Publish Advisories

GHSA-c324-4x25-3fp3
GHSA-c8cm-m492-rqr8
GHSA-f565-6pjw-3whr
GHSA-fxq4-96xx-h92h
GHSA-m87m-887p-w3r5
GHSA-mmwr-f26g-hp2q
GHSA-pp46-7w92-4xvf
GHSA-qf2x-h525-fc86
GHSA-qjwf-h778-47mm
GHSA-v4fw-f854-rf72

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-c324-4x25-3fp3/GHSA-c324-4x25-3fp3.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c324-4x25-3fp3",
+  "modified": "2026-02-22T06:30:17Z",
+  "published": "2026-02-22T06:30:17Z",
+  "aliases": [
+    "CVE-2026-2929"
+  ],
+  "details": "A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2929"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/24"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347276"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347276"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754503"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T06:16:03Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-c8cm-m492-rqr8/GHSA-c8cm-m492-rqr8.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c8cm-m492-rqr8",
+  "modified": "2026-02-22T06:30:17Z",
+  "published": "2026-02-22T06:30:17Z",
+  "aliases": [
+    "CVE-2026-2927"
+  ],
+  "details": "A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2927"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/22"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347274"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347274"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754499"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T05:16:19Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-f565-6pjw-3whr/GHSA-f565-6pjw-3whr.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f565-6pjw-3whr",
+  "modified": "2026-02-22T06:30:17Z",
+  "published": "2026-02-22T06:30:17Z",
+  "aliases": [
+    "CVE-2026-1369"
+  ],
+  "details": "The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1369"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/5a275725-85f2-4463-880b-9473dbdfa8e0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T06:16:02Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-fxq4-96xx-h92h/GHSA-fxq4-96xx-h92h.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fxq4-96xx-h92h",
+  "modified": "2026-02-22T06:30:16Z",
+  "published": "2026-02-22T06:30:16Z",
+  "aliases": [
+    "CVE-2026-2910"
+  ],
+  "details": "A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2910"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/QIU-DIE/cve-nneeww/issues/12"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347219"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347219"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755212"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T04:15:57Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-m87m-887p-w3r5/GHSA-m87m-887p-w3r5.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m87m-887p-w3r5",
+  "modified": "2026-02-22T06:30:17Z",
+  "published": "2026-02-22T06:30:17Z",
+  "aliases": [
+    "CVE-2026-2926"
+  ],
+  "details": "A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2926"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347273"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347273"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754498"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T05:16:15Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-mmwr-f26g-hp2q/GHSA-mmwr-f26g-hp2q.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mmwr-f26g-hp2q",
+  "modified": "2026-02-22T06:30:17Z",
+  "published": "2026-02-22T06:30:17Z",
+  "aliases": [
+    "CVE-2026-2928"
+  ],
+  "details": "A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2928"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/23"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347275"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347275"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754500"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T05:16:19Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-pp46-7w92-4xvf/GHSA-pp46-7w92-4xvf.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pp46-7w92-4xvf",
+  "modified": "2026-02-22T06:30:17Z",
+  "published": "2026-02-22T06:30:17Z",
+  "aliases": [
+    "CVE-2026-2912"
+  ],
+  "details": "A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2912"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tiancesec/CVE/issues/25"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347221"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347221"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755219"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-22T04:15:59Z"
+  }
+}