Publish Advisories

GHSA-33v8-g7j5-qg76
GHSA-3vp9-wjw8-vgmx
GHSA-44f4-gvwj-6qg3
GHSA-6p45-jv22-32gp
GHSA-6wvc-gg7r-g28h
GHSA-7cj7-rcw6-p68v
GHSA-fgh4-4rfj-927q
GHSA-fvh3-672c-7p6c
GHSA-h3gg-7vcj-v4m8
GHSA-mhrg-94vw-45c5
GHSA-mxjh-5564-f256
GHSA-pvrh-63rh-cj2q
GHSA-vgx8-59x9-v7v9
GHSA-vxrf-632h-2jj6
GHSA-x9gr-c22h-6mqf

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-33v8-g7j5-qg76/GHSA-33v8-g7j5-qg76.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-33v8-g7j5-qg76",
+  "modified": "2026-03-27T06:31:43Z",
+  "published": "2026-03-27T06:31:43Z",
+  "aliases": [
+    "CVE-2026-27650"
+  ],
+  "details": "OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27650"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN83788689"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.buffalo.jp/news/detail/20260323-01.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T06:16:38Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3vp9-wjw8-vgmx/GHSA-3vp9-wjw8-vgmx.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3vp9-wjw8-vgmx",
+  "modified": "2026-03-27T06:31:43Z",
+  "published": "2026-03-27T06:31:43Z",
+  "aliases": [
+    "CVE-2026-33280"
+  ],
+  "details": "Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33280"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN83788689"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.buffalo.jp/news/detail/20260323-01.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-912"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T06:16:38Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-44f4-gvwj-6qg3/GHSA-44f4-gvwj-6qg3.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-44f4-gvwj-6qg3",
+  "modified": "2026-03-27T06:31:43Z",
+  "published": "2026-03-27T06:31:43Z",
+  "aliases": [
+    "CVE-2026-22744"
+  ],
+  "details": "In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22744"
+    },
+    {
+      "type": "WEB",
+      "url": "https://spring.io/security/cve-2026-22744"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T06:16:38Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6p45-jv22-32gp/GHSA-6p45-jv22-32gp.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6p45-jv22-32gp",
+  "modified": "2026-03-27T06:31:43Z",
+  "published": "2026-03-27T06:31:43Z",
+  "aliases": [
+    "CVE-2026-34353"
+  ],
+  "details": "In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34353"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ocaml/ocaml/issues/14655"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ocaml/ocaml/pull/14674"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-190"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T06:16:39Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6wvc-gg7r-g28h/GHSA-6wvc-gg7r-g28h.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6wvc-gg7r-g28h",
+  "modified": "2026-03-27T06:31:42Z",
+  "published": "2026-03-27T06:31:42Z",
+  "aliases": [
+    "CVE-2024-14028"
+  ],
+  "details": "Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.\nThis issue affects:\nsmartLink HW-DP: through 1.31\nsmartLink HW-PN: before 1.02.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-14028"
+    },
+    {
+      "type": "WEB",
+      "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.json"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T06:16:35Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-7cj7-rcw6-p68v/GHSA-7cj7-rcw6-p68v.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7cj7-rcw6-p68v",
+  "modified": "2026-03-27T06:31:43Z",
+  "published": "2026-03-27T06:31:43Z",
+  "aliases": [
+    "CVE-2026-22743"
+  ],
+  "details": "Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey() embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22743"
+    },
+    {
+      "type": "WEB",
+      "url": "https://spring.io/security/cve-2026-22743"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T06:16:37Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-fgh4-4rfj-927q/GHSA-fgh4-4rfj-927q.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fgh4-4rfj-927q",
+  "modified": "2026-03-27T06:31:43Z",
+  "published": "2026-03-27T06:31:43Z",
+  "aliases": [
+    "CVE-2026-33559"
+  ],
+  "details": "WordPress Plugin \"OpenStreetMap\" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user accesses this page, the script may be executed in the user's web browser.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33559"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN48058823"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/osm"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T06:16:39Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-fvh3-672c-7p6c/GHSA-fvh3-672c-7p6c.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fvh3-672c-7p6c",
+  "modified": "2026-03-27T06:31:42Z",
+  "published": "2026-03-27T06:31:42Z",
+  "aliases": [
+    "CVE-2026-22738"
+  ],
+  "details": "In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected.\nThis issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22738"
+    },
+    {
+      "type": "WEB",
+      "url": "https://spring.io/security/cve-2026-22738"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T06:16:37Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-h3gg-7vcj-v4m8/GHSA-h3gg-7vcj-v4m8.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h3gg-7vcj-v4m8",
+  "modified": "2026-03-27T06:31:43Z",
+  "published": "2026-03-27T06:31:43Z",
+  "aliases": [
+    "CVE-2026-33366"
+  ],
+  "details": "Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33366"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN83788689"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.buffalo.jp/news/detail/20260323-01.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T06:16:38Z"
+  }
+}