Skip to content

Commit 6a89c8f

Browse files
aboutcode-automationaboutcode-automation
committed
Sync EUVD catalog: Fri Apr 10 00:36:28 UTC 2026
Signed-off-by: AboutCode Automation <automation@aboutcode.org>
1 parent bd2e501 commit 6a89c8f

368 files changed

Lines changed: 10955 additions & 371 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

advisories/2026/04/EUVD-2023-60549.json

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"id": "EUVD-2023-60549",
3+
"enisaUuid": "352b1acc-12e3-31c0-82f2-75ca4fa39578",
4+
"description": "WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at the /mobile-app/v3/ endpoint to execute arbitrary code in victims' browsers and steal session tokens or credentials.",
5+
"datePublished": "Apr 9, 2026, 9:31:30 PM",
6+
"dateUpdated": "Apr 9, 2026, 9:31:30 PM",
7+
"baseScore": 5.1,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
10+
"references": "https://www.exploit-db.com/exploits/51663\nhttps://www.adivaha.com/\nhttps://wordpress.org/plugins/adiaha-hotel/\nhttps://www.vulncheck.com/advisories/wordpress-adivaha-travel-plugin-reflected-xss-via-ismobile\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54358\n",
11+
"aliases": "GHSA-46qr-c6wf-gmhj\nCVE-2023-54358\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "f45b9ab5-4355-3df4-8b84-843fa0236ba4",
17+
"product": {
18+
"name": "WordPress adivaha Travel Plugin"
19+
},
20+
"product_version": "2.3"
21+
}
22+
],
23+
"enisaIdVendor": [
24+
{
25+
"id": "ca75f980-906e-3d14-9ffe-cf174c2bac80",
26+
"vendor": {
27+
"name": "Adivaha"
28+
}
29+
}
30+
]
31+
}

advisories/2026/04/EUVD-2023-60550.json

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"id": "EUVD-2023-60550",
3+
"enisaUuid": "381a3eef-7647-3300-91ea-aba052cbb951",
4+
"description": "WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid' values using XOR-based payloads to extract sensitive database information or cause denial of service.",
5+
"datePublished": "Apr 9, 2026, 9:31:30 PM",
6+
"dateUpdated": "Apr 9, 2026, 9:31:30 PM",
7+
"baseScore": 8.8,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
10+
"references": "https://www.exploit-db.com/exploits/51655\nhttps://www.adivaha.com/\nhttps://wordpress.org/plugins/adiaha-hotel/\nhttps://www.vulncheck.com/advisories/wordpress-adivaha-travel-plugin-sql-injection-via-pid\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54359\n",
11+
"aliases": "CVE-2023-54359\nGHSA-4hfq-67c2-xq9j\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "d45aedf4-b005-3c29-9688-2f58ee92e712",
17+
"product": {
18+
"name": "WordPress adivaha Travel Plugin"
19+
},
20+
"product_version": "2.3"
21+
}
22+
],
23+
"enisaIdVendor": [
24+
{
25+
"id": "c81ad970-fcf8-336c-81b0-42d064521316",
26+
"vendor": {
27+
"name": "Adivaha"
28+
}
29+
}
30+
]
31+
}

advisories/2026/04/EUVD-2023-60552.json

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"id": "EUVD-2023-60552",
3+
"enisaUuid": "6fcf1c21-25c2-3e2b-900e-f11277c339cb",
4+
"description": "Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabling session hijacking or credential theft.",
5+
"datePublished": "Apr 9, 2026, 9:31:30 PM",
6+
"dateUpdated": "Apr 9, 2026, 9:31:30 PM",
7+
"baseScore": 5.1,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
10+
"references": "https://www.exploit-db.com/exploits/51645\nhttps://jlexart.com/\nhttps://extensions.joomla.org/extension/jlex-review/\nhttps://www.vulncheck.com/advisories/joomla-jlex-review-reflected-xss-via-review-id-parameter\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54360\n",
11+
"aliases": "GHSA-9g66-6jg8-w8jc\nCVE-2023-54360\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "a8742107-67df-3bd5-be71-d9afbc552eec",
17+
"product": {
18+
"name": "Joomla JLex Review"
19+
},
20+
"product_version": "6.0.1"
21+
}
22+
],
23+
"enisaIdVendor": [
24+
{
25+
"id": "6329de57-5857-3ecd-bf41-b40eb8c17572",
26+
"vendor": {
27+
"name": "jlexart"
28+
}
29+
}
30+
]
31+
}

