Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 72ccd3c5845f · 2026-04-05T00:32:16.000Z
GHSA-6j5r-7fc4-q42h GHSA-pgjq-fxv2-9p7v GHSA-vv65-4hr2-j64c
diff --git a/advisories/unreviewed/2026/04/GHSA-6j5r-7fc4-q42h/GHSA-6j5r-7fc4-q42h.json b/advisories/unreviewed/2026/04/GHSA-6j5r-7fc4-q42h/GHSA-6j5r-7fc4-q42h.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6j5r-7fc4-q42h",
+  "modified": "2026-04-05T00:30:23Z",
+  "published": "2026-04-05T00:30:23Z",
+  "aliases": [
+    "CVE-2026-5526"
+  ],
+  "details": "A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5526"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/782052"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355279"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355279/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-04T23:16:44Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-pgjq-fxv2-9p7v/GHSA-pgjq-fxv2-9p7v.json b/advisories/unreviewed/2026/04/GHSA-pgjq-fxv2-9p7v/GHSA-pgjq-fxv2-9p7v.json
@@ -0,0 +1,50 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pgjq-fxv2-9p7v",
+  "modified": "2026-04-05T00:30:23Z",
+  "published": "2026-04-05T00:30:23Z",
+  "aliases": [
+    "CVE-2026-5527"
+  ],
+  "details": "A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key\n . It is possible to initiate the attack remotely.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5527"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/782053"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355280"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355280/cti"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-05T00:16:03Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-vv65-4hr2-j64c/GHSA-vv65-4hr2-j64c.json b/advisories/unreviewed/2026/04/GHSA-vv65-4hr2-j64c/GHSA-vv65-4hr2-j64c.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vv65-4hr2-j64c",
+  "modified": "2026-04-05T00:30:23Z",
+  "published": "2026-04-05T00:30:23Z",
+  "aliases": [
+    "CVE-2026-5528"
+  ],
+  "details": "A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5528"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/wing3e/public_exp/issues/23"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/782064"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355281"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/355281/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-05T00:16:04Z"
+  }
+}
