Sync EUVD catalog: Sun Apr 5 00:37:42 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2026/04/EUVD-2015-9425.json

@@ -2,12 +2,12 @@
   "id": "EUVD-2015-9425",
   "enisaUuid": "12b0f05f-49cf-344a-9a1b-a69082df5955",
   "description": "Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.",
-  "datePublished": "Apr 3, 2026, 9:42:51 PM",
-  "dateUpdated": "Apr 3, 2026, 9:42:51 PM",
+  "datePublished": "Apr 4, 2026, 12:31:26 AM",
+  "dateUpdated": "Apr 4, 2026, 12:31:26 AM",
   "baseScore": 8.2,
   "baseScoreVersion": "4.0",
   "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
-  "references": "https://assets.belden.com/m/76d31798e65c9f47/original/Security-Bulletin-SSH-SSL-Default-Keys-HiLCOS-Hirschmann-BSECV-2015-12.pdf\nhttps://www.vulncheck.com/advisories/hirschmann-hilcos-hard-coded-credentials-ssh-ssl-keys\n",
+  "references": "https://assets.belden.com/m/76d31798e65c9f47/original/Security-Bulletin-SSH-SSL-Default-Keys-HiLCOS-Hirschmann-BSECV-2015-12.pdf\nhttps://www.vulncheck.com/advisories/hirschmann-hilcos-hard-coded-credentials-ssh-ssl-keys\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-10148\n",
   "aliases": "CVE-2015-10148\n",
   "assigner": "VulnCheck",
   "epss": 0.0,

advisories/2026/04/EUVD-2016-10854.json

@@ -2,13 +2,13 @@
   "id": "EUVD-2016-10854",
   "enisaUuid": "2d547c47-1b2c-3267-94ce-17074ea4908e",
   "description": "Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.",
-  "datePublished": "Apr 3, 2026, 9:59:07 PM",
-  "dateUpdated": "Apr 3, 2026, 9:59:07 PM",
+  "datePublished": "Apr 4, 2026, 12:31:26 AM",
+  "dateUpdated": "Apr 4, 2026, 12:31:26 AM",
   "baseScore": 8.4,
   "baseScoreVersion": "4.0",
   "baseScoreVector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
-  "references": "https://assets.belden.com/m/1d8273c6205dc400/original/Security-Bulletin-Password-Sync-SNMP-v1-v2-BSECV-2016-12.pdf\nhttps://www.kb.cert.org/vuls/id/507216\nhttps://www.vulncheck.com/advisories/hirschmann-hilcos-classic-platform-password-exposure-via-snmp\n",
-  "aliases": "CVE-2016-15058\n",
+  "references": "https://assets.belden.com/m/1d8273c6205dc400/original/Security-Bulletin-Password-Sync-SNMP-v1-v2-BSECV-2016-12.pdf\nhttps://www.kb.cert.org/vuls/id/507216\nhttps://www.vulncheck.com/advisories/hirschmann-hilcos-classic-platform-password-exposure-via-snmp\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-15058\n",
+  "aliases": "CVE-2016-15058\nGHSA-fj6r-jjmq-57gw\n",
   "assigner": "VulnCheck",
   "epss": 0.0,
   "enisaIdProduct": [

