Publish Advisories

GHSA-5hwv-xjx8-73mr
GHSA-cqcg-78xg-q885
GHSA-q725-qhcv-vv5j
GHSA-rqc2-5fv7-4vrp
GHSA-32fg-c88m-mcrv
GHSA-3757-h85m-r4vw
GHSA-4753-7q6g-548g
GHSA-4rjc-gpxw-9fr5
GHSA-8qw5-974f-hf78
GHSA-98r5-r223-6xwf
GHSA-fpqc-f6mj-3wrf
GHSA-g6fv-7p3q-j4fc
GHSA-g98h-c5v8-8m3f
GHSA-ghhf-ppff-f3pr
GHSA-grfq-fj8g-fxq5
GHSA-jjp9-9hxx-74rw
GHSA-jvq4-fjjq-g6w7
GHSA-m5w7-xjg9-fvcr
GHSA-v2c4-w8cf-vw7m
GHSA-v5cx-cj66-9x2m
GHSA-x4vv-6742-qcpf

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-5hwv-xjx8-73mr/GHSA-5hwv-xjx8-73mr.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5hwv-xjx8-73mr",
-  "modified": "2026-02-27T09:30:29Z",
+  "modified": "2026-03-05T03:31:24Z",
   "published": "2026-02-27T09:30:29Z",
   "aliases": [
     "CVE-2026-1626"

advisories/unreviewed/2026/02/GHSA-cqcg-78xg-q885/GHSA-cqcg-78xg-q885.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cqcg-78xg-q885",
-  "modified": "2026-02-27T09:30:29Z",
+  "modified": "2026-03-05T03:31:24Z",
   "published": "2026-02-27T09:30:29Z",
   "aliases": [
     "CVE-2026-1627"

advisories/unreviewed/2026/02/GHSA-q725-qhcv-vv5j/GHSA-q725-qhcv-vv5j.json

@@ -38,7 +38,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-287"
+      "CWE-287",
+      "CWE-306"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/02/GHSA-rqc2-5fv7-4vrp/GHSA-rqc2-5fv7-4vrp.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-287"
+      "CWE-287",
+      "CWE-306"
     ],
     "severity": "LOW",
     "github_reviewed": false,

advisories/unreviewed/2026/03/GHSA-32fg-c88m-mcrv/GHSA-32fg-c88m-mcrv.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-32fg-c88m-mcrv",
+  "modified": "2026-03-05T03:31:26Z",
+  "published": "2026-03-05T03:31:26Z",
+  "aliases": [
+    "CVE-2025-40931"
+  ],
+  "details": "Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.\n\nApache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40931"
+    },
+    {
+      "type": "WEB",
+      "url": "https://metacpan.org/dist/Apache-Session/source/lib/Apache/Session/Generate/MD5.pm#L27"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-338"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T02:16:39Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3757-h85m-r4vw/GHSA-3757-h85m-r4vw.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3757-h85m-r4vw",
+  "modified": "2026-03-05T03:31:26Z",
+  "published": "2026-03-05T03:31:26Z",
+  "aliases": [
+    "CVE-2026-26033"
+  ],
+  "details": "UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26033"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN56544509"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=038h3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-428"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T03:15:54Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4753-7q6g-548g/GHSA-4753-7q6g-548g.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4753-7q6g-548g",
+  "modified": "2026-03-05T03:31:26Z",
+  "published": "2026-03-05T03:31:26Z",
+  "aliases": [
+    "CVE-2026-29123"
+  ],
+  "details": "A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symlink abuse or shared object hijacking.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29123"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.abdulmhsblog.com/posts/spfx-vulnrabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T02:16:51Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4rjc-gpxw-9fr5/GHSA-4rjc-gpxw-9fr5.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4rjc-gpxw-9fr5",
+  "modified": "2026-03-05T03:31:26Z",
+  "published": "2026-03-05T03:31:26Z",
+  "aliases": [
+    "CVE-2026-3257"
+  ],
+  "details": "UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library.\n\nUnQLite for Perl embeds the UnQLite library.  Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3257"
+    },
+    {
+      "type": "WEB",
+      "url": "https://metacpan.org/release/TOKUHIROM/UnQLite-0.07/source/Changes"
+    },
+    {
+      "type": "WEB",
+      "url": "https://unqlite.symisc.net"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3791"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T02:16:52Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-8qw5-974f-hf78/GHSA-8qw5-974f-hf78.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8qw5-974f-hf78",
+  "modified": "2026-03-05T03:31:26Z",
+  "published": "2026-03-05T03:31:26Z",
+  "aliases": [
+    "CVE-2026-29124"
+  ],
+  "details": "Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local privlidge escalation from the `monitor` user to root",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29124"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.abdulmhsblog.com/posts/spfx-vulnrabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T02:16:51Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-98r5-r223-6xwf/GHSA-98r5-r223-6xwf.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-98r5-r223-6xwf",
+  "modified": "2026-03-05T03:31:26Z",
+  "published": "2026-03-05T03:31:26Z",
+  "aliases": [
+    "CVE-2024-57854"
+  ],
+  "details": "Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.\n\nVersion v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.\n\nData::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57854"
+    },
+    {
+      "type": "WEB",
+      "url": "https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-338"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T03:15:53Z"
+  }
+}