Publish Advisories

GHSA-gf8v-vm5f-44rx
GHSA-m73g-4qvw-9rwm
GHSA-wvg5-rgq7-jf9c
GHSA-xcxj-mq5h-26p9

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-gf8v-vm5f-44rx/GHSA-gf8v-vm5f-44rx.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gf8v-vm5f-44rx",
+  "modified": "2026-03-28T18:30:19Z",
+  "published": "2026-03-28T18:30:19Z",
+  "aliases": [
+    "CVE-2026-5002"
+  ],
+  "details": "A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function _route_using_overviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5002"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/August829/CVEP/issues/9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/779122"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353889"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353889/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T17:16:45Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-m73g-4qvw-9rwm/GHSA-m73g-4qvw-9rwm.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m73g-4qvw-9rwm",
+  "modified": "2026-03-28T18:30:19Z",
+  "published": "2026-03-28T18:30:19Z",
+  "aliases": [
+    "CVE-2026-5001"
+  ],
+  "details": "A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function do_POST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5001"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/August829/CVEP/issues/7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/778316"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353888"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353888/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T16:15:58Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-wvg5-rgq7-jf9c/GHSA-wvg5-rgq7-jf9c.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wvg5-rgq7-jf9c",
+  "modified": "2026-03-28T18:30:19Z",
+  "published": "2026-03-28T18:30:19Z",
+  "aliases": [
+    "CVE-2026-5003"
+  ],
+  "details": "A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This affects the function handle_index of the file rag_system/api_server.py of the component Web Interface. Performing a manipulation results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5003"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/August829/CVEP/issues/10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/779148"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353890"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353890/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T18:15:57Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-xcxj-mq5h-26p9/GHSA-xcxj-mq5h-26p9.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xcxj-mq5h-26p9",
+  "modified": "2026-03-28T18:30:19Z",
+  "published": "2026-03-28T18:30:19Z",
+  "aliases": [
+    "CVE-2026-5004"
+  ],
+  "details": "A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5004"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_200/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/779149"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353891"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/353891/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-28T18:15:57Z"
+  }
+}