Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 6e8b2a174818 · 2026-01-30T15:32:28.000Z
GHSA-3pvj-q7qj-89fg GHSA-2p6p-hqq4-q469 GHSA-33hj-rcmx-86mv GHSA-4h4g-2r65-5v68 GHSA-4v8j-92c3-9f2f GHSA-75v6-gf74-7fjw GHSA-frg8-29h3-wvgf GHSA-hc69-r6rr-hmxf GHSA-qqgm-c595-2xpg GHSA-rv8x-5qhg-m8hq
diff --git a/advisories/unreviewed/2025/07/GHSA-3pvj-q7qj-89fg/GHSA-3pvj-q7qj-89fg.json b/advisories/unreviewed/2025/07/GHSA-3pvj-q7qj-89fg/GHSA-3pvj-q7qj-89fg.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3pvj-q7qj-89fg",
-  "modified": "2026-01-27T18:32:05Z",
+  "modified": "2026-01-30T15:31:13Z",
   "published": "2025-07-07T15:30:39Z",
   "aliases": [
     "CVE-2025-5987"
@@ -51,6 +51,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0978"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0985"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0996"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-5987"
diff --git a/advisories/unreviewed/2026/01/GHSA-2p6p-hqq4-q469/GHSA-2p6p-hqq4-q469.json b/advisories/unreviewed/2026/01/GHSA-2p6p-hqq4-q469/GHSA-2p6p-hqq4-q469.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2p6p-hqq4-q469",
+  "modified": "2026-01-30T15:31:14Z",
+  "published": "2026-01-30T15:31:14Z",
+  "aliases": [
+    "CVE-2025-13176"
+  ],
+  "details": "Planting a custom configuration file\n\nin \n\nESET Inspect Connector allow load a malicious DLL.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13176"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.eset.com/en/ca8910-eset-customer-advisory-local-privilege-escalation-vulnerability-fixed-in-eset-inspect-connector-for-windows"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T13:15:53Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-33hj-rcmx-86mv/GHSA-33hj-rcmx-86mv.json b/advisories/unreviewed/2026/01/GHSA-33hj-rcmx-86mv/GHSA-33hj-rcmx-86mv.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-33hj-rcmx-86mv",
+  "modified": "2026-01-30T15:31:14Z",
+  "published": "2026-01-30T15:31:14Z",
+  "aliases": [
+    "CVE-2024-4027"
+  ],
+  "details": "A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4027"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2024-4027"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276410"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T15:16:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-4h4g-2r65-5v68/GHSA-4h4g-2r65-5v68.json b/advisories/unreviewed/2026/01/GHSA-4h4g-2r65-5v68/GHSA-4h4g-2r65-5v68.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4h4g-2r65-5v68",
+  "modified": "2026-01-30T15:31:14Z",
+  "published": "2026-01-30T15:31:14Z",
+  "aliases": [
+    "CVE-2026-1685"
+  ],
+  "details": "A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1685"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/master-abc/cve/issues/17"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.343479"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.343479"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.740886"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-307"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T15:16:08Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-4v8j-92c3-9f2f/GHSA-4v8j-92c3-9f2f.json b/advisories/unreviewed/2026/01/GHSA-4v8j-92c3-9f2f/GHSA-4v8j-92c3-9f2f.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4v8j-92c3-9f2f",
+  "modified": "2026-01-30T15:31:14Z",
+  "published": "2026-01-30T15:31:14Z",
+  "aliases": [
+    "CVE-2026-1684"
+  ],
+  "details": "A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to implement a patch to correct this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1684"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/free5gc/free5gc/issues/806"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/free5gc/smf/pull/188"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.343477"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.343477"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.739655"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.739656"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-404"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T15:16:08Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-75v6-gf74-7fjw/GHSA-75v6-gf74-7fjw.json b/advisories/unreviewed/2026/01/GHSA-75v6-gf74-7fjw/GHSA-75v6-gf74-7fjw.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-75v6-gf74-7fjw",
+  "modified": "2026-01-30T15:31:14Z",
+  "published": "2026-01-30T15:31:14Z",
+  "aliases": [
+    "CVE-2026-1498"
+  ],
+  "details": "An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1498"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-90"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T13:15:54Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-frg8-29h3-wvgf/GHSA-frg8-29h3-wvgf.json b/advisories/unreviewed/2026/01/GHSA-frg8-29h3-wvgf/GHSA-frg8-29h3-wvgf.json
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-frg8-29h3-wvgf",
+  "modified": "2026-01-30T15:31:14Z",
+  "published": "2026-01-30T15:31:14Z",
+  "aliases": [
+    "CVE-2026-1683"
+  ],
+  "details": "A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. To fix this issue, it is recommended to deploy a patch.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1683"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/free5gc/free5gc/issues/804"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/free5gc/free5gc/issues/804#issue-3816086696"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/free5gc/smf/pull/188"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.343476"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.343476"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.739653"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.739654"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-404"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T14:16:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-hc69-r6rr-hmxf/GHSA-hc69-r6rr-hmxf.json b/advisories/unreviewed/2026/01/GHSA-hc69-r6rr-hmxf/GHSA-hc69-r6rr-hmxf.json
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hc69-r6rr-hmxf",
+  "modified": "2026-01-30T15:31:14Z",
+  "published": "2026-01-30T15:31:14Z",
+  "aliases": [
+    "CVE-2026-1682"
+  ],
+  "details": "A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been published and may be used. A patch should be applied to remediate this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1682"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/free5gc/free5gc/issues/794"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/free5gc/free5gc/issues/794#issue-3811888505"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/free5gc/free5gc/issues/794#issuecomment-3761063382"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/free5gc/smf/pull/188"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.343475"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.343475"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.739508"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-404"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-30T14:16:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-qqgm-c595-2xpg/GHSA-qqgm-c595-2xpg.json b/advisories/unreviewed/2026/01/GHSA-qqgm-c595-2xpg/GHSA-qqgm-c595-2xpg.json
diff --git a/advisories/unreviewed/2026/01/GHSA-rv8x-5qhg-m8hq/GHSA-rv8x-5qhg-m8hq.json b/advisories/unreviewed/2026/01/GHSA-rv8x-5qhg-m8hq/GHSA-rv8x-5qhg-m8hq.json
