Publish Advisories

GHSA-g7mr-vm94-3rv7
GHSA-4hcm-qg7j-cc3v
GHSA-59wr-fjj3-mr2w
GHSA-6xq4-2j3g-9m44
GHSA-78fw-h7fp-fffh
GHSA-85rq-57vx-88q2
GHSA-f43g-cfgj-442p
GHSA-g43x-jrqr-j62r
GHSA-g4c7-xf45-99hx
GHSA-g9w4-m5fx-x3wv
GHSA-h4w6-67wq-xf89
GHSA-j72w-3754-92gg
GHSA-jhr8-wf3f-76ph
GHSA-jqjc-j9r5-4wf2
GHSA-mhc2-234v-x4jm
GHSA-vw2r-ffc4-8xm3

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-g7mr-vm94-3rv7/GHSA-g7mr-vm94-3rv7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g7mr-vm94-3rv7",
-  "modified": "2026-03-18T06:31:19Z",
+  "modified": "2026-03-18T12:31:51Z",
   "published": "2025-11-18T21:32:31Z",
   "aliases": [
     "CVE-2025-61662"
@@ -55,6 +55,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:4830"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:4900"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-61662"

advisories/unreviewed/2026/03/GHSA-4hcm-qg7j-cc3v/GHSA-4hcm-qg7j-cc3v.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4hcm-qg7j-cc3v",
+  "modified": "2026-03-18T12:31:52Z",
+  "published": "2026-03-18T12:31:52Z",
+  "aliases": [
+    "CVE-2026-23247"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: secure_seq: add back ports to TS offset\n\nThis reverts 28ee1b746f49 (\"secure_seq: downgrade to per-host timestamp offsets\")\n\ntcp_tw_recycle went away in 2017.\n\nZhouyan Deng reported off-path TCP source port leakage via\nSYN cookie side-channel that can be fixed in multiple ways.\n\nOne of them is to bring back TCP ports in TS offset randomization.\n\nAs a bonus, we perform a single siphash() computation\nto provide both an ISN and a TS offset.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23247"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T11:16:16Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-59wr-fjj3-mr2w/GHSA-59wr-fjj3-mr2w.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-59wr-fjj3-mr2w",
+  "modified": "2026-03-18T12:31:52Z",
+  "published": "2026-03-18T12:31:52Z",
+  "aliases": [
+    "CVE-2026-33265"
+  ],
+  "details": "In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33265"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.openwall.com/lists/oss-security/2026/03/18/3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-669"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T12:16:19Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6xq4-2j3g-9m44/GHSA-6xq4-2j3g-9m44.json

@@ -0,0 +1,57 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6xq4-2j3g-9m44",
+  "modified": "2026-03-18T12:31:52Z",
+  "published": "2026-03-18T12:31:52Z",
+  "aliases": [
+    "CVE-2026-23242"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix potential NULL pointer dereference in header processing\n\nIf siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),\nqp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data()\ndereferences qp->rx_fpdu->more_ddp_segs without checking, which\nmay lead to a NULL pointer deref. Only check more_ddp_segs when\nrx_fpdu is present.\n\nKASAN splat:\n[  101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]\n[  101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23242"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/14ab3da122bd18920ad57428f6cf4fade8385142"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/714c99e1dc8f85f446e05be02ba83972e981a817"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/8564dcc12fbb372d984ab45768cae9335777b274"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/87b7a036d2c73d5bb3ae2d47dee23de465db3355"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ab61841633d10e56a58c1493a262f0d02dba2f5e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ab957056192d6bd068b3759cb2077d859cca01f0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ce025f7f5d070596194315eb2e4e89d568b8a755"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ffba40b67663567481fa8a1ed5d2da36897c175d"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T11:16:15Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-78fw-h7fp-fffh/GHSA-78fw-h7fp-fffh.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-78fw-h7fp-fffh",
+  "modified": "2026-03-18T12:31:52Z",
+  "published": "2026-03-18T12:31:52Z",
+  "aliases": [
+    "CVE-2026-23248"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix refcount bug and potential UAF in perf_mmap\n\nSyzkaller reported a refcount_t: addition on 0; use-after-free warning\nin perf_mmap.\n\nThe issue is caused by a race condition between a failing mmap() setup\nand a concurrent mmap() on a dependent event (e.g., using output\nredirection).\n\nIn perf_mmap(), the ring_buffer (rb) is allocated and assigned to\nevent->rb with the mmap_mutex held. The mutex is then released to\nperform map_range().\n\nIf map_range() fails, perf_mmap_close() is called to clean up.\nHowever, since the mutex was dropped, another thread attaching to\nthis event (via inherited events or output redirection) can acquire\nthe mutex, observe the valid event->rb pointer, and attempt to\nincrement its reference count. If the cleanup path has already\ndropped the reference count to zero, this results in a\nuse-after-free or refcount saturation warning.\n\nFix this by extending the scope of mmap_mutex to cover the\nmap_range() call. This ensures that the ring buffer initialization\nand mapping (or cleanup on failure) happens atomically effectively,\npreventing other threads from accessing a half-initialized or\ndying ring buffer.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23248"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/77de62ad3de3967818c3dbe656b7336ebee461d2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ac7ecb65af170a7fc193e7bd8be15dac84ec6a56"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c27dea9f50ed525facb62ef647dddc4722456e07"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T11:16:16Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-85rq-57vx-88q2/GHSA-85rq-57vx-88q2.json

