSA-gww4-6rrf-6f3g
GHSA-q5cv-phmc-fwgp
GHSA-q5gc-m94w-rw4r

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-2p4m-4mc7-m8w7/GHSA-2p4m-4mc7-m8w7.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2p4m-4mc7-m8w7",
+  "modified": "2026-03-09T06:31:13Z",
+  "published": "2026-03-09T06:31:13Z",
+  "aliases": [
+    "CVE-2026-3796"
+  ],
+  "details": "A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3796"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cwjchoi01/FocusKiller"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349763"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349763"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.758991"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T04:15:58Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3w3m-7xpm-xrwg/GHSA-3w3m-7xpm-xrwg.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3w3m-7xpm-xrwg",
+  "modified": "2026-03-09T06:31:14Z",
+  "published": "2026-03-09T06:31:14Z",
+  "aliases": [
+    "CVE-2026-3806"
+  ],
+  "details": "A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3806"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Resort-Reservation-System---SQLi2.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349772"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349772"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768999"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T06:16:09Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3whp-4f2f-273p/GHSA-3whp-4f2f-273p.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3whp-4f2f-273p",
+  "modified": "2026-03-09T06:31:13Z",
+  "published": "2026-03-09T06:31:13Z",
+  "aliases": [
+    "CVE-2026-3799"
+  ],
+  "details": "A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3799"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-setcfm-funcpara1-buffer-overflow"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349766"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349766"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768976"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T04:16:04Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-642c-46j5-rhcm/GHSA-642c-46j5-rhcm.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-642c-46j5-rhcm",
+  "modified": "2026-03-09T06:31:13Z",
+  "published": "2026-03-09T06:31:13Z",
+  "aliases": [
+    "CVE-2026-3630"
+  ],
+  "details": "Delta Electronics COMMGR2 has \n\nStack-based Buffer Overflow vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3630"
+    },
+    {
+      "type": "WEB",
+      "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00005_COMMGR%202%20Multiple%20Vulnerabilities%20(CVE-2026-3630,%20CVE-2026-3631).pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T04:15:58Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-686w-7c78-3m4c/GHSA-686w-7c78-3m4c.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-686w-7c78-3m4c",
+  "modified": "2026-03-09T06:31:13Z",
+  "published": "2026-03-09T06:31:13Z",
+  "aliases": [
+    "CVE-2026-3798"
+  ],
+  "details": "A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3798"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jinhao118/cve/blob/main/ComFast%20CF-AC100-V2.6.0.8_1.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349765"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349765"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.766443"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T04:16:02Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-94gm-fw3p-4pf2/GHSA-94gm-fw3p-4pf2.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-94gm-fw3p-4pf2",
+  "modified": "2026-03-09T06:31:14Z",
+  "published": "2026-03-09T06:31:14Z",
+  "aliases": [
+    "CVE-2026-3801"
+  ],
+  "details": "A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3801"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-setautoping-ping1-buffer-overflow"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-setautoping-ping2-buffer-overflow"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349768"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349768"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768980"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768982"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T04:16:08Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-9r9x-93jv-xc8p/GHSA-9r9x-93jv-xc8p.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9r9x-93jv-xc8p",
+  "modified": "2026-03-09T06:31:14Z",
+  "published": "2026-03-09T06:31:14Z",
+  "aliases": [
+    "CVE-2026-3803"
+  ],
+  "details": "A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3803"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formWifiMacFilterGet-index-buffer-overflow"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349770"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349770"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768984"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-09T06:16:08Z"
+  }
+}