Publish Advisories

GHSA-5pp6-8jj7-4q6q
GHSA-9j4g-mpf6-p3hh
GHSA-9prx-6fqf-vvjh
GHSA-cmc9-h7g2-jqff
GHSA-hpg8-x2mf-jw6x
GHSA-j4j2-2vjx-c7hx
GHSA-jfqc-5rvh-wp99
GHSA-jh6p-v59c-g7f9
GHSA-jxfc-8wcq-xxcg
GHSA-m6wx-rxrp-cc9p
GHSA-mq3w-44cm-pfv8
GHSA-p88h-9fmr-wj9q
GHSA-q28g-7mpq-xfp7
GHSA-qmvm-ccq4-rpc7
GHSA-wrrf-7989-mvp7

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-5pp6-8jj7-4q6q/GHSA-5pp6-8jj7-4q6q.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5pp6-8jj7-4q6q",
-  "modified": "2026-03-16T15:30:42Z",
+  "modified": "2026-03-31T03:31:25Z",
   "published": "2026-03-16T15:30:42Z",
   "aliases": [
     "CVE-2026-20999"
   ],
   "details": "Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
@@ -25,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-294"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/03/GHSA-9j4g-mpf6-p3hh/GHSA-9j4g-mpf6-p3hh.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9j4g-mpf6-p3hh",
-  "modified": "2026-03-16T15:30:42Z",
+  "modified": "2026-03-31T03:31:25Z",
   "published": "2026-03-16T15:30:42Z",
   "aliases": [
     "CVE-2026-20998"
   ],
   "details": "Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/03/GHSA-9prx-6fqf-vvjh/GHSA-9prx-6fqf-vvjh.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-94"
+    ],
     "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/03/GHSA-cmc9-h7g2-jqff/GHSA-cmc9-h7g2-jqff.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-862"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/03/GHSA-hpg8-x2mf-jw6x/GHSA-hpg8-x2mf-jw6x.json

@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-119"
+      "CWE-119",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2026/03/GHSA-j4j2-2vjx-c7hx/GHSA-j4j2-2vjx-c7hx.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j4j2-2vjx-c7hx",
+  "modified": "2026-03-31T03:31:26Z",
+  "published": "2026-03-31T03:31:26Z",
+  "aliases": [
+    "CVE-2026-5176"
+  ],
+  "details": "A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5176"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_rtLogServer_cmd_inject"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/779145"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354244"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354244/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.totolink.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-31T02:15:59Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-jfqc-5rvh-wp99/GHSA-jfqc-5rvh-wp99.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jfqc-5rvh-wp99",
+  "modified": "2026-03-31T03:31:26Z",
+  "published": "2026-03-31T03:31:26Z",
+  "aliases": [
+    "CVE-2026-3300"
+  ],
+  "details": "The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval(). The sanitize_text_field() function applied to input does not escape single quotes or other PHP code context characters. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code on the server by submitting a crafted value in any string-type form field (text, email, URL, select, radio) when a form uses the \"Complex Calculation\" feature.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3300"
+    },
+    {
+      "type": "WEB",
+      "url": "https://everestforms.net/changelog"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.3/includes/class-evf-form-task.php#L584"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/389c0b89-e408-4ad5-9723-a16b745771f0?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-31T02:15:59Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-jh6p-v59c-g7f9/GHSA-jh6p-v59c-g7f9.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jh6p-v59c-g7f9",
+  "modified": "2026-03-31T03:31:26Z",
+  "published": "2026-03-31T03:31:26Z",
+  "aliases": [
+    "CVE-2026-5115"
+  ],
+  "details": "The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device.\n\nIt was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an  attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5115"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-319"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-31T01:16:36Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-jxfc-8wcq-xxcg/GHSA-jxfc-8wcq-xxcg.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jxfc-8wcq-xxcg",
+  "modified": "2026-03-31T03:31:26Z",
+  "published": "2026-03-31T03:31:26Z",
+  "aliases": [
+    "CVE-2026-4020"
+  ],
+  "details": "The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permission_callback that unconditionally returns true, allowing any unauthenticated visitor to access it. When the ?page=gravitysmtp-settings query parameter is appended, the plugin's register_connector_data() method populates internal connector data, causing the endpoint to return approximately 365 KB of JSON containing the full System Report. This makes it possible for unauthenticated attackers to retrieve detailed system configuration data including PHP version, loaded extensions, web server version, document root path, database server type and version, WordPress version, all active plugins with versions, active theme, WordPress configuration details, database table names, and any API keys/tokens configured in the plugin.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4020"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.gravitysmtp.com/gravity-smtp-changelog"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/gravitysmtp/tags/2.1.4/vendor/gravityforms/gravity-tools/src/Providers/class-config-collection-service-provider.php#L103"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/gravitysmtp/tags/2.1.4/vendor/gravityforms/gravity-tools/src/Providers/class-config-collection-service-provider.php#L86"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/gravitysmtp/trunk/vendor/gravityforms/gravity-tools/src/Providers/class-config-collection-service-provider.php#L103"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/gravitysmtp/trunk/vendor/gravityforms/gravity-tools/src/Providers/class-config-collection-service-provider.php#L86"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.gravityforms.com/gravity-smtp"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12a296db-ecc0-409b-8718-0c208504053a?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-31T02:15:59Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-m6wx-rxrp-cc9p/GHSA-m6wx-rxrp-cc9p.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m6wx-rxrp-cc9p",
+  "modified": "2026-03-31T03:31:26Z",
+  "published": "2026-03-31T03:31:26Z",
+  "aliases": [
+    "CVE-2026-4794"
+  ],
+  "details": "Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires an active login session).",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4794"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-31T01:16:36Z"
+  }
+}