Publish Advisories

GHSA-mp88-q525-44rp
GHSA-2fv9-x5cx-m494
GHSA-2q32-mmxp-hxr7
GHSA-3cff-w54f-j96w
GHSA-3hq3-ff7h-6mf5
GHSA-3rc5-p2vw-9hqv
GHSA-3xm9-wqg6-2qvm
GHSA-44j2-jfxj-37px
GHSA-4pqh-7xgc-j83m
GHSA-685m-vm2f-9ffc
GHSA-77p7-62xv-rcf7
GHSA-7j6v-w24c-vqx4
GHSA-957j-qgmx-q66h
GHSA-975h-8rj2-fcmc
GHSA-9mxm-g9fq-h66f
GHSA-c23v-99x6-qrmj
GHSA-gj43-6mgj-5f4v
GHSA-h8j4-cgff-f982
GHSA-j7r4-m35r-qffp
GHSA-mm89-xrm2-4q7g
GHSA-pggc-37mq-cxcq
GHSA-rp7g-qf5x-69xv
GHSA-x4xj-9mhp-w8jm
GHSA-x9cg-69jp-cr99

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-mp88-q525-44rp/GHSA-mp88-q525-44rp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mp88-q525-44rp",
-  "modified": "2026-02-06T12:30:25Z",
+  "modified": "2026-03-05T09:30:32Z",
   "published": "2026-02-06T12:30:25Z",
   "aliases": [
     "CVE-2026-24924"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://consumer.huawei.com/en/support/bulletin/2026/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletin/2026/3"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-2fv9-x5cx-m494/GHSA-2fv9-x5cx-m494.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2fv9-x5cx-m494",
+  "modified": "2026-03-05T09:30:33Z",
+  "published": "2026-03-05T09:30:33Z",
+  "aliases": [
+    "CVE-2026-28536"
+  ],
+  "details": "Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28536"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletin/2026/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletinvision/2026/3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-305"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T07:16:13Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2q32-mmxp-hxr7/GHSA-2q32-mmxp-hxr7.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2q32-mmxp-hxr7",
+  "modified": "2026-03-05T09:30:34Z",
+  "published": "2026-03-05T09:30:34Z",
+  "aliases": [
+    "CVE-2026-21786"
+  ],
+  "details": "HCL Sametime for iOS is impacted by a sensitive information disclosure.  Hostnames information is written in application logs and certain URLs.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21786"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128949"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-532"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T08:15:58Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3cff-w54f-j96w/GHSA-3cff-w54f-j96w.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3cff-w54f-j96w",
+  "modified": "2026-03-05T09:30:34Z",
+  "published": "2026-03-05T09:30:34Z",
+  "aliases": [
+    "CVE-2026-28537"
+  ],
+  "details": "Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28537"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletin/2026/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-415"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T08:15:58Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3hq3-ff7h-6mf5/GHSA-3hq3-ff7h-6mf5.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3hq3-ff7h-6mf5",
+  "modified": "2026-03-05T09:30:33Z",
+  "published": "2026-03-05T09:30:33Z",
+  "aliases": [
+    "CVE-2026-2743"
+  ],
+  "details": "Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2743"
+    },
+    {
+      "type": "WEB",
+      "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://labs.infoguard.ch/advisories/seppmail"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T07:16:14Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3rc5-p2vw-9hqv/GHSA-3rc5-p2vw-9hqv.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3rc5-p2vw-9hqv",
+  "modified": "2026-03-05T09:30:35Z",
+  "published": "2026-03-05T09:30:35Z",
+  "aliases": [
+    "CVE-2026-28547"
+  ],
+  "details": "Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28547"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletin/2026/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-824"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T09:16:11Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3xm9-wqg6-2qvm/GHSA-3xm9-wqg6-2qvm.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3xm9-wqg6-2qvm",
+  "modified": "2026-03-05T09:30:35Z",
+  "published": "2026-03-05T09:30:35Z",
+  "aliases": [
+    "CVE-2026-2893"
+  ],
+  "details": "The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' parameter in the content_clone() function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied meta_key value and insufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The injection is second-order: the malicious payload is stored as a post meta key and executed when the post is cloned.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2893"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/page-or-post-clone/tags/6.3/page-or-post-clone.php#L95"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/page-or-post-clone/trunk/page-or-post-clone.php#L95"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3474651%40page-or-post-clone%2Ftrunk&old=3202933%40page-or-post-clone%2Ftrunk&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85674d8a-96b3-4fae-8bff-900ca78073a4?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T08:15:59Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-44j2-jfxj-37px/GHSA-44j2-jfxj-37px.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-44j2-jfxj-37px",
+  "modified": "2026-03-05T09:30:34Z",
+  "published": "2026-03-05T09:30:34Z",
+  "aliases": [
+    "CVE-2026-28545"
+  ],
+  "details": "Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28545"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletin/2026/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-362"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T08:15:59Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4pqh-7xgc-j83m/GHSA-4pqh-7xgc-j83m.json

@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4pqh-7xgc-j83m",
+  "modified": "2026-03-05T09:30:34Z",
+  "published": "2026-03-05T09:30:34Z",
+  "aliases": [
+    "CVE-2026-28550"
+  ],
+  "details": "Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28550"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletin/2026/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T08:15:59Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-685m-vm2f-9ffc/GHSA-685m-vm2f-9ffc.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-685m-vm2f-9ffc",
+  "modified": "2026-03-05T09:30:35Z",
+  "published": "2026-03-05T09:30:35Z",
+  "aliases": [
+    "CVE-2026-28548"
+  ],
+  "details": "Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28548"
+    },
+    {
+      "type": "WEB",
+      "url": "https://consumer.huawei.com/en/support/bulletin/2026/3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T09:16:11Z"
+  }
+}