Publish Advisories

GHSA-58c3-hjfx-2gmq
GHSA-93px-8x98-j7p2
GHSA-96ff-3rwm-724g
GHSA-45rr-9399-9pp6
GHSA-4v27-f65g-fr6x
GHSA-6fmm-qmfj-8phm
GHSA-6rfh-4m76-4764
GHSA-84xh-4ccm-v989
GHSA-92rh-qgqp-3674
GHSA-956f-fcv4-hgpq
GHSA-9q67-w6wv-xp8c
GHSA-9xf5-rrg6-jj77
GHSA-cwx4-752x-q9c8
GHSA-j4r5-rc95-5xpf
GHSA-jv98-ppxj-hj8j
GHSA-p3cx-frrm-35m8
GHSA-p9xj-crp8-gj65
GHSA-pv38-vw9w-mvfx
GHSA-pvwh-rjjc-mwgp
GHSA-r9cv-9j6h-2cv2

Author: advisory-database[bot]

advisories/unreviewed/2024/01/GHSA-58c3-hjfx-2gmq/GHSA-58c3-hjfx-2gmq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-58c3-hjfx-2gmq",
-  "modified": "2026-03-05T21:30:23Z",
+  "modified": "2026-03-12T03:31:05Z",
   "published": "2024-01-11T00:30:25Z",
   "aliases": [
     "CVE-2023-41974"
@@ -23,6 +23,14 @@
       "type": "WEB",
       "url": "https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit"
     },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/120949"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/126632"
+    },
     {
       "type": "WEB",
       "url": "https://support.apple.com/en-us/HT213938"

advisories/unreviewed/2024/01/GHSA-93px-8x98-j7p2/GHSA-93px-8x98-j7p2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-93px-8x98-j7p2",
-  "modified": "2025-10-22T00:32:59Z",
+  "modified": "2026-03-12T03:31:06Z",
   "published": "2024-01-23T03:31:08Z",
   "aliases": [
     "CVE-2024-23222"
@@ -87,6 +87,26 @@
       "type": "WEB",
       "url": "https://support.apple.com/en-us/HT214055"
     },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/126632"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/120311"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/120310"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/120309"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/120304"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4"

advisories/unreviewed/2025/11/GHSA-96ff-3rwm-724g/GHSA-96ff-3rwm-724g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-96ff-3rwm-724g",
-  "modified": "2026-03-05T21:30:23Z",
+  "modified": "2026-03-12T03:31:05Z",
   "published": "2025-11-05T21:31:01Z",
   "aliases": [
     "CVE-2023-43000"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://support.apple.com/en-us/120338"
     },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/126632"
+    },
     {
       "type": "WEB",
       "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000"

advisories/unreviewed/2026/03/GHSA-45rr-9399-9pp6/GHSA-45rr-9399-9pp6.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-45rr-9399-9pp6",
+  "modified": "2026-03-12T03:31:06Z",
+  "published": "2026-03-12T03:31:06Z",
+  "aliases": [
+    "CVE-2026-3974"
+  ],
+  "details": "A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3974"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formexeCommand-cmdinput-buffer-overflow"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.350409"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.350409"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.769177"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T03:15:58Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4v27-f65g-fr6x/GHSA-4v27-f65g-fr6x.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4v27-f65g-fr6x",
+  "modified": "2026-03-12T03:31:05Z",
+  "published": "2026-03-12T03:31:05Z",
+  "aliases": [
+    "CVE-2023-43010"
+  ],
+  "details": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43010"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/120300"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/120877"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/120879"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/126632"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.apple.com/en-us/126646"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T01:15:54Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6fmm-qmfj-8phm/GHSA-6fmm-qmfj-8phm.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6fmm-qmfj-8phm",
+  "modified": "2026-03-12T03:31:06Z",
+  "published": "2026-03-12T03:31:06Z",
+  "aliases": [
+    "CVE-2026-3226"
+  ],
+  "details": "The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verifies a wp_rest nonce but performs no current_user_can() check before dispatching to handler functions. The wp_rest nonce is embedded in the frontend JavaScript for all authenticated users. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger arbitrary email notifications to admins, instructors, and users, enabling email flooding, social engineering, and impersonation of admin decisions regarding instructor requests.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3226"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.7/inc/Ajax/AbstractAjax.php#L17"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.7/inc/Ajax/SendEmailAjax.php#L40"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.7/inc/class-lp-assets.php#L123"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?old_path=/learnpress/tags/4.3.2.7/inc/Ajax/SendEmailAjax.php&new_path=/learnpress/tags/4.3.3/inc/Ajax/SendEmailAjax.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/520018db-d33b-4f2c-aaa5-611de792e11f?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T03:15:57Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6rfh-4m76-4764/GHSA-6rfh-4m76-4764.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6rfh-4m76-4764",
+  "modified": "2026-03-12T03:31:06Z",
+  "published": "2026-03-12T03:31:06Z",
+  "aliases": [
+    "CVE-2025-15038"
+  ],
+  "details": "An Out-of-Bounds\nRead vulnerability exists in the ASUS Business System\nControl Interface driver. This vulnerability can be triggered by a unprivileged local  user\nsending a specially crafted IOCTL  request, potentially leading\nto a disclosure of\nkernel information or a system crash. Refer to the \"Security Update for ASUS \nBusiness System Control Interface\" section on the ASUS Security Advisory for more information.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15038"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.asus.com/content/security-advisory"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T03:15:57Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-84xh-4ccm-v989/GHSA-84xh-4ccm-v989.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-84xh-4ccm-v989",
+  "modified": "2026-03-12T03:31:06Z",
+  "published": "2026-03-12T03:31:06Z",
+  "aliases": [
+    "CVE-2026-3970"
+  ],
+  "details": "A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3970"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formwrlSSIDget-index-buffer-overflow"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.350405"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.350405"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.768995"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T01:15:55Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-92rh-qgqp-3674/GHSA-92rh-qgqp-3674.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-92rh-qgqp-3674",
+  "modified": "2026-03-12T03:31:06Z",
+  "published": "2026-03-12T03:31:06Z",
+  "aliases": [
+    "CVE-2026-1878"
+  ],
+  "details": "An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control on the installation directory, which enables the exploitation of a race condition where the legitimate installer is substituted with an unexpected payload immediately after download, resulting in arbitrary code execution. Refer to the \"Security Update for ASUS ROG peripheral driver\" section on the ASUS Security Advisory for more information.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1878"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.asus.com/security-advisory"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-494"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-12T03:15:57Z"
+  }
+}