advisories/2026/04/EUVD-2023-60554.json

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"id": "EUVD-2023-60554",
3+
"enisaUuid": "96468547-eaaa-3296-8bcb-0448aecc004e",
4+
"description": "Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter_keyword GET parameter of the all-properties-with-map endpoint to execute arbitrary code in victim browsers and steal session tokens or credentials.",
5+
"datePublished": "Apr 9, 2026, 9:31:30 PM",
6+
"dateUpdated": "Apr 9, 2026, 9:31:30 PM",
7+
"baseScore": 5.1,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
10+
"references": "https://www.exploit-db.com/exploits/51640\nhttp://thethinkery.net\nhttps://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/\nhttps://www.vulncheck.com/advisories/joomla-iproperty-real-estate-reflected-xss-via-filter-keyword\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54361\n",
11+
"aliases": "GHSA-xmgp-65vp-rxq2\nCVE-2023-54361\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "45dcdda6-688e-3e91-8e4c-f8cee089dac9",
17+
"product": {
18+
"name": "Joomla iProperty Real Estate"
19+
},
20+
"product_version": "4.1.1"
21+
}
22+
],
23+
"enisaIdVendor": [
24+
{
25+
"id": "12a4b404-babc-36f0-8d38-6e0822d5fa08",
26+
"vendor": {
27+
"name": "Thethinkery"
28+
}
29+
}
30+
]
31+
}

advisories/2026/04/EUVD-2023-60557.json

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
{
2+
"id": "EUVD-2023-60557",
3+
"enisaUuid": "71d635ee-9249-36cd-b4c1-55eac78a521e",
4+
"description": "Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants endpoint to execute arbitrary JavaScript in victim browsers and steal session tokens or credentials.",
5+
"datePublished": "Apr 9, 2026, 9:31:30 PM",
6+
"dateUpdated": "Apr 9, 2026, 9:31:30 PM",
7+
"baseScore": 5.1,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
10+
"references": "https://www.exploit-db.com/exploits/51631\nhttps://www.virtuemart.net/\nhttps://demo.virtuemart.net/\nhttps://www.vulncheck.com/advisories/joomla-virtuemart-shopping-cart-reflected-xss-via-keyword\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54362\n",
11+
"aliases": "CVE-2023-54362\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [],
15+
"enisaIdVendor": [
16+
{
17+
"id": "8fa1b094-b591-3ec5-9512-f67de4debe0f",
18+
"vendor": {
19+
"name": "VirtueMart"
20+
}
21+
}
22+
]
23+
}

advisories/2026/04/EUVD-2023-60559.json

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
{
2+
"id": "EUVD-2023-60559",
3+
"enisaUuid": "9e5914fc-de48-3c02-a996-211dedceda81",
4+
"description": "Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemid. Attackers can craft malicious URLs containing JavaScript payloads in these parameters to steal session tokens, login credentials, or manipulate site content when victims visit the crafted links.",
5+
"datePublished": "Apr 9, 2026, 9:31:30 PM",
6+
"dateUpdated": "Apr 9, 2026, 9:31:30 PM",
7+
"baseScore": 5.1,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
10+
"references": "https://www.exploit-db.com/exploits/51638\nhttp://solidres.com/\nhttps://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/\nhttps://www.vulncheck.com/advisories/joomla-solidres-reflected-xss-via-multiple-parameters\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54363\n",
11+
"aliases": "CVE-2023-54363\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [],
15+
"enisaIdVendor": [
16+
{
17+
"id": "b69b2f74-6cac-3856-a249-bf2874f9a93f",
18+
"vendor": {
19+
"name": "solidres"
20+
}
21+
}
22+
]
23+
}

