Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 454ab950b3fa · 2026-02-07T12:33:20.000Z
GHSA-34vf-m4pq-7jqj GHSA-377q-fc84-7fvf GHSA-6h7p-7875-2mwh GHSA-pcm2-mwj5-74rq GHSA-r7qq-8r7x-5553
diff --git a/advisories/unreviewed/2026/02/GHSA-34vf-m4pq-7jqj/GHSA-34vf-m4pq-7jqj.json b/advisories/unreviewed/2026/02/GHSA-34vf-m4pq-7jqj/GHSA-34vf-m4pq-7jqj.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-34vf-m4pq-7jqj",
+  "modified": "2026-02-07T12:31:25Z",
+  "published": "2026-02-07T12:31:25Z",
+  "aliases": [
+    "CVE-2026-2082"
+  ],
+  "details": "A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2082"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/master-abc/cve/issues/21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/master-abc/cve/issues/21#issue-3847172823"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344649"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344649"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.745854"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-07T10:15:52Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-377q-fc84-7fvf/GHSA-377q-fc84-7fvf.json b/advisories/unreviewed/2026/02/GHSA-377q-fc84-7fvf/GHSA-377q-fc84-7fvf.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-377q-fc84-7fvf",
+  "modified": "2026-02-07T12:31:25Z",
+  "published": "2026-02-07T12:31:25Z",
+  "aliases": [
+    "CVE-2026-2085"
+  ],
+  "details": "A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2085"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/1#issue-3851345029"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344652"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344652"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.746400"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-07T12:15:56Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-6h7p-7875-2mwh/GHSA-6h7p-7875-2mwh.json b/advisories/unreviewed/2026/02/GHSA-6h7p-7875-2mwh/GHSA-6h7p-7875-2mwh.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6h7p-7875-2mwh",
+  "modified": "2026-02-07T12:31:24Z",
+  "published": "2026-02-07T12:31:24Z",
+  "aliases": [
+    "CVE-2026-2081"
+  ],
+  "details": "A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2081"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/master-abc/cve/issues/22"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/master-abc/cve/issues/22#issue-3847400767"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344648"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344648"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.745553"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-07T10:15:52Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-pcm2-mwj5-74rq/GHSA-pcm2-mwj5-74rq.json b/advisories/unreviewed/2026/02/GHSA-pcm2-mwj5-74rq/GHSA-pcm2-mwj5-74rq.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pcm2-mwj5-74rq",
+  "modified": "2026-02-07T12:31:25Z",
+  "published": "2026-02-07T12:31:25Z",
+  "aliases": [
+    "CVE-2026-2083"
+  ],
+  "details": "A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2083"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/6Justdododo6/CVE/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344650"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344650"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.745937"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-07T11:16:06Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-r7qq-8r7x-5553/GHSA-r7qq-8r7x-5553.json b/advisories/unreviewed/2026/02/GHSA-r7qq-8r7x-5553/GHSA-r7qq-8r7x-5553.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r7qq-8r7x-5553",
+  "modified": "2026-02-07T12:31:25Z",
+  "published": "2026-02-07T12:31:25Z",
+  "aliases": [
+    "CVE-2026-2084"
+  ],
+  "details": "A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2084"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/master-abc/cve/issues/24"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.344651"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.344651"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.746379"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.746380"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-07T12:15:55Z"
+  }
+}
