Skip to content

Commit fa4cfde

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2qjg-jrhf-99vr GHSA-52w5-q3hg-34x8 GHSA-5q8f-ww77-376j GHSA-6rfc-r3c7-7f5j GHSA-87g2-jprq-4cmc GHSA-9p2q-g4qr-25v6 GHSA-fgc7-hpwc-cmc9 GHSA-fjh9-gh6f-c72j GHSA-fwrh-mrwr-7c4f GHSA-p7fh-2w6p-fwr9 GHSA-qqmj-w4wh-9w2h GHSA-v25j-jp29-j537 GHSA-vfcc-w7fg-428q GHSA-vhg7-ppx8-v8hh
1 parent 09fcf5d commit fa4cfde

14 files changed

Lines changed: 736 additions & 2 deletions

File tree

advisories/unreviewed/2026/03/GHSA-2qjg-jrhf-99vr/GHSA-2qjg-jrhf-99vr.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2qjg-jrhf-99vr",
4-
"modified": "2026-03-08T03:30:28Z",
4+
"modified": "2026-03-08T06:31:09Z",
55
"published": "2026-03-08T03:30:28Z",
66
"aliases": [
77
"CVE-2026-30910"
@@ -17,6 +17,10 @@
1717
{
1818
"type": "WEB",
1919
"url": "https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "http://www.openwall.com/lists/oss-security/2026/03/08/2"
2024
}
2125
],
2226
"database_specific": {

advisories/unreviewed/2026/03/GHSA-52w5-q3hg-34x8/GHSA-52w5-q3hg-34x8.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-52w5-q3hg-34x8",
4+
"modified": "2026-03-08T06:31:10Z",
5+
"published": "2026-03-08T06:31:10Z",
6+
"aliases": [
7+
"CVE-2026-3711"
8+
],
9+
"details": "A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3711"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Owen-YuanW/CVE/issues/5"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.349657"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.349657"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.766309"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.767264"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-74"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-03-08T06:16:11Z"
59+
}
60+
}

advisories/unreviewed/2026/03/GHSA-5q8f-ww77-376j/GHSA-5q8f-ww77-376j.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5q8f-ww77-376j",
4+
"modified": "2026-03-08T06:31:10Z",
5+
"published": "2026-03-08T06:31:10Z",
6+
"aliases": [
7+
"CVE-2026-3705"
8+
],
9+
"details": "A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3705"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Owen-YuanW/CVE/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.349651"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.349651"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.765797"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.767262"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-74"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-03-08T05:16:29Z"
59+
}
60+
}

advisories/unreviewed/2026/03/GHSA-6rfc-r3c7-7f5j/GHSA-6rfc-r3c7-7f5j.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6rfc-r3c7-7f5j",
4+
"modified": "2026-03-08T06:31:10Z",
5+
"published": "2026-03-08T06:31:10Z",
6+
"aliases": [
7+
"CVE-2026-3703"
8+
],
9+
"details": "A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3703"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://dl.wavlink.com/firmware/RD/WINSTAR_NU516U1-WO-A-2026-02-27-2fcf6ae-mt7628-squashfs-sysupgrade.bin"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/Wlz1112/Wavlink-NU516U1-V251208-/blob/main/ipaddr.md#exp-exploit--poc"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?ctiid.349649"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?id.349649"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.759226"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-119"
54+
],
55+
"severity": "HIGH",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-03-08T05:16:29Z"
59+
}
60+
}

advisories/unreviewed/2026/03/GHSA-87g2-jprq-4cmc/GHSA-87g2-jprq-4cmc.json

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-87g2-jprq-4cmc",
4+
"modified": "2026-03-08T06:31:10Z",
5+
"published": "2026-03-08T06:31:10Z",
6+
"aliases": [
7+
"CVE-2026-3706"
8+
],
9+
"details": "A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3706"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/mkj/dropbear/issues/406#issue-3978907798"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/str4d/ed25519-java/issues/82#issue-727629226"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/mkj/dropbear/pull/407"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/mkj/dropbear/commit/fdec3c90a15447bd538641d85e5a3e3ac981011d"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/mkj/dropbear"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?ctiid.349652"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/?id.349652"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://vuldb.com/?submit.765933"
57+
}
58+
],
59+
"database_specific": {
60+
"cwe_ids": [
61+
"CWE-345"
62+
],
63+
"severity": "MODERATE",
64+
"github_reviewed": false,
65+
"github_reviewed_at": null,
66+
"nvd_published_at": "2026-03-08T05:16:31Z"
67+
}
68+
}

advisories/unreviewed/2026/03/GHSA-9p2q-g4qr-25v6/GHSA-9p2q-g4qr-25v6.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9p2q-g4qr-25v6",
4+
"modified": "2026-03-08T06:31:10Z",
5+
"published": "2026-03-08T06:31:10Z",
6+
"aliases": [
7+
"CVE-2026-3710"
8+
],
9+
"details": "A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3710"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Owen-YuanW/CVE/issues/4"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.349656"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.349656"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.766298"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.767263"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-74"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-03-08T06:16:11Z"
59+
}
60+
}

advisories/unreviewed/2026/03/GHSA-fgc7-hpwc-cmc9/GHSA-fgc7-hpwc-cmc9.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-fgc7-hpwc-cmc9",
4+
"modified": "2026-03-08T06:31:10Z",
5+
"published": "2026-03-08T06:31:10Z",
6+
"aliases": [
7+
"CVE-2026-3713"
8+
],
9+
"details": "A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3713"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/pnggroup/libpng/issues/794"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/biniamf/pocs/tree/main/pnm2png"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/pnggroup/libpng"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?ctiid.349658"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?id.349658"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.761996"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-119"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-03-08T06:16:11Z"
59+
}
60+
}

0 commit comments

Comments
 (0)