Skip to content

Commit 45c28f1

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-h7qj-64j4-6grw GHSA-h95j-mxr9-q69c GHSA-j9px-j4m5-375m
1 parent c049c75 commit 45c28f1

3 files changed

Lines changed: 160 additions & 0 deletions

File tree

advisories/unreviewed/2026/03/GHSA-h7qj-64j4-6grw/GHSA-h7qj-64j4-6grw.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h7qj-64j4-6grw",
4+
"modified": "2026-03-29T12:31:25Z",
5+
"published": "2026-03-29T12:31:25Z",
6+
"aliases": [
7+
"CVE-2026-5042"
8+
],
9+
"details": "A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5042"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_153/README.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/779123"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/353965"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/353965/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-119"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-29T11:16:34Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-h95j-mxr9-q69c/GHSA-h95j-mxr9-q69c.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h95j-mxr9-q69c",
4+
"modified": "2026-03-29T12:31:25Z",
5+
"published": "2026-03-29T12:31:25Z",
6+
"aliases": [
7+
"CVE-2026-5043"
8+
],
9+
"details": "A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5043"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_154/README.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/779124"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/353966"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/353966/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-119"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-29T12:15:57Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-j9px-j4m5-375m/GHSA-j9px-j4m5-375m.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j9px-j4m5-375m",
4+
"modified": "2026-03-29T12:31:25Z",
5+
"published": "2026-03-29T12:31:25Z",
6+
"aliases": [
7+
"CVE-2026-5041"
8+
],
9+
"details": "A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5041"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://gist.github.com/y7y7y77/dd6df2db50fd0146b72fc4e0766a4ffd"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/778873"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/353964"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/353964/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-29T10:15:56Z"
55+
}
56+
}

0 commit comments

Comments
 (0)