Sync EUVD catalog: Wed Apr 22 00:38:17 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2023/04/EUVD-2023-31127.json

@@ -1,16 +1,17 @@
 {
   "id": "EUVD-2023-31127",
   "enisaUuid": "7ec5e718-9eb1-3f7c-966b-7eca1b2de4c8",
-  "description": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.",
-  "datePublished": "Apr 20, 2023, 6:30:50 PM",
-  "dateUpdated": "Apr 20, 2023, 6:30:50 PM",
+  "description": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.",
+  "datePublished": "Apr 20, 2023, 12:00:00 AM",
+  "dateUpdated": "Apr 21, 2026, 3:55:37 AM",
   "baseScore": 8.2,
   "baseScoreVersion": "3.0",
   "baseScoreVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
-  "references": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219\nhttps://www.zerodayinitiative.com/advisories/ZDI-23-232/\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27351\n",
+  "references": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219\nhttps://www.zerodayinitiative.com/advisories/ZDI-23-232/\n",
   "aliases": "GHSA-2c69-r2jh-xjvm\nCVE-2023-27351\n",
   "assigner": "zdi",
-  "epss": 44.75,
+  "epss": 87.73,
+  "exploitedSince": "Apr 20, 2026, 12:00:00 AM",
   "enisaIdProduct": [
     {
       "id": "6176e2a5-1fca-3461-83f0-c4b8959da077",

advisories/2023/08/EUVD-2023-53897.json

@@ -2,12 +2,12 @@
   "id": "EUVD-2023-53897",
   "enisaUuid": "47d4f83d-a238-38f5-a341-67b7f46aa24a",
   "description": "An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.",
-  "datePublished": "Aug 4, 2023, 3:30:27 AM",
-  "dateUpdated": "Apr 4, 2024, 6:33:39 AM",
+  "datePublished": "Aug 4, 2023, 12:30:28 AM",
+  "dateUpdated": "Apr 21, 2026, 4:05:06 AM",
   "baseScore": 5.3,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
-  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/416647\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4002\n",
+  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/416647\n",
   "aliases": "CVE-2023-4002\nGHSA-fh9c-h28h-pf65\n",
   "assigner": "GitLab",
   "epss": 0.06,

advisories/2023/08/EUVD-2023-53901.json

@@ -2,12 +2,12 @@
   "id": "EUVD-2023-53901",
   "enisaUuid": "3f5d4ce8-9fa8-356a-899a-5179273e71c3",
   "description": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.",
-  "datePublished": "Aug 3, 2023, 9:30:16 AM",
-  "dateUpdated": "Apr 4, 2024, 6:30:52 AM",
+  "datePublished": "Aug 3, 2023, 6:31:21 AM",
+  "dateUpdated": "Apr 21, 2026, 4:05:11 AM",
   "baseScore": 5.3,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
-  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/415942\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4008\n",
+  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/415942\n",
   "aliases": "GHSA-29hm-v8p9-7mcg\nCVE-2023-4008\n",
   "assigner": "GitLab",
   "epss": 0.05,

advisories/2023/09/EUVD-2023-54483.json

@@ -2,12 +2,12 @@
   "id": "EUVD-2023-54483",
   "enisaUuid": "8b2fc2a3-9420-3f95-9f57-bc2e29f439ff",
   "description": "An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.",
-  "datePublished": "Sep 11, 2023, 3:31:01 PM",
-  "dateUpdated": "Apr 4, 2024, 7:35:28 AM",
+  "datePublished": "Sep 11, 2023, 1:01:02 PM",
+  "dateUpdated": "Apr 21, 2026, 4:05:21 AM",
   "baseScore": 5.0,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
-  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/415117\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4630\nhttps://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released\n",
+  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/415117\n",
   "aliases": "GHSA-v2gw-42rh-8v5g\nCVE-2023-4630\n",
   "assigner": "GitLab",
   "epss": 0.13,

advisories/2023/09/EUVD-2023-54499.json

@@ -2,12 +2,12 @@
   "id": "EUVD-2023-54499",
   "enisaUuid": "3e70c8a6-1c58-3a54-8391-313939d6ed68",
   "description": "An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.",
-  "datePublished": "Sep 1, 2023, 12:30:45 PM",
-  "dateUpdated": "Apr 4, 2024, 7:21:34 AM",
+  "datePublished": "Sep 1, 2023, 10:30:27 AM",
+  "dateUpdated": "Apr 21, 2026, 4:05:26 AM",
   "baseScore": 5.3,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
-  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/414502\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4647\n",
+  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/414502\n",
   "aliases": "GHSA-43fr-qgqj-789v\nCVE-2023-4647\n",
   "assigner": "GitLab",
   "epss": 0.22,

