Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-q32m-6vq5-jff5/GHSA-q32m-6vq5-jff5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q32m-6vq5-jff5",
-  "modified": "2022-05-24T19:07:32Z",
+  "modified": "2026-04-09T06:30:26Z",
   "published": "2022-05-24T19:07:32Z",
   "aliases": [
     "CVE-2021-36214"
   ],
   "details": "LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2025/05/GHSA-j7fr-xvx6-3p7v/GHSA-j7fr-xvx6-3p7v.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j7fr-xvx6-3p7v",
-  "modified": "2025-05-29T06:31:17Z",
+  "modified": "2026-04-09T06:30:26Z",
   "published": "2025-05-16T00:31:07Z",
   "aliases": [
     "CVE-2025-0921"
@@ -30,6 +30,10 @@
     {
       "type": "WEB",
       "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2025-002_en.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-002_en.pdf"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/04/GHSA-22fp-cvvv-7ff5/GHSA-22fp-cvvv-7ff5.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-22fp-cvvv-7ff5",
+  "modified": "2026-04-09T06:30:28Z",
+  "published": "2026-04-09T06:30:28Z",
+  "aliases": [
+    "CVE-2026-5849"
+  ],
+  "details": "A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5849"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vuldb_new/blob/main/i12/vul_110/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/791217"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356375"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356375/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T06:16:23Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2723-wm97-82qm/GHSA-2723-wm97-82qm.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2723-wm97-82qm",
+  "modified": "2026-04-09T06:30:28Z",
+  "published": "2026-04-09T06:30:28Z",
+  "aliases": [
+    "CVE-2026-5844"
+  ],
+  "details": "A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5844"
+    },
+    {
+      "type": "WEB",
+      "url": "https://files.catbox.moe/ei31k1.zip"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/790290"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356329"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356329/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T05:16:06Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2hg3-ppxj-cffw/GHSA-2hg3-ppxj-cffw.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2hg3-ppxj-cffw",
+  "modified": "2026-04-09T06:30:27Z",
+  "published": "2026-04-09T06:30:27Z",
+  "aliases": [
+    "CVE-2026-5835"
+  ],
+  "details": "A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Executing a manipulation of the argument product_name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5835"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lonelyuan/vunls/issues/4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/788340"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356291"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356291/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T04:17:23Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2mp7-7vgg-f35r/GHSA-2mp7-7vgg-f35r.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2mp7-7vgg-f35r",
+  "modified": "2026-04-09T06:30:27Z",
+  "published": "2026-04-09T06:30:27Z",
+  "aliases": [
+    "CVE-2026-5834"
+  ],
+  "details": "A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_running.php. Performing a manipulation of the argument product_name results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5834"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lonelyuan/vunls/issues/5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/788339"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356290"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356290/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T04:17:20Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2vw5-mf9h-8p68/GHSA-2vw5-mf9h-8p68.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vw5-mf9h-8p68",
+  "modified": "2026-04-09T06:30:28Z",
+  "published": "2026-04-09T06:30:28Z",
+  "aliases": [
+    "CVE-2026-5850"
+  ],
+  "details": "A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5850"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_156/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/791266"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356376"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356376/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.totolink.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T06:16:23Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-323c-322q-9h7v/GHSA-323c-322q-9h7v.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-323c-322q-9h7v",
+  "modified": "2026-04-09T06:30:28Z",
+  "published": "2026-04-09T06:30:28Z",
+  "aliases": [
+    "CVE-2026-5851"
+  ],
+  "details": "A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5851"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_157/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/791271"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356377"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356377/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.totolink.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T06:16:23Z"
+  }
+}