Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 88784d29cbf5 · 2026-04-06T03:32:32.000Z
GHSA-26hh-9qh7-grjv GHSA-7rxh-cwgm-8354 GHSA-8phh-65xx-646j GHSA-9pcp-3g8w-6g9h GHSA-jrwh-p54q-29xf GHSA-p486-6v3x-xw9f GHSA-r63g-w8j9-9fqc
diff --git a/advisories/unreviewed/2026/04/GHSA-26hh-9qh7-grjv/GHSA-26hh-9qh7-grjv.json b/advisories/unreviewed/2026/04/GHSA-26hh-9qh7-grjv/GHSA-26hh-9qh7-grjv.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-26hh-9qh7-grjv",
+  "modified": "2026-04-06T03:30:19Z",
+  "published": "2026-04-06T03:30:19Z",
+  "aliases": [
+    "CVE-2026-5609"
+  ],
+  "details": "A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5609"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vuldb_new/blob/main/i12/vul_107/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/785337"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355400"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355400/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T02:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-7rxh-cwgm-8354/GHSA-7rxh-cwgm-8354.json b/advisories/unreviewed/2026/04/GHSA-7rxh-cwgm-8354/GHSA-7rxh-cwgm-8354.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7rxh-cwgm-8354",
+  "modified": "2026-04-06T03:30:19Z",
+  "published": "2026-04-06T03:30:19Z",
+  "aliases": [
+    "CVE-2026-5611"
+  ],
+  "details": "A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5611"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vuldb_new/blob/main/Belkin%20F9K1015/vul_5/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/785538"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355402"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355402/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T03:16:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-8phh-65xx-646j/GHSA-8phh-65xx-646j.json b/advisories/unreviewed/2026/04/GHSA-8phh-65xx-646j/GHSA-8phh-65xx-646j.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8phh-65xx-646j",
+  "modified": "2026-04-06T03:30:19Z",
+  "published": "2026-04-06T03:30:19Z",
+  "aliases": [
+    "CVE-2026-5610"
+  ],
+  "details": "A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5610"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vuldb_new/blob/main/Belkin%20F9K1015/vul_3/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/785537"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355401"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355401/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T02:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-9pcp-3g8w-6g9h/GHSA-9pcp-3g8w-6g9h.json b/advisories/unreviewed/2026/04/GHSA-9pcp-3g8w-6g9h/GHSA-9pcp-3g8w-6g9h.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9pcp-3g8w-6g9h",
+  "modified": "2026-04-06T03:30:19Z",
+  "published": "2026-04-06T03:30:19Z",
+  "aliases": [
+    "CVE-2026-5612"
+  ],
+  "details": "A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5612"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vuldb_new/blob/main/Belkin%20F9K1015/vul_7/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/785551"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355403"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355403/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T03:16:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-jrwh-p54q-29xf/GHSA-jrwh-p54q-29xf.json b/advisories/unreviewed/2026/04/GHSA-jrwh-p54q-29xf/GHSA-jrwh-p54q-29xf.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jrwh-p54q-29xf",
+  "modified": "2026-04-06T03:30:18Z",
+  "published": "2026-04-06T03:30:18Z",
+  "aliases": [
+    "CVE-2026-5608"
+  ],
+  "details": "A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5608"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_80/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/785315"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355399"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355399/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T01:16:40Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-p486-6v3x-xw9f/GHSA-p486-6v3x-xw9f.json b/advisories/unreviewed/2026/04/GHSA-p486-6v3x-xw9f/GHSA-p486-6v3x-xw9f.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p486-6v3x-xw9f",
+  "modified": "2026-04-06T03:30:18Z",
+  "published": "2026-04-06T03:30:18Z",
+  "aliases": [
+    "CVE-2026-5607"
+  ],
+  "details": "A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5607"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/wing3e/public_exp/issues/25"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/785034"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355398"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355398/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T01:16:39Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-r63g-w8j9-9fqc/GHSA-r63g-w8j9-9fqc.json b/advisories/unreviewed/2026/04/GHSA-r63g-w8j9-9fqc/GHSA-r63g-w8j9-9fqc.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r63g-w8j9-9fqc",
+  "modified": "2026-04-06T03:30:20Z",
+  "published": "2026-04-06T03:30:20Z",
+  "aliases": [
+    "CVE-2026-5613"
+  ],
+  "details": "A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5613"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vuldb_new/blob/main/Belkin%20F9K1015/vul_10/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/785552"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355404"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355404/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-06T03:16:07Z"
+  }
+}
