Sync EUVD catalog: Wed Apr 8 00:37:25 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2026/04/EUVD-2021-34776.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2021-34776",
+  "enisaUuid": "73a49abf-8a79-326d-82fc-85dd289644be",
+  "description": "Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers can exploit this vulnerability to write malicious PHP files into the web root and achieve remote code execution with the privileges of the web server process. This vulnerability has been fixed in version NACFirmware_4.0.0.7_20210716.180815_topsec_0_basic.bin. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-01 (UTC).",
+  "datePublished": "Apr 7, 2026, 3:30:48 PM",
+  "dateUpdated": "Apr 7, 2026, 3:30:49 PM",
+  "baseScore": 9.3,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-41972\nhttps://www.cnvd.org.cn/patchInfo/show/280166\nhttps://cn-sec.com/archives/4631959.html\nhttps://avd.aliyun.com/detail?id=AVD-2021-890232\nhttps://www.vulncheck.com/advisories/tianxin-internet-behavior-management-system-command-injection-via-toquery-php\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4473\n",
+  "aliases": "CVE-2021-4473\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "6a9c6d96-3855-3c1c-bc66-c708694b9f2c",
+      "product": {
+        "name": "Tianxin Internet Behavior Management System"
+      },
+      "product_version": "0 <4.0.0.7_20210716.180815"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "8337f30a-a49b-3809-a4c5-e367bb7daceb",
+      "vendor": {
+        "name": "Beijing Topsec Network Security Technology Co., Ltd."
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2024-55537.json

@@ -0,0 +1,29 @@
+{
+  "id": "EUVD-2024-55537",
+  "enisaUuid": "9267848f-b893-39ed-a4b1-438f3d81e61d",
+  "description": "Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line \"qx/unzip $filename -d $dirname/;\" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by an attacker and is directly included in a system command, i.e., an attack can occur via malicious filenames after uploading a .zip file and clicking Process Images.",
+  "datePublished": "Apr 7, 2026, 6:31:35 PM",
+  "dateUpdated": "Apr 7, 2026, 6:31:35 PM",
+  "baseScore": 0.0,
+  "references": "https://gitlab.com/koha-community/Koha/-/blob/23.05.x/misc/release_notes/release_notes_23_05_10.md\nhttps://gitlab.com/koha-community/Koha/-/blob/23.05.x/misc/release_notes/release_notes_23_05_11.md\nhttps://github.com/hacklantic/Research/tree/main/CVE-2024-36057\nhttps://koha-community.org/koha-22-05-22-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36057\n",
+  "aliases": "CVE-2024-36057\nGHSA-j75v-99xr-7x47\n",
+  "assigner": "mitre",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "4d0d59cf-abe9-378a-a261-fdef4f94be82",
+      "product": {
+        "name": "n/a"
+      },
+      "product_version": "n/a"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "46ecb5ea-a982-3875-8333-45f5d95a7473",
+      "vendor": {
+        "name": "n/a"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2024-55539.json

@@ -0,0 +1,29 @@
+{
+  "id": "EUVD-2024-55539",
+  "enisaUuid": "64a56256-3aac-3523-87c1-f090be5805c0",
+  "description": "The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database.",
+  "datePublished": "Apr 7, 2026, 6:31:37 PM",
+  "dateUpdated": "Apr 7, 2026, 6:31:37 PM",
+  "baseScore": 0.0,
+  "references": "https://gitlab.com/koha-community/Koha/-/blob/23.05.x/misc/release_notes/release_notes_23_05_10.md\nhttps://gitlab.com/koha-community/Koha/-/blob/23.05.x/misc/release_notes/release_notes_23_05_11.md\nhttps://koha-community.org/koha-22-05-22-released/\nhttps://github.com/hacklantic/Research/tree/main/CVE-2024-36058\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36058\n",
+  "aliases": "GHSA-62mc-fgr6-xcww\nCVE-2024-36058\n",
+  "assigner": "mitre",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "c9b5e7d6-a527-34c3-b560-67313cdc82ba",
+      "product": {
+        "name": "n/a"
+      },
+      "product_version": "n/a"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "e0ac09d8-77c5-3d66-a0c4-3bb02575a0ca",
+      "vendor": {
+        "name": "n/a"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209253.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2025-209253",
+  "enisaUuid": "1ef2b3df-52b6-321f-b644-a5116deca375",
+  "description": "IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.",
+  "datePublished": "Apr 7, 2026, 3:30:24 AM",
+  "dateUpdated": "Apr 7, 2026, 3:30:24 AM",
+  "baseScore": 6.2,
+  "baseScoreVersion": "3.1",
+  "baseScoreVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+  "references": "https://www.ibm.com/support/pages/node/7268620\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13044\n",
+  "aliases": "GHSA-32vv-mwc8-ch6p\nCVE-2025-13044\n",
+  "assigner": "ibm",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "df058e40-4739-38cd-8dd5-81308b41e886",
+      "product": {
+        "name": "Concert"
+      },
+      "product_version": "1.0.0 \u22642.2.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "5a1d41c9-1fdb-3402-8c05-f0cb559c1815",
+      "vendor": {
+        "name": "IBM"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209255.json

