Skip to content

Commit a29403b

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-3mm9-64xc-vf47 GHSA-536x-gj3g-3qq9 GHSA-8m7w-vwch-mw57 GHSA-cqv5-94xc-j855 GHSA-f282-6248-c3xx GHSA-g454-ff2w-gfmr GHSA-hr3g-62w3-g764 GHSA-pm9x-mf77-6wwq GHSA-r4rq-7w7j-cmr6 GHSA-w4jv-rg29-ff2w GHSA-whwc-pq8m-4h92
1 parent 88203a9 commit a29403b

File tree

11 files changed

+596
-0
lines changed

11 files changed

+596
-0
lines changed

advisories/unreviewed/2026/03/GHSA-3mm9-64xc-vf47/GHSA-3mm9-64xc-vf47.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3mm9-64xc-vf47",
4+
"modified": "2026-03-08T00:31:46Z",
5+
"published": "2026-03-08T00:31:46Z",
6+
"aliases": [
7+
"CVE-2026-3672"
8+
],
9+
"details": "A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3672"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://vuldb.com/?ctiid.349569"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?id.349569"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?submit.765093"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.yuque.com/la12138/pa2fpb/ab1i8wyeeg1zzgq5?singleDoc"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-74"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-07T22:15:50Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-536x-gj3g-3qq9/GHSA-536x-gj3g-3qq9.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-536x-gj3g-3qq9",
4+
"modified": "2026-03-08T00:31:46Z",
5+
"published": "2026-03-08T00:31:46Z",
6+
"aliases": [
7+
"CVE-2026-3675"
8+
],
9+
"details": "A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3675"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://gist.github.com/Lytes/1078d9e16897ed95ad24143952adfba6"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.349571"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.349571"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.764701"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-266"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-07T22:15:50Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-8m7w-vwch-mw57/GHSA-8m7w-vwch-mw57.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8m7w-vwch-mw57",
4+
"modified": "2026-03-08T00:31:46Z",
5+
"published": "2026-03-08T00:31:46Z",
6+
"aliases": [
7+
"CVE-2026-3674"
8+
],
9+
"details": "A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3674"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://gist.github.com/Lytes/571902a31a3d543da009554a82f2d00c"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.349570"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.349570"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.764700"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-266"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-07T22:15:50Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-cqv5-94xc-j855/GHSA-cqv5-94xc-j855.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-cqv5-94xc-j855",
4+
"modified": "2026-03-08T00:31:47Z",
5+
"published": "2026-03-08T00:31:47Z",
6+
"aliases": [
7+
"CVE-2026-3681"
8+
],
9+
"details": "A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3681"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.349583"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.349583"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.765558"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-918"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-07T23:15:48Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-f282-6248-c3xx/GHSA-f282-6248-c3xx.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-f282-6248-c3xx",
4+
"modified": "2026-03-08T00:31:47Z",
5+
"published": "2026-03-08T00:31:47Z",
6+
"aliases": [
7+
"CVE-2026-3679"
8+
],
9+
"details": "A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3679"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Litengzheng/vul_db/blob/main/FH451/vul_63/README.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.349581"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.349581"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.765331"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-07T23:15:47Z"
55+
}
56+
}

advisories/unreviewed/2026/03/GHSA-g454-ff2w-gfmr/GHSA-g454-ff2w-gfmr.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-g454-ff2w-gfmr",
4+
"modified": "2026-03-08T00:31:47Z",
5+
"published": "2026-03-08T00:31:47Z",
6+
"aliases": [
7+
"CVE-2026-3682"
8+
],
9+
"details": "A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3682"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-3"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.349584"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.349584"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.765587"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-74"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-08T00:16:13Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-hr3g-62w3-g764/GHSA-hr3g-62w3-g764.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hr3g-62w3-g764",
4+
"modified": "2026-03-08T00:31:47Z",
5+
"published": "2026-03-08T00:31:47Z",
6+
"aliases": [
7+
"CVE-2026-3680"
8+
],
9+
"details": "A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The patch is named 335e1727147efeef011f1ff8b05dd751d8a660be. Applying a patch is the recommended action to fix this issue.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3680"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/RyuzakiShinji/biome-mcp-server/pull/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/RyuzakiShinji/biome-mcp-server/pull/1/changes/335e1727147efeef011f1ff8b05dd751d8a660be"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/RyuzakiShinji/biome-mcp-server"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/user-attachments/files/25466715/biome-mcp-server_security_advisory.pdf"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?ctiid.349582"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?id.349582"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/?submit.765399"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-74"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2026-03-07T23:15:47Z"
63+
}
64+
}

0 commit comments

Comments
 (0)