Skip to content

Commit e99556f

Browse files
aboutcode-automationaboutcode-automation
committed
Sync EUVD catalog: Thu Apr 2 00:34:08 UTC 2026
Signed-off-by: AboutCode Automation <automation@aboutcode.org>
1 parent 0ce9098 commit e99556f

250 files changed

Lines changed: 28133 additions & 1 deletion

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

advisories/2026/04/EUVD-2024-0217.json

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"id": "EUVD-2024-0217",
3+
"enisaUuid": "02de6c4e-08c8-3632-813d-41e10b9b3ec6",
4+
"description": "TorchGeo Remote Code Execution Vulnerability",
5+
"datePublished": "Apr 1, 2026, 12:03:56 AM",
6+
"dateUpdated": "Apr 1, 2026, 12:03:56 AM",
7+
"baseScore": 8.1,
8+
"baseScoreVersion": "3.1",
9+
"baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
10+
"references": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49048\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49048\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-49048\nhttps://github.com/microsoft/torchgeo/pull/2323\nhttps://github.com/microsoft/torchgeo/releases/tag/v0.6.1\nhttps://github.com/pypa/advisory-database/tree/main/vulns/torchgeo/PYSEC-2024-204.yaml\nhttps://github.com/torchgeo/torchgeo/security/advisories/GHSA-ghq9-vc6f-8qjf\nhttps://github.com/torchgeo/torchgeo/pull/2323\nhttps://github.com/torchgeo/torchgeo/pull/917\nhttps://github.com/torchgeo/torchgeo/commit/1a980788cb7089a1115f3b786c7daa9dd47d7d7a\n",
11+
"aliases": "CVE-2024-49048\nGHSA-g5vp-j278-8pjh\nPYSEC-2024-204\nGHSA-ghq9-vc6f-8qjf\n",
12+
"assigner": "microsoft",
13+
"epss": 0.5,
14+
"enisaIdProduct": [
15+
{
16+
"id": "ba604257-a740-3bad-a8f6-7de44a6e9140",
17+
"product": {
18+
"name": "Microsoft TorchGeo"
19+
},
20+
"product_version": "1.0.0 <0.6.1"
21+
}
22+
],
23+
"enisaIdVendor": [
24+
{
25+
"id": "b00641ae-bff7-362d-9c39-72cc5d8d32fe",
26+
"vendor": {
27+
"name": "Microsoft"
28+
}
29+
}
30+
]
31+
}

advisories/2026/04/EUVD-2024-55514.json

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
{
2+
"id": "EUVD-2024-55514",
3+
"enisaUuid": "d95bde6b-32ef-3635-b4a7-179df37e763b",
4+
"description": "XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host mismatches.",
5+
"datePublished": "Apr 1, 2026, 3:31:40 AM",
6+
"dateUpdated": "Apr 1, 2026, 3:31:40 AM",
7+
"baseScore": 5.3,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
10+
"references": "https://xenforo.com/community/threads/xenforo-2-2-17-released-security-fix.227797/\nhttps://www.vulncheck.com/advisories/xenforo-open-redirect-via-getdynamicredirect\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-58342\n",
11+
"aliases": "CVE-2024-58342\nGHSA-hrvr-j498-5vhh\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "048d6318-a5f9-3b4e-b7ce-37c2af9e907f",
17+
"product": {
18+
"name": "Xenforo"
19+
},
20+
"product_version": "0 <2.2.17"
21+
},
22+
{
23+
"id": "2738d2c6-76de-37e2-8e91-7975d79f6a8c",
24+
"product": {
25+
"name": "Xenforo"
26+
},
27+
"product_version": "2.3.0 <2.3.1"
28+
},
29+
{
30+
"id": "89d8aaba-8626-36ed-a9ac-bb47fe293378",
31+
"product": {
32+
"name": "Xenforo"
33+
},
34+
"product_version": "0 <2.2.17"
35+
},
36+
{
37+
"id": "cc6eb508-6eeb-38d0-bab0-ffbbf68c5b3a",
38+
"product": {
39+
"name": "Xenforo"
40+
},
41+
"product_version": "2.3.0 <2.3.1"
42+
}
43+
],
44+
"enisaIdVendor": [
45+
{
46+
"id": "244fff76-dc01-37f2-b40d-7190332c1a6b",
47+
"vendor": {
48+
"name": "Xenforo"
49+
}
50+
},
51+
{
52+
"id": "dd5de3be-4a6c-3b2f-b1ee-65f859317520",
53+
"vendor": {
54+
"name": "Xenforo"
55+
}
56+
}
57+
]
58+
}

