Publish Advisories

GHSA-g7xr-56w3-vjqh
GHSA-j682-47rx-fxrp
GHSA-crhr-qqj8-rpxc
GHSA-f8w4-fphr-9q3w
GHSA-hjc5-2xcc-v5q2
GHSA-jvq4-fjjq-g6w7
GHSA-mmqm-c3vq-cgvr
GHSA-r2wv-mwv6-mxwm

Author: advisory-database[bot]

advisories/unreviewed/2022/04/GHSA-g7xr-56w3-vjqh/GHSA-g7xr-56w3-vjqh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g7xr-56w3-vjqh",
-  "modified": "2026-02-24T09:31:12Z",
+  "modified": "2026-03-07T18:30:30Z",
   "published": "2022-04-30T18:09:55Z",
   "aliases": [
     "CVE-1999-0073"
@@ -21,6 +21,10 @@
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2026/02/24/3"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/03/07/3"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-j682-47rx-fxrp/GHSA-j682-47rx-fxrp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j682-47rx-fxrp",
-  "modified": "2026-03-06T18:31:10Z",
+  "modified": "2026-03-07T18:30:30Z",
   "published": "2026-02-27T06:31:28Z",
   "aliases": [
     "CVE-2026-28372"
@@ -46,6 +46,14 @@
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2026/03/06/3"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/03/07/1"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/03/07/2"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-crhr-qqj8-rpxc/GHSA-crhr-qqj8-rpxc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-crhr-qqj8-rpxc",
-  "modified": "2026-03-07T09:30:15Z",
+  "modified": "2026-03-07T18:30:30Z",
   "published": "2026-03-07T09:30:15Z",
   "aliases": [
     "CVE-2026-24308"
@@ -17,6 +17,10 @@
     {
       "type": "WEB",
       "url": "https://lists.apache.org/thread/qng3rtzv2pqkmko4rhv85jfplkyrgqdr"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/03/07/5"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-f8w4-fphr-9q3w/GHSA-f8w4-fphr-9q3w.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f8w4-fphr-9q3w",
+  "modified": "2026-03-07T18:30:31Z",
+  "published": "2026-03-07T18:30:30Z",
+  "aliases": [
+    "CVE-2026-3665"
+  ],
+  "details": "A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3665"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xlnt-community/xlnt/issues/140"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/oneafter/0128/blob/main/xl4/repro"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xlnt-community/xlnt"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349554"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349554"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.764647"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-404"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-07T16:15:56Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-hjc5-2xcc-v5q2/GHSA-hjc5-2xcc-v5q2.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hjc5-2xcc-v5q2",
+  "modified": "2026-03-07T18:30:31Z",
+  "published": "2026-03-07T18:30:31Z",
+  "aliases": [
+    "CVE-2026-3667"
+  ],
+  "details": "A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3667"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/Lytes/571902a31a3d543da009554a82f2d00c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/Lytes/a94219fa1de3f5173555d5a3e8058f01"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349555"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349555"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.764699"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-07T16:15:56Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-jvq4-fjjq-g6w7/GHSA-jvq4-fjjq-g6w7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jvq4-fjjq-g6w7",
-  "modified": "2026-03-05T21:30:38Z",
+  "modified": "2026-03-07T18:30:30Z",
   "published": "2026-03-05T03:31:26Z",
   "aliases": [
     "CVE-2026-3381"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3381"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pmqs/Compress-Raw-Zlib/issues/41"
+    },
     {
       "type": "WEB",
       "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit"

advisories/unreviewed/2026/03/GHSA-mmqm-c3vq-cgvr/GHSA-mmqm-c3vq-cgvr.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mmqm-c3vq-cgvr",
+  "modified": "2026-03-07T18:30:31Z",
+  "published": "2026-03-07T18:30:31Z",
+  "aliases": [
+    "CVE-2026-3668"
+  ],
+  "details": "A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is reported as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3668"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/Lytes/5fc292cecdc561f5c010c1f3a8a7bf1d"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349556"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349556"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.764702"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-07T16:15:57Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-r2wv-mwv6-mxwm/GHSA-r2wv-mwv6-mxwm.json

@@ -0,0 +1,50 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r2wv-mwv6-mxwm",
+  "modified": "2026-03-07T18:30:31Z",
+  "published": "2026-03-07T18:30:31Z",
+  "aliases": [
+    "CVE-2026-2671"
+  ],
+  "details": "A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the local network. The attack's complexity is rated as high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2671"
+    },
+    {
+      "type": "WEB",
+      "url": "https://ab3j.radio/mendi.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.349702"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.349702"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.766457"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-07T18:16:05Z"
+  }
+}