advisories/2026/04/EUVD-2016-10856.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2016-10856",
+  "enisaUuid": "7151bfbe-d9a2-3112-bc54-c02d1dcf68f8",
+  "description": "NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the Hostname/IP field to trigger a denial of service condition.",
+  "datePublished": "Apr 4, 2026, 3:30:19 PM",
+  "dateUpdated": "Apr 4, 2026, 3:30:19 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/39242\nhttps://www.vulncheck.com/advisories/netschedscan-buffer-overflow-denial-of-service\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-20050\n",
+  "aliases": "GHSA-3c69-45qx-vjjh\nCVE-2016-20050\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "70859417-6d75-3130-8ab2-fd18bd818112",
+      "product": {
+        "name": "NetSchedScan"
+      },
+      "product_version": "1.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "a42959fb-475e-3c18-92cc-e6d649bd37ed",
+      "vendor": {
+        "name": "Foundstone"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2016-10858.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2016-10858",
+  "enisaUuid": "21a73dee-f56e-3998-bd62-cbf9de3311e3",
+  "description": "Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.",
+  "datePublished": "Apr 4, 2026, 3:30:19 PM",
+  "dateUpdated": "Apr 4, 2026, 3:30:20 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
+  "references": "https://www.exploit-db.com/exploits/40705\nhttps://www.vulncheck.com/advisories/snews-cms-cross-site-request-forgery-via-changeup\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-20051\n",
+  "aliases": "CVE-2016-20051\nGHSA-qqrh-w78r-g98g\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "d00ec33e-809a-3cca-ba64-62a870dbd851",
+      "product": {
+        "name": "Snews CMS Cross Site Request Forgery"
+      },
+      "product_version": "1.7"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "703d3d48-ee34-3855-9f0c-5d26290e8a62",
+      "vendor": {
+        "name": "Snewscms"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2016-10860.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2016-10860",
+  "enisaUuid": "62aed098-6247-337c-839e-2cccb037b834",
+  "description": "Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.",
+  "datePublished": "Apr 4, 2026, 3:30:20 PM",
+  "dateUpdated": "Apr 4, 2026, 3:30:20 PM",
+  "baseScore": 9.3,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/40706\nhttps://www.vulncheck.com/advisories/snews-cms-unrestricted-file-upload-via-snews-files\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-20052\n",
+  "aliases": "GHSA-6p9p-r3m2-r76g\nCVE-2016-20052\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "3151a64e-9f64-3265-a491-57964549bde8",
+      "product": {
+        "name": "Snews CMS upload sheller"
+      },
+      "product_version": "1.7"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "28188026-7b0a-3873-8783-5c95ddfe3bc9",
+      "vendor": {
+        "name": "Snewscms"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2016-10861.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2016-10861",
+  "enisaUuid": "4c730106-7fbc-3066-b923-17d4e29daadd",
+  "description": "Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent.",
+  "datePublished": "Apr 4, 2026, 3:30:20 PM",
+  "dateUpdated": "Apr 4, 2026, 3:30:20 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
+  "references": "https://www.exploit-db.com/exploits/40708\nhttps://www.vulncheck.com/advisories/redaxo-cms-cross-site-request-forgery-via-users-endpoint\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-20053\n",
+  "aliases": "CVE-2016-20053\nGHSA-2r3p-9jrg-pvg9\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "6d1bc017-3230-3adc-bba9-229f6c6e904d",
+      "product": {
+        "name": "Redaxo CMS"
+      },
+      "product_version": "5.2"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "b3a31535-2f17-345e-ac93-2a005fcb877b",
+      "vendor": {
+        "name": "Redaxo"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2016-10862.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2016-10862",
+  "enisaUuid": "c8746eb0-77d5-35b0-87d0-4eb5b4ae233d",
+  "description": "IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.",
+  "datePublished": "Apr 4, 2026, 3:30:20 PM",
+  "dateUpdated": "Apr 4, 2026, 3:30:20 PM",
+  "baseScore": 8.5,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/40577\nhttp://www.iobit.com/en/index.php\nhttp://www.iobit.com/en/advancedsystemcarefree.php#\nhttps://www.vulncheck.com/advisories/iobit-advanced-systemcare-unquoted-service-path-privilege-escalation\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-20055\n",
+  "aliases": "CVE-2016-20055\nGHSA-9v4r-mwfh-7f37\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "de2a674b-c204-34d0-a69b-46de37e50d80",
+      "product": {
+        "name": "IObit Advanced SystemCare"
+      },
+      "product_version": "10.0.2"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "3340aec3-2dcf-365d-a98e-e5e0e3f6573e",
+      "vendor": {
+        "name": "IObit"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2016-10863.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2016-10863",
+  "enisaUuid": "6aeb1c49-5b1b-34fd-a7fc-b1e45c610c69",
+  "description": "Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.",
+  "datePublished": "Apr 4, 2026, 3:30:20 PM",
+  "dateUpdated": "Apr 4, 2026, 3:30:20 PM",
+  "baseScore": 8.5,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/40550\nhttp://www.spy-emergency.com/\nhttp://www.spy-emergency.com/download/download.php?id=1\nhttps://www.vulncheck.com/advisories/spy-emergency-build-unquoted-service-path-privilege-escalation\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-20056\n",
+  "aliases": "GHSA-3mg4-q3v6-5gmc\nCVE-2016-20056\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "18551ac3-49f9-31fc-bf21-533e2dc0b09d",
+      "product": {
+        "name": "Spy Emergency"
+      },
+      "product_version": "23.0.205"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "e928269f-4bac-36db-a175-aca32342d4d3",
+      "vendor": {
+        "name": "Spy-Emergency"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2016-10864.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2016-10864",
+  "enisaUuid": "45793870-f16d-393a-b544-93cff3cdb7cf",
+  "description": "NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.",
+  "datePublished": "Apr 4, 2026, 3:30:20 PM",
+  "dateUpdated": "Apr 4, 2026, 3:30:20 PM",
+  "baseScore": 8.5,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/40539\nhttp://www.netgate.sk/\nhttp://www.netgate.sk/download/download.php?id=4\nhttps://www.vulncheck.com/advisories/netgate-registry-cleaner-build-unquoted-service-path-privilege-escalation\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-20057\n",
+  "aliases": "CVE-2016-20057\nGHSA-j4c2-8cmh-ccg2\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "45397816-c4d0-3371-9acd-f5e0d597903c",
+      "product": {
+        "name": "NETGATE Registry Cleaner"
+      },
+      "product_version": "16.0.205"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "3cbe9441-556d-3352-a894-d130f7a74e3f",
+      "vendor": {
+        "name": "Netgate"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2016-10865.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2016-10865",
+  "enisaUuid": "0fa7e091-b55f-3901-902d-747bb692e6ce",
+  "description": "Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.",
+  "datePublished": "Apr 4, 2026, 3:30:20 PM",
+  "dateUpdated": "Apr 4, 2026, 3:30:20 PM",
+  "baseScore": 8.5,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/40540\nhttp://www.netgate.sk/\nhttp://www.netgate.sk/download/download.php?id=11\nhttps://www.vulncheck.com/advisories/netgate-amiti-antivirus-build-unquoted-service-path-privilege-escalation\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-20058\n",
+  "aliases": "CVE-2016-20058\nGHSA-gmgr-4mx6-9f7m\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "35680438-3ea9-3284-a75c-291d2fbfaa3a",
+      "product": {
+        "name": "NETGATE AMITI Antivirus"
+      },
+      "product_version": "23.0.305"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "4e502de8-1c2c-3755-a9aa-4c1c956bf629",
+      "vendor": {
+        "name": "Netgate"
+      }
+    }
+  ]
+}