advisories/2026/04/EUVD-2023-60560.json

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"id": "EUVD-2023-60560",
3+
"enisaUuid": "cc9f83b6-07fd-31d5-b05d-2cc3e305b9c6",
4+
"description": "Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_option, from_ctrl, from_task, or from_itemid parameters to steal session tokens or login credentials when victims visit the link.",
5+
"datePublished": "Apr 9, 2026, 9:31:31 PM",
6+
"dateUpdated": "Apr 9, 2026, 9:31:31 PM",
7+
"baseScore": 5.1,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
10+
"references": "https://www.exploit-db.com/exploits/51629\nhttps://www.hikashop.com/\nhttps://demo.hikashop.com/index.php/en/\nhttps://www.vulncheck.com/advisories/joomla-hikashop-reflected-xss-via-product-filter\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54364\n",
11+
"aliases": "GHSA-3xvv-wvr8-288m\nCVE-2023-54364\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "69dd1d4b-5f9c-3445-b3f2-2608f4fabfee",
17+
"product": {
18+
"name": "Joomla HikaShop"
19+
},
20+
"product_version": "4.7.4"
21+
}
22+
],
23+
"enisaIdVendor": [
24+
{
25+
"id": "316925ae-73ca-390b-b349-2e3df7d40529",
26+
"vendor": {
27+
"name": "Hikashop"
28+
}
29+
}
30+
]
31+
}

advisories/2026/04/EUVD-2024-17238.json

Lines changed: 115 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,115 @@
1+
{
2+
"id": "EUVD-2024-17238",
3+
"enisaUuid": "eba6da46-7b15-3629-b3a2-4a3da1931140",
4+
"description": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.",
5+
"datePublished": "Apr 9, 2026, 12:31:11 PM",
6+
"dateUpdated": "Apr 9, 2026, 12:31:11 PM",
7+
"baseScore": 7.2,
8+
"baseScoreVersion": "3.1",
9+
"baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
10+
"references": "https://certvde.com/de/advisories/VDE-2024-008\nhttps://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1490\n",
11+
"aliases": "CVE-2024-1490\nGHSA-4p2f-67g5-7xhf\n",
12+
"assigner": "CERTVDE",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "142b6f31-18e9-3405-b320-ccadc606b981",
17+
"product": {
18+
"name": "TP600 (0762-630x-8000-000x)"
19+
},
20+
"product_version": "0.0.0 \u22644.5.10"
21+
},
22+
{
23+
"id": "16e6d672-19a0-3787-960d-009ea67121a5",
24+
"product": {
25+
"name": "TP600 (0762-430x-8000-000x)"
26+
},
27+
"product_version": "0.0.0 \u22644.5.10"
28+
},
29+
{
30+
"id": "4a25dc45-1fc2-34e1-89a4-2f94d502393a",
31+
"product": {
32+
"name": "TP600 (0762-420x-8000-000x)"
33+
},
34+
"product_version": "0.0.0 \u2264FW 26"
35+
},
36+
{
37+
"id": "6531106e-0795-3c45-a572-96d0da08cb3f",
38+
"product": {
39+
"name": "WP400 (0762-340x)"
40+
},
41+
"product_version": "0.0.0 \u22644.5.10"
42+
},
43+
{
44+
"id": "66184130-4e65-3811-a0ba-72e26f4f2b57",
45+
"product": {
46+
"name": "TP600 (0762-520x-8000-000x)"
47+
},
48+
"product_version": "0.0.0 \u22644.5.10"
49+
},
50+
{
51+
"id": "79d7effc-9b3b-3082-bcea-1a3c45f4c500",
52+
"product": {
53+
"name": "CC100 (0751-9x01)"
54+
},
55+
"product_version": "0.0.0 \u22644.5.10"
56+
},
57+
{
58+
"id": "87c1b81c-6803-3bd8-ace3-d8ef207dfe4a",
59+
"product": {
60+
"name": "Edge Controller (0752-8303-8000-0002)"
61+
},
62+
"product_version": "0.0.0 \u22644.5.10"
63+
},
64+
{
65+
"id": "8aa7373a-466b-3489-981a-0d58c2f1a115",
66+
"product": {
67+
"name": "PFC100 G2 (0750-811x-xxxx-xxxx)"
68+
},
69+
"product_version": "0.0.0 \u22644.5.10"
70+
},
71+
{
72+
"id": "9b37f337-503e-3ea6-aa25-cd20c77b0095",
73+
"product": {
74+
"name": "TP600 (0762-620x-8000-000x)"
75+
},
76+
"product_version": "0.0.0"
77+
},
78+
{
79+
"id": "b6fd8db2-f20f-3383-bc5d-aa532c13a8a2",
80+
"product": {
81+
"name": "PFC200 G2 (750-821x-xxxx-xxxx)"
82+
},
83+
"product_version": "0.0.0 \u22644.5.10"
84+
},
85+
{
86+
"id": "c24c1485-4129-36a5-a6ca-3bb32938631f",
87+
"product": {
88+
"name": "PFC200 G1 (750-820x-xxxx-xxxx)"
89+
},
90+
"product_version": "0.0.0 \u22643.10.10"
91+
},
92+
{
93+
"id": "c4e446d2-87e5-3304-8603-3ac81ac8e8f8",
94+
"product": {
95+
"name": "PFC100 G1 (0750-810-xxxx-xxxx)"
96+
},
97+
"product_version": "0.0.0 \u22643.10.10"
98+
},
99+
{
100+
"id": "db3b0b99-881f-37ea-9cc9-6ce75b5b724d",
101+
"product": {
102+
"name": "TP600 (0762-530x-8000-000x)"
103+
},
104+
"product_version": "0.0.0 \u22644.5.10"
105+
}
106+
],
107+
"enisaIdVendor": [
108+
{
109+
"id": "631c7e09-c02e-322b-82c9-9f082a8627ef",
110+
"vendor": {
111+
"name": "WAGO"
112+
}
113+
}
114+
]
115+
}

