Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 03f1c80ea1e5 · 2026-02-23T00:32:04.000Z
GHSA-36h6-rv4g-3jg5 GHSA-3w68-qp5h-x838 GHSA-58v6-hqx7-g3f3 GHSA-8gq5-mm3m-7h4x GHSA-8q98-3cmj-g687
diff --git a/advisories/unreviewed/2026/02/GHSA-36h6-rv4g-3jg5/GHSA-36h6-rv4g-3jg5.json b/advisories/unreviewed/2026/02/GHSA-36h6-rv4g-3jg5/GHSA-36h6-rv4g-3jg5.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-36h6-rv4g-3jg5",
+  "modified": "2026-02-23T00:30:26Z",
+  "published": "2026-02-23T00:30:26Z",
+  "aliases": [
+    "CVE-2026-2958"
+  ],
+  "details": "A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2958"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/25"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347325"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347325"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754509"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T00:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-3w68-qp5h-x838/GHSA-3w68-qp5h-x838.json b/advisories/unreviewed/2026/02/GHSA-3w68-qp5h-x838/GHSA-3w68-qp5h-x838.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3w68-qp5h-x838",
+  "modified": "2026-02-23T00:30:26Z",
+  "published": "2026-02-23T00:30:26Z",
+  "aliases": [
+    "CVE-2026-2959"
+  ],
+  "details": "A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2959"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/26"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347326"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347326"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754511"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T00:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-58v6-hqx7-g3f3/GHSA-58v6-hqx7-g3f3.json b/advisories/unreviewed/2026/02/GHSA-58v6-hqx7-g3f3/GHSA-58v6-hqx7-g3f3.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-58v6-hqx7-g3f3",
+  "modified": "2026-02-23T00:30:26Z",
+  "published": "2026-02-23T00:30:26Z",
+  "aliases": [
+    "CVE-2026-2957"
+  ],
+  "details": "A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2957"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fx4tqqfvdw4.feishu.cn/docx/YKwydLrdno51JtxJksmcWSfbnvd?from=from_copylink"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347324"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347324"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754510"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-404"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T23:15:59Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-8gq5-mm3m-7h4x/GHSA-8gq5-mm3m-7h4x.json b/advisories/unreviewed/2026/02/GHSA-8gq5-mm3m-7h4x/GHSA-8gq5-mm3m-7h4x.json
@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8gq5-mm3m-7h4x",
+  "modified": "2026-02-23T00:30:26Z",
+  "published": "2026-02-23T00:30:26Z",
+  "aliases": [
+    "CVE-2026-2588"
+  ],
+  "details": "Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems.\n\nSodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions.  On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 64-bits.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2588"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cpan-authors/crypt-nacl-sodium/commit/557388bdb4da416a56663cda0154b80cd524395c.patch"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cpan-authors/crypt-nacl-sodium/commit/8cf7f66ba922443e131c9deae1ee00fafe4f62e4.patch"
+    },
+    {
+      "type": "WEB",
+      "url": "https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.001/source/Sodium.xs#L2119"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-190"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T00:15:59Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-8q98-3cmj-g687/GHSA-8q98-3cmj-g687.json b/advisories/unreviewed/2026/02/GHSA-8q98-3cmj-g687/GHSA-8q98-3cmj-g687.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8q98-3cmj-g687",
+  "modified": "2026-02-23T00:30:26Z",
+  "published": "2026-02-23T00:30:26Z",
+  "aliases": [
+    "CVE-2026-2956"
+  ],
+  "details": "A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2956"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fx4tqqfvdw4.feishu.cn/docx/ObYgdtoweowo8Vx4dmuckqC7nBe?from=from_copylink"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347323"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347323"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754508"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T22:15:59Z"
+  }
+}