advisories/2026/04/EUVD-2024-55516.json

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"id": "EUVD-2024-55516",
3+
"enisaUuid": "ddabd6da-4a97-3e0f-bf08-ef6528c5d173",
4+
"description": "Ericsson Packet Core Controller (PCC) versions prior\nto 1.38 contain a vulnerability where an attacker sending a large volume of\nspecially crafted messages may cause service degradation.",
5+
"datePublished": "Apr 1, 2026, 12:31:27 PM",
6+
"dateUpdated": "Apr 1, 2026, 12:31:27 PM",
7+
"baseScore": 5.3,
8+
"baseScoreVersion": "3.1",
9+
"baseScoreVector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
10+
"references": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2024-53828\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53828\n",
11+
"aliases": "CVE-2024-53828\nGHSA-q3hg-jp42-4pfq\n",
12+
"assigner": "ERIC",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "8918b8b4-8d34-3fc8-b296-b6157988b2d0",
17+
"product": {
18+
"name": "Packet Core Controller (PCC)"
19+
},
20+
"product_version": "0 <1.38"
21+
}
22+
],
23+
"enisaIdVendor": [
24+
{
25+
"id": "603e350e-82f9-33b5-96c0-078b70f7443e",
26+
"vendor": {
27+
"name": "Ericsson"
28+
}
29+
}
30+
]
31+
}

advisories/2026/04/EUVD-2024-55519.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"id": "EUVD-2024-55519",
3+
"enisaUuid": "6c367101-7b98-3032-8c3f-e0d7a48ca73b",
4+
"description": "There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.",
5+
"datePublished": "Apr 1, 2026, 6:36:37 PM",
6+
"dateUpdated": "Apr 1, 2026, 6:36:37 PM",
7+
"baseScore": 0.0,
8+
"references": "https://pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ug?pwd=sktp\nhttps://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40489\n",
9+
"aliases": "CVE-2024-40489\n",
10+
"assigner": "mitre",
11+
"epss": 0.0,
12+
"enisaIdProduct": [
13+
{
14+
"id": "4a6f4819-8211-372a-ae12-23ef2d4e7793",
15+
"product": {
16+
"name": "n/a"
17+
},
18+
"product_version": "n/a"
19+
}
20+
],
21+
"enisaIdVendor": [
22+
{
23+
"id": "4408e850-852a-3b3c-a9d6-5eadac70f6ec",
24+
"vendor": {
25+
"name": "n/a"
26+
}
27+
}
28+
]
29+
}

advisories/2026/04/EUVD-2024-55520.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"id": "EUVD-2024-55520",
3+
"enisaUuid": "54203717-59b2-3daf-98f2-dfab2ec82b19",
4+
"description": "A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.",
5+
"datePublished": "Apr 1, 2026, 6:36:37 PM",
6+
"dateUpdated": "Apr 1, 2026, 6:36:37 PM",
7+
"baseScore": 0.0,
8+
"references": "https://pan.baidu.com/s/1h2RGEvxuvsKtsn2-TlFlmA?pwd=gf5r\nhttps://gist.github.com/aqyoung/e3b7ba5d8b8261df7d09931dbe779b3b\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43028\n",
9+
"aliases": "CVE-2024-43028\nGHSA-wgxr-f4vr-8wj3\n",
10+
"assigner": "mitre",
11+
"epss": 0.0,
12+
"enisaIdProduct": [
13+
{
14+
"id": "735dec9b-ace6-3cbc-922f-fc23e75d1407",
15+
"product": {
16+
"name": "n/a"
17+
},
18+
"product_version": "n/a"
19+
}
20+
],
21+
"enisaIdVendor": [
22+
{
23+
"id": "8c39f425-ae52-3a91-aa9a-88eff5d89b2b",
24+
"vendor": {
25+
"name": "n/a"
26+
}
27+
}
28+
]
29+
}

advisories/2026/04/EUVD-2025-209149.json

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"id": "EUVD-2025-209149",
3+
"enisaUuid": "c013b4cc-ad9d-3875-887e-9545a7f13996",
4+
"description": "IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.",
5+
"datePublished": "Apr 1, 2026, 3:31:40 AM",
6+
"dateUpdated": "Apr 1, 2026, 3:31:40 AM",
7+
"baseScore": 7.6,
8+
"baseScoreVersion": "3.1",
9+
"baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
10+
"references": "https://www.ibm.com/support/pages/node/7267783\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13855\n",
11+
"aliases": "CVE-2025-13855\nGHSA-jj8c-ggwx-vfm9\n",
12+
"assigner": "ibm",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "50663ff8-a718-3a34-9ff4-cdf9ebc500a5",
17+
"product": {
18+
"name": "Storage Protect Server"
19+
},
20+
"product_version": "8.2.0"
21+
}
22+
],
23+
"enisaIdVendor": [
24+
{
25+
"id": "37537dd4-d854-33cd-8e70-1fae89e99f7a",
26+
"vendor": {
27+
"name": "IBM"
28+
}
29+
}
30+
]
31+
}

