Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit d0a52548e5f1 · 2026-02-16T03:31:44.000Z
GHSA-43wm-f3cq-hfrw GHSA-6995-8cjx-mq6q GHSA-9hwv-m488-9fjx GHSA-mvfh-9xv2-5xj7 GHSA-wrqv-g27w-82rr GHSA-xjrj-8prq-9366 GHSA-xqpr-gx4w-53xf
diff --git a/advisories/unreviewed/2026/02/GHSA-43wm-f3cq-hfrw/GHSA-43wm-f3cq-hfrw.json b/advisories/unreviewed/2026/02/GHSA-43wm-f3cq-hfrw/GHSA-43wm-f3cq-hfrw.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-43wm-f3cq-hfrw",
+  "modified": "2026-02-16T03:30:17Z",
+  "published": "2026-02-16T03:30:17Z",
+  "aliases": [
+    "CVE-2026-2526"
+  ],
+  "details": "A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2526"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/multi_ssid.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346114"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346114"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.748073"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T02:16:06Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-6995-8cjx-mq6q/GHSA-6995-8cjx-mq6q.json b/advisories/unreviewed/2026/02/GHSA-6995-8cjx-mq6q/GHSA-6995-8cjx-mq6q.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6995-8cjx-mq6q",
+  "modified": "2026-02-16T03:30:17Z",
+  "published": "2026-02-16T03:30:17Z",
+  "aliases": [
+    "CVE-2026-2524"
+  ],
+  "details": "A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2524"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open5gs/open5gs/issues/4284"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open5gs/open5gs/issues/4284#issue-3808462406"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open5gs/open5gs"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346112"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346112"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.738369"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-404"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T01:15:54Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-9hwv-m488-9fjx/GHSA-9hwv-m488-9fjx.json b/advisories/unreviewed/2026/02/GHSA-9hwv-m488-9fjx/GHSA-9hwv-m488-9fjx.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9hwv-m488-9fjx",
+  "modified": "2026-02-16T03:30:17Z",
+  "published": "2026-02-16T03:30:17Z",
+  "aliases": [
+    "CVE-2026-2528"
+  ],
+  "details": "A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2528"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/Delete_Mac_list.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346116"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346116"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.748075"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T02:16:06Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-mvfh-9xv2-5xj7/GHSA-mvfh-9xv2-5xj7.json b/advisories/unreviewed/2026/02/GHSA-mvfh-9xv2-5xj7/GHSA-mvfh-9xv2-5xj7.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mvfh-9xv2-5xj7",
+  "modified": "2026-02-16T03:30:17Z",
+  "published": "2026-02-16T03:30:17Z",
+  "aliases": [
+    "CVE-2026-2523"
+  ],
+  "details": "A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2523"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open5gs/open5gs/issues/4285"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open5gs/open5gs/issues/4285#issue-3809055236"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open5gs/open5gs"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346111"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346111"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.738342"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-617"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T01:15:53Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json b/advisories/unreviewed/2026/02/GHSA-wrqv-g27w-82rr/GHSA-wrqv-g27w-82rr.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wrqv-g27w-82rr",
+  "modified": "2026-02-16T03:30:17Z",
+  "published": "2026-02-16T03:30:17Z",
+  "aliases": [
+    "CVE-2026-2527"
+  ],
+  "details": "A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2527"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/login.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346115"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346115"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.748074"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T02:16:06Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json b/advisories/unreviewed/2026/02/GHSA-xjrj-8prq-9366/GHSA-xjrj-8prq-9366.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xjrj-8prq-9366",
+  "modified": "2026-02-16T03:30:17Z",
+  "published": "2026-02-16T03:30:17Z",
+  "aliases": [
+    "CVE-2026-2529"
+  ],
+  "details": "A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2529"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MRAdera/IoT-Vuls/blob/main/wavlink/wn579a3/DeleteMac.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346117"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346117"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.748076"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T02:16:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-xqpr-gx4w-53xf/GHSA-xqpr-gx4w-53xf.json b/advisories/unreviewed/2026/02/GHSA-xqpr-gx4w-53xf/GHSA-xqpr-gx4w-53xf.json
