Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit ace7bffa840a · 2026-02-23T03:32:04.000Z
GHSA-5rv4-3jvj-f68v GHSA-6m36-rgr7-cxwp GHSA-72rq-263w-2jx8 GHSA-9rv8-797j-7r85 GHSA-m5mm-h952-fxjj GHSA-m69x-r9q9-whf9 GHSA-p2r3-72mr-vwg2 GHSA-w6qc-qw25-92c3 GHSA-xcgv-f626-23hx
diff --git a/advisories/unreviewed/2026/02/GHSA-5rv4-3jvj-f68v/GHSA-5rv4-3jvj-f68v.json b/advisories/unreviewed/2026/02/GHSA-5rv4-3jvj-f68v/GHSA-5rv4-3jvj-f68v.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5rv4-3jvj-f68v",
+  "modified": "2026-02-23T03:30:21Z",
+  "published": "2026-02-23T03:30:21Z",
+  "aliases": [
+    "CVE-2026-2960"
+  ],
+  "details": "A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2960"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/27"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347327"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347327"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754512"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T01:16:17Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-6m36-rgr7-cxwp/GHSA-6m36-rgr7-cxwp.json b/advisories/unreviewed/2026/02/GHSA-6m36-rgr7-cxwp/GHSA-6m36-rgr7-cxwp.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6m36-rgr7-cxwp",
+  "modified": "2026-02-23T03:30:22Z",
+  "published": "2026-02-23T03:30:21Z",
+  "aliases": [
+    "CVE-2026-2961"
+  ],
+  "details": "A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2961"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/28"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347328"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347328"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754513"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T01:16:17Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-72rq-263w-2jx8/GHSA-72rq-263w-2jx8.json b/advisories/unreviewed/2026/02/GHSA-72rq-263w-2jx8/GHSA-72rq-263w-2jx8.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-72rq-263w-2jx8",
+  "modified": "2026-02-23T03:30:22Z",
+  "published": "2026-02-23T03:30:22Z",
+  "aliases": [
+    "CVE-2026-2964"
+  ],
+  "details": "A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2964"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347331"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347331"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755221"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T02:16:39Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-9rv8-797j-7r85/GHSA-9rv8-797j-7r85.json b/advisories/unreviewed/2026/02/GHSA-9rv8-797j-7r85/GHSA-9rv8-797j-7r85.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9rv8-797j-7r85",
+  "modified": "2026-02-23T03:30:22Z",
+  "published": "2026-02-23T03:30:22Z",
+  "aliases": [
+    "CVE-2026-24494"
+  ],
+  "details": "SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted store_id parameter in a POST request.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24494"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.spartanssec.com/post/multiple-unauthenticated-sql-injection-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T02:16:39Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-m5mm-h952-fxjj/GHSA-m5mm-h952-fxjj.json b/advisories/unreviewed/2026/02/GHSA-m5mm-h952-fxjj/GHSA-m5mm-h952-fxjj.json
@@ -0,0 +1,54 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m5mm-h952-fxjj",
+  "modified": "2026-02-23T03:30:22Z",
+  "published": "2026-02-23T03:30:22Z",
+  "aliases": [
+    "CVE-2026-2966"
+  ],
+  "details": "A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2966"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/dwBruijn/CVEs/blob/main/Mongoose/mg_sendnsreq.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/dwBruijn/CVEs/blob/main/Mongoose/mg_sendnsreq.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347333"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347333"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755304"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T03:15:59Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-m69x-r9q9-whf9/GHSA-m69x-r9q9-whf9.json b/advisories/unreviewed/2026/02/GHSA-m69x-r9q9-whf9/GHSA-m69x-r9q9-whf9.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m69x-r9q9-whf9",
+  "modified": "2026-02-23T03:30:22Z",
+  "published": "2026-02-23T03:30:22Z",
+  "aliases": [
+    "CVE-2026-2963"
+  ],
+  "details": "A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. It is suggested to install a patch to address this issue. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2963"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347330"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347330"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.755216"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuln.ricky.place/Jinher/C6"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T01:16:18Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-p2r3-72mr-vwg2/GHSA-p2r3-72mr-vwg2.json b/advisories/unreviewed/2026/02/GHSA-p2r3-72mr-vwg2/GHSA-p2r3-72mr-vwg2.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p2r3-72mr-vwg2",
+  "modified": "2026-02-23T03:30:22Z",
+  "published": "2026-02-23T03:30:22Z",
+  "aliases": [
+    "CVE-2026-2962"
+  ],
+  "details": "A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2962"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LX-66-LX/cve-new/issues/29"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347329"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347329"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.754517"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-23T01:16:17Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/02/GHSA-w6qc-qw25-92c3/GHSA-w6qc-qw25-92c3.json b/advisories/unreviewed/2026/02/GHSA-w6qc-qw25-92c3/GHSA-w6qc-qw25-92c3.json
diff --git a/advisories/unreviewed/2026/02/GHSA-xcgv-f626-23hx/GHSA-xcgv-f626-23hx.json b/advisories/unreviewed/2026/02/GHSA-xcgv-f626-23hx/GHSA-xcgv-f626-23hx.json
