Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit ef4ae7dadad7 · 2026-03-29T06:33:04.000Z
GHSA-57pm-w85h-x97q GHSA-88jg-87gj-m92c GHSA-8fgh-55xj-7pjm GHSA-f739-9xv4-c36c GHSA-vr29-pvvw-gw33
diff --git a/advisories/unreviewed/2026/03/GHSA-57pm-w85h-x97q/GHSA-57pm-w85h-x97q.json b/advisories/unreviewed/2026/03/GHSA-57pm-w85h-x97q/GHSA-57pm-w85h-x97q.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-57pm-w85h-x97q",
+  "modified": "2026-03-29T06:31:20Z",
+  "published": "2026-03-29T06:31:20Z",
+  "aliases": [
+    "CVE-2026-5033"
+  ],
+  "details": "A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5033"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xu-Zhihan/CVE/issues/6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/778589"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353959"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353959/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T06:16:11Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-88jg-87gj-m92c/GHSA-88jg-87gj-m92c.json b/advisories/unreviewed/2026/03/GHSA-88jg-87gj-m92c/GHSA-88jg-87gj-m92c.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-88jg-87gj-m92c",
+  "modified": "2026-03-29T06:31:20Z",
+  "published": "2026-03-29T06:31:20Z",
+  "aliases": [
+    "CVE-2026-5031"
+  ],
+  "details": "A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5031"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/4m3rr0r/PoCVulDb/issues/15"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/778530"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353953"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353953/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-99"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T05:15:55Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-8fgh-55xj-7pjm/GHSA-8fgh-55xj-7pjm.json b/advisories/unreviewed/2026/03/GHSA-8fgh-55xj-7pjm/GHSA-8fgh-55xj-7pjm.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8fgh-55xj-7pjm",
+  "modified": "2026-03-29T06:31:20Z",
+  "published": "2026-03-29T06:31:20Z",
+  "aliases": [
+    "CVE-2026-5030"
+  ],
+  "details": "A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5030"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-NR1800X-NTPSyncWithHost-32153a41781f8032afebc0802b704e9c?source=copy_link"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/778529"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353952"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353952/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.totolink.net"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T05:15:55Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-f739-9xv4-c36c/GHSA-f739-9xv4-c36c.json b/advisories/unreviewed/2026/03/GHSA-f739-9xv4-c36c/GHSA-f739-9xv4-c36c.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f739-9xv4-c36c",
+  "modified": "2026-03-29T06:31:20Z",
+  "published": "2026-03-29T06:31:20Z",
+  "aliases": [
+    "CVE-2026-5024"
+  ],
+  "details": "A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5024"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_30/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/778414"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353908"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353908/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T04:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-vr29-pvvw-gw33/GHSA-vr29-pvvw-gw33.json b/advisories/unreviewed/2026/03/GHSA-vr29-pvvw-gw33/GHSA-vr29-pvvw-gw33.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vr29-pvvw-gw33",
+  "modified": "2026-03-29T06:31:20Z",
+  "published": "2026-03-29T06:31:20Z",
+  "aliases": [
+    "CVE-2026-5034"
+  ],
+  "details": "A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation of the argument cos_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5034"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xu-Zhihan/CVE/issues/7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/778594"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353960"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353960/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T06:16:12Z"
+  }
+}
