Publish Advisories

GHSA-22m2-mv56-5hwq
GHSA-26qr-26wf-xv6x
GHSA-2957-vcfc-fpfc
GHSA-7hqw-92qf-g6mp
GHSA-c267-rfvc-mvpm
GHSA-c7gg-49qc-mfhm
GHSA-g2xp-c545-pvpg
GHSA-j2wh-rp49-235f
GHSA-j66g-mfcw-hrf3
GHSA-mfmx-5m88-3hp5
GHSA-rp9g-qx29-88cp
GHSA-rv6q-j73h-c4g9
GHSA-wmhj-8r82-fp9j

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-22m2-mv56-5hwq/GHSA-22m2-mv56-5hwq.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-22m2-mv56-5hwq",
+  "modified": "2026-03-18T09:30:28Z",
+  "published": "2026-03-18T09:30:28Z",
+  "aliases": [
+    "CVE-2026-22320"
+  ],
+  "details": "A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22320"
+    },
+    {
+      "type": "WEB",
+      "url": "https://certvde.com/de/advisories/VDE-2025-104"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T08:16:29Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-26qr-26wf-xv6x/GHSA-26qr-26wf-xv6x.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-26qr-26wf-xv6x",
+  "modified": "2026-03-18T09:30:28Z",
+  "published": "2026-03-18T09:30:28Z",
+  "aliases": [
+    "CVE-2025-31703"
+  ],
+  "details": "A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31703"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/security-advisory-%E2%80%93-vulnerability-found-in-dahua-nvr-xvr-device"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-305"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T08:16:26Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2957-vcfc-fpfc/GHSA-2957-vcfc-fpfc.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2957-vcfc-fpfc",
+  "modified": "2026-03-18T09:30:28Z",
+  "published": "2026-03-18T09:30:28Z",
+  "aliases": [
+    "CVE-2026-22318"
+  ],
+  "details": "A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22318"
+    },
+    {
+      "type": "WEB",
+      "url": "https://certvde.com/de/advisories/VDE-2025-104"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T08:16:28Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-7hqw-92qf-g6mp/GHSA-7hqw-92qf-g6mp.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7hqw-92qf-g6mp",
+  "modified": "2026-03-18T09:30:28Z",
+  "published": "2026-03-18T09:30:28Z",
+  "aliases": [
+    "CVE-2026-22319"
+  ],
+  "details": "A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22319"
+    },
+    {
+      "type": "WEB",
+      "url": "https://certvde.com/de/advisories/VDE-2025-104"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T08:16:28Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-c267-rfvc-mvpm/GHSA-c267-rfvc-mvpm.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c267-rfvc-mvpm",
+  "modified": "2026-03-18T09:30:29Z",
+  "published": "2026-03-18T09:30:29Z",
+  "aliases": [
+    "CVE-2026-22730"
+  ],
+  "details": "A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.\n\nThe vulnerability exists due to missing input sanitization.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22730"
+    },
+    {
+      "type": "WEB",
+      "url": "https://spring.io/security/cve-2026-22730"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T08:16:31Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-c7gg-49qc-mfhm/GHSA-c7gg-49qc-mfhm.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c7gg-49qc-mfhm",
+  "modified": "2026-03-18T09:30:28Z",
+  "published": "2026-03-18T09:30:28Z",
+  "aliases": [
+    "CVE-2026-22316"
+  ],
+  "details": "A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22316"
+    },
+    {
+      "type": "WEB",
+      "url": "https://certvde.com/de/advisories/VDE-2025-104"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T08:16:27Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-g2xp-c545-pvpg/GHSA-g2xp-c545-pvpg.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g2xp-c545-pvpg",
+  "modified": "2026-03-18T09:30:28Z",
+  "published": "2026-03-18T09:30:28Z",
+  "aliases": [
+    "CVE-2026-3512"
+  ],
+  "details": "The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjl_wprintstylo_comments_nav() function. The function directly outputs the $_GET['p'] parameter into an HTML href attribute without any escaping. This makes it possible for authenticated attackers with Contributor-level permissions or higher to inject arbitrary web scripts in pages that execute if they can successfully trick another user into performing an action such as clicking on a link.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3512"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/writeprint-stylometry/tags/0.1/writeprint-stylometry.php#L341"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/writeprint-stylometry/tags/0.1/writeprint-stylometry.php#L345"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/writeprint-stylometry/trunk/writeprint-stylometry.php#L341"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/writeprint-stylometry/trunk/writeprint-stylometry.php#L345"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a614ce5-faa4-4b27-84bd-f15f8652d477?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T07:16:21Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-j2wh-rp49-235f/GHSA-j2wh-rp49-235f.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j2wh-rp49-235f",
+  "modified": "2026-03-18T09:30:28Z",
+  "published": "2026-03-18T09:30:28Z",
+  "aliases": [
+    "CVE-2026-22322"
+  ],
+  "details": "A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22322"
+    },
+    {
+      "type": "WEB",
+      "url": "https://certvde.com/de/advisories/VDE-2025-104"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T08:16:30Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-j66g-mfcw-hrf3/GHSA-j66g-mfcw-hrf3.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j66g-mfcw-hrf3",
+  "modified": "2026-03-18T09:30:28Z",
+  "published": "2026-03-18T09:30:28Z",
+  "aliases": [
+    "CVE-2026-22321"
+  ],
+  "details": "A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a low‑severity availability disruption.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22321"
+    },
+    {
+      "type": "WEB",
+      "url": "https://certvde.com/de/advisories/VDE-2025-104"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T08:16:29Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-mfmx-5m88-3hp5/GHSA-mfmx-5m88-3hp5.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mfmx-5m88-3hp5",
+  "modified": "2026-03-18T09:30:28Z",
+  "published": "2026-03-18T09:30:28Z",
+  "aliases": [
+    "CVE-2026-22317"
+  ],
+  "details": "A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22317"
+    },
+    {
+      "type": "WEB",
+      "url": "https://certvde.com/de/advisories/VDE-2025-104"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T08:16:27Z"
+  }
+}