advisories/2026/04/EUVD-2025-209365.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,13 @@
22
"id": "EUVD-2025-209365",
33
"enisaUuid": "0be3a5c5-4b9e-3820-b10e-4843581136d8",
44
"description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.",
5-
"datePublished": "Apr 8, 2026, 10:26:42 PM",
6-
"dateUpdated": "Apr 8, 2026, 10:26:42 PM",
5+
"datePublished": "Apr 9, 2026, 12:32:01 AM",
6+
"dateUpdated": "Apr 9, 2026, 12:32:01 AM",
77
"baseScore": 7.5,
88
"baseScoreVersion": "3.1",
99
"baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
10-
"references": "https://hackerone.com/reports/3377091\nhttps://gitlab.com/gitlab-org/gitlab/-/work_items/579376\nhttps://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/\n",
11-
"aliases": "CVE-2025-12664\n",
10+
"references": "https://hackerone.com/reports/3377091\nhttps://gitlab.com/gitlab-org/gitlab/-/work_items/579376\nhttps://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-12664\n",
11+
"aliases": "GHSA-vjff-3wcf-gwp3\nCVE-2025-12664\n",
1212
"assigner": "GitLab",
1313
"epss": 0.0,
1414
"enisaIdProduct": [

advisories/2026/04/EUVD-2025-209367.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,13 @@
22
"id": "EUVD-2025-209367",
33
"enisaUuid": "dfce18fb-878c-3278-9bfe-ae17b547aaea",
44
"description": "GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries.",
5-
"datePublished": "Apr 8, 2026, 10:27:17 PM",
6-
"dateUpdated": "Apr 8, 2026, 10:27:17 PM",
5+
"datePublished": "Apr 9, 2026, 12:32:01 AM",
6+
"dateUpdated": "Apr 9, 2026, 12:32:01 AM",
77
"baseScore": 4.3,
88
"baseScoreVersion": "3.1",
99
"baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
10-
"references": "https://gitlab.com/gitlab-org/gitlab/-/issues/565363\nhttps://hackerone.com/reports/3303810\nhttps://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/\n",
11-
"aliases": "CVE-2025-9484\n",
10+
"references": "https://gitlab.com/gitlab-org/gitlab/-/issues/565363\nhttps://hackerone.com/reports/3303810\nhttps://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-9484\n",
11+
"aliases": "GHSA-m3c6-4xg4-583x\nCVE-2025-9484\n",
1212
"assigner": "GitLab",
1313
"epss": 0.0,
1414
"enisaIdProduct": [

0 commit comments

Comments
 (0)