Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 397baa561870 · 2026-01-11T09:32:05.000Z
GHSA-397f-58rh-886v GHSA-5xwg-ff7c-5w3f GHSA-73j7-p7fw-fvw8 GHSA-m892-c9fc-5798
diff --git a/advisories/unreviewed/2026/01/GHSA-397f-58rh-886v/GHSA-397f-58rh-886v.json b/advisories/unreviewed/2026/01/GHSA-397f-58rh-886v/GHSA-397f-58rh-886v.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-397f-58rh-886v",
+  "modified": "2026-01-11T09:30:24Z",
+  "published": "2026-01-11T09:30:24Z",
+  "aliases": [
+    "CVE-2026-0840"
+  ],
+  "details": "A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0840"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/GUOTINGTING2297/cve/blob/main/1234/30.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.340440"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.340440"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.729029"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-11T07:15:49Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-5xwg-ff7c-5w3f/GHSA-5xwg-ff7c-5w3f.json b/advisories/unreviewed/2026/01/GHSA-5xwg-ff7c-5w3f/GHSA-5xwg-ff7c-5w3f.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5xwg-ff7c-5w3f",
+  "modified": "2026-01-11T09:30:24Z",
+  "published": "2026-01-11T09:30:24Z",
+  "aliases": [
+    "CVE-2026-0843"
+  ],
+  "details": "A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under multiple different names. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0843"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.340443"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.340443"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.731001"
+    },
+    {
+      "type": "WEB",
+      "url": "http://101.200.76.102:38765/qwertyuiop/qwsdfvbnm/1/vuldb/JJJshop/EnglishVers%E4%B8%89%E5%8B%BE%E7%82%B9%E9%A4%90%E7%B3%BB%E7%BB%9FPHP%E7%89%88%E5%AD%98%E5%9C%A8product.category.indexSQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-11T09:15:50Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-73j7-p7fw-fvw8/GHSA-73j7-p7fw-fvw8.json b/advisories/unreviewed/2026/01/GHSA-73j7-p7fw-fvw8/GHSA-73j7-p7fw-fvw8.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-73j7-p7fw-fvw8",
+  "modified": "2026-01-11T09:30:24Z",
+  "published": "2026-01-11T09:30:24Z",
+  "aliases": [
+    "CVE-2026-0841"
+  ],
+  "details": "A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0841"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/GUOTINGTING2297/cve/blob/main/1234/31.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.340441"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.340441"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.729030"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-11T08:15:59Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-m892-c9fc-5798/GHSA-m892-c9fc-5798.json b/advisories/unreviewed/2026/01/GHSA-m892-c9fc-5798/GHSA-m892-c9fc-5798.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m892-c9fc-5798",
+  "modified": "2026-01-11T09:30:24Z",
+  "published": "2026-01-11T09:30:24Z",
+  "aliases": [
+    "CVE-2026-0842"
+  ],
+  "details": "A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The attack can only be done within the local network. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0842"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/davidrxchester/smart-sketcher-upload/blob/main/smartsketch-upload.py"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.340442"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.340442"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.729134"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-11T08:16:00Z"
+  }
+}
