Publish Advisories

GHSA-9mrx-mqmg-gwj9
GHSA-2p5v-p767-wqv5
GHSA-frh9-7wfp-w73p
GHSA-cm99-m826-vgg7
GHSA-j666-j6hj-fpc7
GHSA-xxmc-fm3p-q3x8
GHSA-3h63-fx68-x5fm
GHSA-c33v-7hr2-gw69
GHSA-fqhc-8hwj-969h
GHSA-gh28-ww79-7h4v
GHSA-mx57-4jmx-5cvf
GHSA-qj4w-p892-c352
GHSA-r396-2q2c-pjhr
GHSA-r83p-32gc-q9c8
GHSA-vv9w-vff6-5rx9
GHSA-vwxw-q9j2-rh5v
GHSA-wxv8-w48j-r2f4
GHSA-x3qr-8f53-fg74

Author: advisory-database[bot]

advisories/unreviewed/2025/09/GHSA-9mrx-mqmg-gwj9/GHSA-9mrx-mqmg-gwj9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9mrx-mqmg-gwj9",
-  "modified": "2025-11-05T00:31:28Z",
+  "modified": "2026-05-12T00:31:13Z",
   "published": "2025-09-30T15:30:30Z",
   "aliases": [
     "CVE-2025-9231"
@@ -42,6 +42,10 @@
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2025/09/30/5"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/05/11/11"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/12/GHSA-2p5v-p767-wqv5/GHSA-2p5v-p767-wqv5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2p5v-p767-wqv5",
-  "modified": "2026-05-11T18:31:34Z",
+  "modified": "2026-05-12T00:31:14Z",
   "published": "2025-12-11T09:31:25Z",
   "aliases": [
     "CVE-2025-14512"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:15953"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:15969"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:15971"

advisories/unreviewed/2025/12/GHSA-frh9-7wfp-w73p/GHSA-frh9-7wfp-w73p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-frh9-7wfp-w73p",
-  "modified": "2026-05-11T18:31:34Z",
+  "modified": "2026-05-12T00:31:13Z",
   "published": "2025-12-10T09:30:25Z",
   "aliases": [
     "CVE-2025-14087"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:15953"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:15969"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:15971"

advisories/unreviewed/2026/03/GHSA-cm99-m826-vgg7/GHSA-cm99-m826-vgg7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cm99-m826-vgg7",
-  "modified": "2026-05-08T00:31:32Z",
+  "modified": "2026-05-12T00:31:14Z",
   "published": "2026-03-24T15:30:29Z",
   "aliases": [
     "CVE-2026-4775"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:14929"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:16055"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-4775"

advisories/unreviewed/2026/03/GHSA-j666-j6hj-fpc7/GHSA-j666-j6hj-fpc7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j666-j6hj-fpc7",
-  "modified": "2026-05-06T18:30:24Z",
+  "modified": "2026-05-12T00:31:14Z",
   "published": "2026-03-30T09:31:28Z",
   "aliases": [
     "CVE-2026-5119"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:14087"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:15968"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-5119"

advisories/unreviewed/2026/03/GHSA-xxmc-fm3p-q3x8/GHSA-xxmc-fm3p-q3x8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xxmc-fm3p-q3x8",
-  "modified": "2026-03-17T12:30:20Z",
+  "modified": "2026-05-12T00:31:14Z",
   "published": "2026-03-17T12:30:20Z",
   "aliases": [
     "CVE-2026-4271"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4271"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:15968"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-4271"

advisories/unreviewed/2026/05/GHSA-3h63-fx68-x5fm/GHSA-3h63-fx68-x5fm.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3h63-fx68-x5fm",
+  "modified": "2026-05-12T00:31:16Z",
+  "published": "2026-05-12T00:31:16Z",
+  "aliases": [
+    "CVE-2026-8349"
+  ],
+  "details": "A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8349"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/omec-project/amf/issues/672"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/omec-project/amf/pull/666"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/omec-project/amf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hub.docker.com/layers/omecproject/5gc-amf/rel-2.2.1/images/sha256-8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/811475"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/362663"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/362663/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-12T00:17:03Z"
+  }
+}

advisories/unreviewed/2026/05/GHSA-c33v-7hr2-gw69/GHSA-c33v-7hr2-gw69.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c33v-7hr2-gw69",
+  "modified": "2026-05-12T00:31:16Z",
+  "published": "2026-05-12T00:31:16Z",
+  "aliases": [
+    "CVE-2026-8345"
+  ],
+  "details": "A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8345"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lipenghai/iot_bug/blob/main/D-Link/DIR816/2.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/811379"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/362661"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/362661/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-11T23:20:22Z"
+  }
+}

advisories/unreviewed/2026/05/GHSA-fqhc-8hwj-969h/GHSA-fqhc-8hwj-969h.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fqhc-8hwj-969h",
+  "modified": "2026-05-12T00:31:15Z",
+  "published": "2026-05-12T00:31:14Z",
+  "aliases": [
+    "CVE-2026-34960"
+  ],
+  "details": "barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK packet without a proper 0xff end marker to cause the parser to read past valid packet data and potentially crash the system.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34960"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/barebox/barebox"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/barebox/barebox/releases/tag/v2026.04.0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/barebox-out-of-bounds-read-in-dhcp-option-parsing"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-11T22:22:10Z"
+  }
+}

advisories/unreviewed/2026/05/GHSA-gh28-ww79-7h4v/GHSA-gh28-ww79-7h4v.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gh28-ww79-7h4v",
+  "modified": "2026-05-12T00:31:15Z",
+  "published": "2026-05-12T00:31:15Z",
+  "aliases": [
+    "CVE-2026-34962"
+  ],
+  "details": "barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a crafted directory entry containing a direntlen value of 0 to cause an infinite loop during directory listing or path resolution, resulting in the boot process hanging indefinitely.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34962"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/barebox/barebox"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/barebox/barebox/releases/tag/v2026.04.0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/barebox-ext4-directory-parsing-infinite-loop-denial-of-service"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-835"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-11T23:19:47Z"
+  }
+}