Skip to content

Commit 6bdac8a

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-53xv-pvrw-9qgj GHSA-hjj3-4fc4-rhvw GHSA-hq9c-mf84-h34f GHSA-p23c-4mww-46qm
1 parent d57d8ce commit 6bdac8a

File tree

4 files changed

+228
-0
lines changed

4 files changed

+228
-0
lines changed

advisories/unreviewed/2026/04/GHSA-53xv-pvrw-9qgj/GHSA-53xv-pvrw-9qgj.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-53xv-pvrw-9qgj",
4+
"modified": "2026-04-12T09:31:38Z",
5+
"published": "2026-04-12T09:31:38Z",
6+
"aliases": [
7+
"CVE-2026-6122"
8+
],
9+
"details": "A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6122"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Jimi-Lab/cve/issues/14"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/792872"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/356985"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/356985/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-12T08:16:37Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-hjj3-4fc4-rhvw/GHSA-hjj3-4fc4-rhvw.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hjj3-4fc4-rhvw",
4+
"modified": "2026-04-12T09:31:38Z",
5+
"published": "2026-04-12T09:31:38Z",
6+
"aliases": [
7+
"CVE-2026-6124"
8+
],
9+
"details": "A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6124"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Jimi-Lab/cve/issues/16"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/792874"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/356987"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/356987/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-12T09:16:18Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-hq9c-mf84-h34f/GHSA-hq9c-mf84-h34f.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hq9c-mf84-h34f",
4+
"modified": "2026-04-12T09:31:38Z",
5+
"published": "2026-04-12T09:31:38Z",
6+
"aliases": [
7+
"CVE-2026-6121"
8+
],
9+
"details": "A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6121"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Jimi-Lab/cve/issues/12"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/792865"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/356984"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/356984/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-12T08:16:36Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-p23c-4mww-46qm/GHSA-p23c-4mww-46qm.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-p23c-4mww-46qm",
4+
"modified": "2026-04-12T09:31:38Z",
5+
"published": "2026-04-12T09:31:38Z",
6+
"aliases": [
7+
"CVE-2026-6123"
8+
],
9+
"details": "A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6123"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Jimi-Lab/cve/issues/15"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/792873"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/792879"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/356986"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/356986/cti"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.tenda.com.cn"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-119"
54+
],
55+
"severity": "HIGH",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-04-12T09:16:17Z"
59+
}
60+
}

0 commit comments

Comments
 (0)