@@ -0,0 +1,136 @@
+{
+  "id": "EUVD-2025-209255",
+  "enisaUuid": "589623fe-828b-3034-b2f5-deab9e56d41d",
+  "description": "Remote Code Execution Vulnerability\u00a0in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.",
+  "datePublished": "Apr 7, 2026, 6:30:27 AM",
+  "dateUpdated": "Apr 7, 2026, 6:30:27 AM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "3.1",
+  "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+  "references": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-65115\n",
+  "aliases": "CVE-2025-65115\nGHSA-h2gf-w3wm-8xqj\n",
+  "assigner": "Hitachi",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "0754bb16-2e61-3d68-b69f-0856a3831b41",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Manager"
+      },
+      "product_version": "13-10 <13-10-07"
+    },
+    {
+      "id": "255d0fa4-b726-3bac-a757-5491e2c15897",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Operations Director"
+      },
+      "product_version": "13-01 <13-01-07"
+    },
+    {
+      "id": "46522042-521c-35f8-a8e8-4436c88bdc34",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Operations Director"
+      },
+      "product_version": "12-60 <12-60-12"
+    },
+    {
+      "id": "52668f2f-1c61-3260-a228-e139aab351d0",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Manager"
+      },
+      "product_version": "10-50 \u226412-50-11"
+    },
+    {
+      "id": "71650b11-9186-391c-ad8c-12d1bb001d61",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Operations Director"
+      },
+      "product_version": "13-00 <13-00-05"
+    },
+    {
+      "id": "7b233b28-3568-396d-8cac-8e94183ee4b1",
+      "product": {
+        "name": "Job Management Partner 1/IT Desktop Management 2 - Manager"
+      },
+      "product_version": "10-50 \u226410-50-11"
+    },
+    {
+      "id": "81cced40-02e7-334f-8355-22fb3d1a7299",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Operations Director"
+      },
+      "product_version": "13-10 <13-10-07"
+    },
+    {
+      "id": "88af3753-eb6f-39b8-8d29-f1c910746413",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Operations Director"
+      },
+      "product_version": "10-50 \u226412-50-11"
+    },
+    {
+      "id": "a1f50151-40b1-3583-bc13-83bcc6e8833c",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Manager"
+      },
+      "product_version": "13-01 <13-01-07"
+    },
+    {
+      "id": "af41de6b-dee4-3712-9492-ff31a4cc96bb",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Operations Director"
+      },
+      "product_version": "13-50 <13-50-02"
+    },
+    {
+      "id": "b9e558a7-05c3-3892-9236-8c1bc09c3c94",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Manager"
+      },
+      "product_version": "13-11 <13-11-04"
+    },
+    {
+      "id": "c0a214c4-44ef-3b41-8230-a42c3dc502d2",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Manager"
+      },
+      "product_version": "13-00 <13-00-05"
+    },
+    {
+      "id": "c372bd2f-b09a-3b94-b075-95c5fb61fdc7",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Manager"
+      },
+      "product_version": "12-60 <12-60-12"
+    },
+    {
+      "id": "c6adfda4-af9a-39a0-88f5-eebe1a8fca87",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Operations Director"
+      },
+      "product_version": "13-11 <13-11-04"
+    },
+    {
+      "id": "f0246181-b08b-3e13-adb5-e7dc28de4d37",
+      "product": {
+        "name": "JP1/IT Desktop Management 2 - Manager"
+      },
+      "product_version": "13-50 <13-50-02"
+    },
+    {
+      "id": "f669d6a5-0129-3f53-b4f6-cda8f78aa179",
+      "product": {
+        "name": "JP1/IT Desktop Management - Manager"
+      },
+      "product_version": "09-50 \u226410-10-16"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "3ffd3264-9716-3c1e-9941-4f1d942b434e",
+      "vendor": {
+        "name": "Hitachi"
+      }
+    }
+  ]
+}