Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit c14cc6b5d3bb · 2026-03-30T03:32:12.000Z
GHSA-83j7-f6w3-6wmp GHSA-fxg3-w9hm-vf88 GHSA-r9gc-9vw9-725f GHSA-vhcx-3pq2-4fvc
diff --git a/advisories/unreviewed/2026/03/GHSA-83j7-f6w3-6wmp/GHSA-83j7-f6w3-6wmp.json b/advisories/unreviewed/2026/03/GHSA-83j7-f6w3-6wmp/GHSA-83j7-f6w3-6wmp.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-83j7-f6w3-6wmp",
+  "modified": "2026-03-30T03:30:19Z",
+  "published": "2026-03-30T03:30:19Z",
+  "aliases": [
+    "CVE-2026-5104"
+  ],
+  "details": "A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5104"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_ip_cmd_inject"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/779142"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354129"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354129/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.totolink.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-30T03:15:58Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-fxg3-w9hm-vf88/GHSA-fxg3-w9hm-vf88.json b/advisories/unreviewed/2026/03/GHSA-fxg3-w9hm-vf88/GHSA-fxg3-w9hm-vf88.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fxg3-w9hm-vf88",
+  "modified": "2026-03-30T03:30:19Z",
+  "published": "2026-03-30T03:30:19Z",
+  "aliases": [
+    "CVE-2026-5103"
+  ],
+  "details": "A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5103"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_enable_cmd_inject"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/779140"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354128"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354128/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.totolink.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-30T02:16:15Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-r9gc-9vw9-725f/GHSA-r9gc-9vw9-725f.json b/advisories/unreviewed/2026/03/GHSA-r9gc-9vw9-725f/GHSA-r9gc-9vw9-725f.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r9gc-9vw9-725f",
+  "modified": "2026-03-30T03:30:19Z",
+  "published": "2026-03-30T03:30:19Z",
+  "aliases": [
+    "CVE-2026-3124"
+  ],
+  "details": "The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary pending orders by exploiting a mismatch between the PayPal transaction token and the local order, allowing theft of paid digital goods by paying a minimal amount for a low-cost item and using that payment token to finalize a high-value order.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3124"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3470119/download-monitor"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45527d6c-6866-44e6-85c2-5be984afbbc9?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-30T02:16:15Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-vhcx-3pq2-4fvc/GHSA-vhcx-3pq2-4fvc.json b/advisories/unreviewed/2026/03/GHSA-vhcx-3pq2-4fvc/GHSA-vhcx-3pq2-4fvc.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vhcx-3pq2-4fvc",
+  "modified": "2026-03-30T03:30:19Z",
+  "published": "2026-03-30T03:30:19Z",
+  "aliases": [
+    "CVE-2025-15036"
+  ],
+  "details": "A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15036"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/36c314cf-fd6e-4fb0-b9b0-1b47bcdf0eb0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-29"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-30T02:16:14Z"
+  }
+}
