Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit eceb2905e405 · 2026-03-30T06:32:14.000Z
GHSA-27p7-fq6v-hh4m GHSA-3h9m-4hx4-r4rj GHSA-jc9w-4gwg-hjf5 GHSA-q2q4-jjp8-f6m3
diff --git a/advisories/unreviewed/2026/03/GHSA-27p7-fq6v-hh4m/GHSA-27p7-fq6v-hh4m.json b/advisories/unreviewed/2026/03/GHSA-27p7-fq6v-hh4m/GHSA-27p7-fq6v-hh4m.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-27p7-fq6v-hh4m",
+  "modified": "2026-03-30T06:30:26Z",
+  "published": "2026-03-30T06:30:26Z",
+  "aliases": [
+    "CVE-2026-5107"
+  ],
+  "details": "A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5107"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FRRouting/frr/pull/21098"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FRRouting/frr"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/780123"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354132"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354132/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-30T06:16:05Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-3h9m-4hx4-r4rj/GHSA-3h9m-4hx4-r4rj.json b/advisories/unreviewed/2026/03/GHSA-3h9m-4hx4-r4rj/GHSA-3h9m-4hx4-r4rj.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3h9m-4hx4-r4rj",
+  "modified": "2026-03-30T06:30:26Z",
+  "published": "2026-03-30T06:30:26Z",
+  "aliases": [
+    "CVE-2026-5105"
+  ],
+  "details": "A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5105"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_pptpPassThru_cmd_inject"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/779143"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354130"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354130/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.totolink.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-30T04:16:09Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-jc9w-4gwg-hjf5/GHSA-jc9w-4gwg-hjf5.json b/advisories/unreviewed/2026/03/GHSA-jc9w-4gwg-hjf5/GHSA-jc9w-4gwg-hjf5.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jc9w-4gwg-hjf5",
+  "modified": "2026-03-30T06:30:26Z",
+  "published": "2026-03-30T06:30:26Z",
+  "aliases": [
+    "CVE-2026-5106"
+  ],
+  "details": "A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_fst.php. Executing a manipulation of the argument sname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5106"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/sxc2044-pixel/hajimi/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/780091"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354131"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354131/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-30T05:15:59Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-q2q4-jjp8-f6m3/GHSA-q2q4-jjp8-f6m3.json b/advisories/unreviewed/2026/03/GHSA-q2q4-jjp8-f6m3/GHSA-q2q4-jjp8-f6m3.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q2q4-jjp8-f6m3",
-  "modified": "2026-03-29T21:30:21Z",
+  "modified": "2026-03-30T06:30:26Z",
   "published": "2026-03-29T21:30:21Z",
   "aliases": [
     "CVE-2026-4176"
@@ -37,6 +37,10 @@
     {
       "type": "WEB",
       "url": "https://www.cve.org/CVERecord?id=CVE-2026-3381"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/03/30/2"
     }
   ],
   "database_specific": {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-q2q4-jjp8-f6m3",`
`4`		`- "modified": "2026-03-29T21:30:21Z",`
	`4`	`+ "modified": "2026-03-30T06:30:26Z",`
`5`	`5`	`"published": "2026-03-29T21:30:21Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-4176"`
`@@ -37,6 +37,10 @@`
`37`	`37`	`{`
`38`	`38`	`"type": "WEB",`
`39`	`39`	`"url": "https://www.cve.org/CVERecord?id=CVE-2026-3381"`
	`40`	`+ },`
	`41`	`+ {`
	`42`	`+ "type": "WEB",`
	`43`	`+ "url": "http://www.openwall.com/lists/oss-security/2026/03/30/2"`
`40`	`44`	`}`
`41`	`45`	`],`
`42`	`46`	`"database_specific": {`