advisories/2026/04/EUVD-2025-209150.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"id": "EUVD-2025-209150",
3+
"enisaUuid": "7d7bbe67-f51d-3fb1-868c-73cce3f47198",
4+
"description": "XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level.",
5+
"datePublished": "Apr 1, 2026, 3:31:40 AM",
6+
"dateUpdated": "Apr 1, 2026, 3:31:40 AM",
7+
"baseScore": 8.7,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
10+
"references": "https://xenforo.com/community/threads/xenforo-2-3-5-includes-security-fix-add-ons-released.228812/\nhttps://www.vulncheck.com/advisories/xenforo-oauth2-unauthorized-scope-request\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71278\n",
11+
"aliases": "CVE-2025-71278\nGHSA-499p-g3jm-62mp\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "0f2908da-7bca-3753-b734-94c8744a503c",
17+
"product": {
18+
"name": "Xenforo"
19+
},
20+
"product_version": "2.3.0 <2.3.5"
21+
},
22+
{
23+
"id": "261ae1d8-0826-3ec1-abc6-3337d175281e",
24+
"product": {
25+
"name": "Xenforo"
26+
},
27+
"product_version": "2.3.0 <2.3.5"
28+
}
29+
],
30+
"enisaIdVendor": [
31+
{
32+
"id": "36adb75d-fe19-3e23-92f3-3a8f11136ff2",
33+
"vendor": {
34+
"name": "Xenforo"
35+
}
36+
},
37+
{
38+
"id": "3d72e388-1123-36b1-b578-fb94281592f5",
39+
"vendor": {
40+
"name": "Xenforo"
41+
}
42+
}
43+
]
44+
}

advisories/2026/04/EUVD-2025-209152.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"id": "EUVD-2025-209152",
3+
"enisaUuid": "f7c58b68-1199-39e1-ae29-9e8007462e18",
4+
"description": "XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication.",
5+
"datePublished": "Apr 1, 2026, 3:31:40 AM",
6+
"dateUpdated": "Apr 1, 2026, 3:31:40 AM",
7+
"baseScore": 9.3,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
10+
"references": "https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/\nhttps://www.vulncheck.com/advisories/xenforo-passkey-security-bypass\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71279\n",
11+
"aliases": "CVE-2025-71279\nGHSA-gqgm-83rg-vhcj\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "bb86f513-f386-38fc-8e72-738837b94657",
17+
"product": {
18+
"name": "Xenforo"
19+
},
20+
"product_version": "2.3.0 <2.3.7"
21+
},
22+
{
23+
"id": "f5867ec1-b745-3e49-8d42-f2d552070e1b",
24+
"product": {
25+
"name": "Xenforo"
26+
},
27+
"product_version": "2.3.0 <2.3.7"
28+
}
29+
],
30+
"enisaIdVendor": [
31+
{
32+
"id": "31d90b56-f98f-329b-ac6b-e5e4ec48aa99",
33+
"vendor": {
34+
"name": "Xenforo"
35+
}
36+
},
37+
{
38+
"id": "47dfc11d-ea89-32e6-bf66-13752837d97c",
39+
"vendor": {
40+
"name": "Xenforo"
41+
}
42+
}
43+
]
44+
}

advisories/2026/04/EUVD-2025-209154.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"id": "EUVD-2025-209154",
3+
"enisaUuid": "446463ad-9acb-38f7-966e-9ea67ce20c61",
4+
"description": "XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users.",
5+
"datePublished": "Apr 1, 2026, 3:31:40 AM",
6+
"dateUpdated": "Apr 1, 2026, 3:31:40 AM",
7+
"baseScore": 6.9,
8+
"baseScoreVersion": "4.0",
9+
"baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
10+
"references": "https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/\nhttps://www.vulncheck.com/advisories/xenforo-local-account-page-caching-information-disclosure\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71280\n",
11+
"aliases": "GHSA-mvm5-rv5r-322q\nCVE-2025-71280\n",
12+
"assigner": "VulnCheck",
13+
"epss": 0.0,
14+
"enisaIdProduct": [
15+
{
16+
"id": "64056b85-452c-3d98-92ec-920272a18130",
17+
"product": {
18+
"name": "Xenforo"
19+
},
20+
"product_version": "2.3.0 <2.3.7"
21+
},
22+
{
23+
"id": "e2b68ec3-63a9-315b-8985-14849d584b4c",
24+
"product": {
25+
"name": "Xenforo"
26+
},
27+
"product_version": "2.3.0 <2.3.7"
28+
}
29+
],
30+
"enisaIdVendor": [
31+
{
32+
"id": "6ecc18b8-6b77-3456-a28a-c7dcca8400f5",
33+
"vendor": {
34+
"name": "Xenforo"
35+
}
36+
},
37+
{
38+
"id": "8af074a3-71a1-3aec-bbb5-d45baec97a3e",
39+
"vendor": {
40+
"name": "Xenforo"
41+
}
42+
}
43+
]
44+
}

0 commit comments

Comments
 (0)