@@ -0,0 +1,57 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-85rq-57vx-88q2",
+  "modified": "2026-03-18T12:31:52Z",
+  "published": "2026-03-18T12:31:52Z",
+  "aliases": [
+    "CVE-2026-23243"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[  211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[  211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[  211.365867] ib_create_send_mad+0xa01/0x11b0\n[  211.365887] ib_umad_write+0x853/0x1c80",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23243"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1371ef6b1ecf3676b8942f5dfb3634fb0648128e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/205955f29c26330b1dc7fdeadd5bb97c38e26f56"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/362e45fd9069ffa1523f9f1633b606ebf72060d7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5551b02fdbfd85a325bb857f3a8f9c9f33397ed2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/6eb2919474ca105c5b13d19574e25f0ddcf19ca2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/9c80d688f402539dfc8f336de1380d6b4ee14316"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T11:16:16Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-f43g-cfgj-442p/GHSA-f43g-cfgj-442p.json

@@ -0,0 +1,53 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f43g-cfgj-442p",
+  "modified": "2026-03-18T12:31:52Z",
+  "published": "2026-03-18T12:31:52Z",
+  "aliases": [
+    "CVE-2025-71266"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: check return value of indx_find to avoid infinite loop\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed dentry in the ntfs3 filesystem can cause the kernel to hang\nduring the lookup operations. By setting the HAS_SUB_NODE flag in an\nINDEX_ENTRY within a directory's INDEX_ALLOCATION block and manipulating the\nVCN pointer, an attacker can cause the indx_find() function to repeatedly\nread the same block, allocating 4 KB of memory each time. The kernel lacks\nVCN loop detection and depth limits, causing memory exhaustion and an OOM\ncrash.\n\nThis patch adds a return value check for fnd_push() to prevent a memory\nexhaustion vulnerability caused by infinite loops. When the index exceeds the\nsize of the fnd->nodes array, fnd_push() returns -EINVAL. The indx_find()\nfunction checks this return value and stops processing, preventing further\nmemory allocation.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71266"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/0ad7a1be44479503dbe5c699759861ef5b8bd70c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/14c3188afbedfd5178bbabb8002487ea14b37b56"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/1732053c8a6b360e2d5afb1b34fe9779398b072c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/398e768d1accd1f5645492ab996005d7aa84a5b0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/435d34719db0e130f6f0c621d67ed524cc1a7d10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/68e32694be231c1cdb99b7637a657314e88e1a96"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b0ea441f44ce64fa514a415d4a9e6e2b06e7946c"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T11:16:15Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-g43x-jrqr-j62r/GHSA-g43x-jrqr-j62r.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g43x-jrqr-j62r",
+  "modified": "2026-03-18T12:31:52Z",
+  "published": "2026-03-18T12:31:52Z",
+  "aliases": [
+    "CVE-2026-23246"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration\n\nlink_id is taken from the ML Reconfiguration element (control & 0x000f),\nso it can be 0..15. link_removal_timeout[] has IEEE80211_MLD_MAX_NUM_LINKS\n(15) elements, so index 15 is out-of-bounds. Skip subelements with\nlink_id >= IEEE80211_MLD_MAX_NUM_LINKS to avoid a stack out-of-bounds\nwrite.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23246"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/162d331d833dc73a3e905a24c44dd33732af1fc5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/bfde158d5d1322c0c2df398a8d1ccce04943be2e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d58d71c2167601762351962b9604808d3be94400"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f35ceec54d48e227fa46f8f97fd100a77b8eab15"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T11:16:16Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-g4c7-xf45-99hx/GHSA-g4c7-xf45-99hx.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g4c7-xf45-99hx",
+  "modified": "2026-03-18T12:31:51Z",
+  "published": "2026-03-18T12:31:51Z",
+  "aliases": [
+    "CVE-2026-32565"
+  ],
+  "details": "Missing Authorization vulnerability in WebberZone Contextual Related Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a before 4.2.2.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32565"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/wordpress/plugin/contextual-related-posts/vulnerability/wordpress-contextual-related-posts-plugin-4-2-2-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-18T10:16:25Z"
+  }
+}