advisories/2023/11/EUVD-2023-54243.json

@@ -2,12 +2,12 @@
   "id": "EUVD-2023-54243",
   "enisaUuid": "ec606645-1d01-3f3b-ad87-80c6a8963c86",
   "description": "An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.",
-  "datePublished": "Nov 9, 2023, 9:30:39 PM",
-  "dateUpdated": "Nov 9, 2023, 9:30:39 PM",
+  "datePublished": "Nov 9, 2023, 9:01:10 PM",
+  "dateUpdated": "Apr 21, 2026, 4:05:16 AM",
   "baseScore": 8.1,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
-  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/415496\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4379\n",
+  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/415496\n",
   "aliases": "CVE-2023-4379\nGHSA-qrp8-hgrf-wv83\n",
   "assigner": "GitLab",
   "epss": 0.01,

advisories/2024/01/EUVD-2023-59151.json

@@ -1,16 +1,16 @@
 {
   "id": "EUVD-2023-59151",
   "enisaUuid": "091cb8d5-086e-33c9-b623-228a84969b51",
-  "description": "An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. ",
-  "datePublished": "Jan 12, 2024, 3:30:32 PM",
-  "dateUpdated": "Jan 12, 2024, 3:30:32 PM",
+  "description": "A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.",
+  "datePublished": "Jan 12, 2024, 1:56:31 PM",
+  "dateUpdated": "Apr 21, 2026, 4:07:41 AM",
   "baseScore": 6.6,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N",
-  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/432188\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6955\n",
+  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/432188\n",
   "aliases": "GHSA-2w7q-mj4w-9cm2\nCVE-2023-6955\n",
   "assigner": "GitLab",
-  "epss": 0.03,
+  "epss": 0.07,
   "enisaIdProduct": [
     {
       "id": "1c95298b-5bc0-3cc2-b7c7-f30514606743",

advisories/2024/01/EUVD-2024-16198.json

@@ -2,12 +2,12 @@
   "id": "EUVD-2024-16198",
   "enisaUuid": "b41bb214-9179-3451-96b7-e90d995d35e7",
   "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.",
-  "datePublished": "Jan 26, 2024, 3:30:19 AM",
-  "dateUpdated": "Jan 26, 2024, 3:30:19 AM",
+  "datePublished": "Jan 26, 2024, 1:02:39 AM",
+  "dateUpdated": "Apr 21, 2026, 4:05:55 AM",
   "baseScore": 9.9,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
-  "references": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/\nhttps://gitlab.com/gitlab-org/gitlab/-/issues/437819\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0402\n",
+  "references": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/\nhttps://gitlab.com/gitlab-org/gitlab/-/issues/437819\n",
   "aliases": "GHSA-3hm6-rvrr-hc6r\nCVE-2024-0402\n",
   "assigner": "GitLab",
   "epss": 40.77,

advisories/2024/03/EUVD-2024-24438.json

@@ -2,15 +2,16 @@
   "id": "EUVD-2024-24438",
   "enisaUuid": "f8b40060-61f1-3e7f-8c69-712be80b7296",
   "description": "In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions  was possible",
-  "datePublished": "Mar 4, 2024, 6:30:39 PM",
-  "dateUpdated": "May 30, 2025, 6:30:51 PM",
+  "datePublished": "Mar 4, 2024, 5:21:40 PM",
+  "dateUpdated": "Apr 21, 2026, 3:55:31 AM",
   "baseScore": 7.3,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
-  "references": "https://www.jetbrains.com/privacy-security/issues-fixed/\nhttps://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27199\nhttps://github.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.py\n",
+  "references": "https://www.jetbrains.com/privacy-security/issues-fixed/\nhttps://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive\n",
   "aliases": "GHSA-m7gg-q7qj-3r2r\nCVE-2024-27199\n",
   "assigner": "JetBrains",
-  "epss": 82.47,
+  "epss": 92.02,
+  "exploitedSince": "Apr 20, 2026, 12:00:00 AM",
   "enisaIdProduct": [
     {
       "id": "99358672-555f-3ce6-bfc0-990e3f29cb92",

advisories/2025/03/EUVD-2025-8010.json

@@ -3,14 +3,15 @@
   "enisaUuid": "c455decd-1e12-3c10-8dec-4ad780506670",
   "description": "An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178.",
   "datePublished": "Mar 24, 2025, 6:18:07 PM",
-  "dateUpdated": "Dec 17, 2025, 7:33:42 PM",
+  "dateUpdated": "Apr 21, 2026, 3:55:36 AM",
   "baseScore": 7.2,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
-  "references": "https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/\nhttps://devnet.kentico.com/download/hotfixes\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-2749\nhttps://www.vulncheck.com/advisories/kentico-xperience-staging-media-file-upload-authenticated-rce\n",
+  "references": "https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/\nhttps://devnet.kentico.com/download/hotfixes\nhttps://www.vulncheck.com/advisories/kentico-xperience-staging-media-file-upload-authenticated-rce\n",
   "aliases": "CVE-2025-2749\nGHSA-g53h-cfhr-24hw\n",
   "assigner": "VulnCheck",
-  "epss": 1.23,
+  "epss": 13.66,
+  "exploitedSince": "Apr 20, 2026, 12:00:00 AM",
   "enisaIdProduct": [
     {
       "id": "d03b8f4b-c6ef-3c89-8dd7-8a79a6b82f74",