Sync EUVD catalog: Sun Apr 26 00:43:28 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2023/09/EUVD-2023-44546.json

@@ -2,12 +2,12 @@
   "id": "EUVD-2023-44546",
   "enisaUuid": "27bb99c6-b836-3217-91f5-aee56d179aef",
   "description": "An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.",
-  "datePublished": "Sep 29, 2023, 9:30:22 AM",
-  "dateUpdated": "Apr 4, 2024, 7:58:13 AM",
+  "datePublished": "Sep 29, 2023, 6:02:31 AM",
+  "dateUpdated": "Apr 25, 2026, 4:05:14 AM",
   "baseScore": 4.3,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
-  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/417481\nhttps://hackerone.com/reports/2058121\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3920\n",
+  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/417481\nhttps://hackerone.com/reports/2058121\n",
   "aliases": "GHSA-qw5x-x275-9wwh\nCVE-2023-3920\n",
   "assigner": "GitLab",
   "epss": 0.32,

advisories/2023/09/EUVD-2023-44548.json

@@ -2,12 +2,12 @@
   "id": "EUVD-2023-44548",
   "enisaUuid": "8f000656-2ee8-318e-8d0d-0e9202c01794",
   "description": "An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page.",
-  "datePublished": "Sep 29, 2023, 9:30:22 AM",
-  "dateUpdated": "Apr 4, 2024, 7:58:19 AM",
+  "datePublished": "Sep 29, 2023, 7:30:50 AM",
+  "dateUpdated": "Apr 25, 2026, 4:05:19 AM",
   "baseScore": 3.0,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L",
-  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/394770\nhttps://hackerone.com/reports/1887323\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3922\n",
+  "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/394770\nhttps://hackerone.com/reports/1887323\n",
   "aliases": "GHSA-5h2j-25xj-vggw\nCVE-2023-3922\n",
   "assigner": "GitLab",
   "epss": 0.07,

advisories/2024/01/EUVD-2023-58205.json

@@ -2,12 +2,12 @@
   "id": "EUVD-2023-58205",
   "enisaUuid": "c0e95912-7da6-3c4a-8e49-d3740d561a5e",
   "description": "An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.",
-  "datePublished": "Jan 26, 2024, 3:30:19 AM",
-  "dateUpdated": "Jan 26, 2024, 3:30:19 AM",
+  "datePublished": "Jan 26, 2024, 1:02:58 AM",
+  "dateUpdated": "Apr 25, 2026, 4:05:38 AM",
   "baseScore": 6.4,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
-  "references": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/\nhttps://gitlab.com/gitlab-org/gitlab/-/issues/430236\nhttps://hackerone.com/reports/2225710\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5933\n",
+  "references": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/\nhttps://gitlab.com/gitlab-org/gitlab/-/issues/430236\nhttps://hackerone.com/reports/2225710\n",
   "aliases": "GHSA-84m5-rqxq-483p\nCVE-2023-5933\n",
   "assigner": "GitLab",
   "epss": 3.81,

advisories/2024/05/EUVD-2024-1469.json

@@ -3,14 +3,14 @@
   "enisaUuid": "9e0c8f1f-bde2-3323-89f4-371cbd10e814",
   "description": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.",
   "datePublished": "May 9, 2024, 2:57:21 PM",
-  "dateUpdated": "Apr 18, 2026, 6:11:40 PM",
+  "dateUpdated": "Apr 25, 2026, 1:42:43 AM",
   "baseScore": 8.3,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
   "references": "https://access.redhat.com/errata/RHSA-2024:0045\nhttps://access.redhat.com/errata/RHSA-2024:3718\nhttps://access.redhat.com/errata/RHSA-2024:4159\nhttps://access.redhat.com/errata/RHSA-2024:4613\nhttps://access.redhat.com/errata/RHSA-2024:4850\nhttps://access.redhat.com/errata/RHSA-2024:4960\nhttps://access.redhat.com/errata/RHSA-2024:5258\nhttps://access.redhat.com/errata/RHSA-2024:5951\nhttps://access.redhat.com/errata/RHSA-2024:6054\nhttps://access.redhat.com/errata/RHSA-2024:6122\nhttps://access.redhat.com/errata/RHSA-2024:6708\nhttps://access.redhat.com/errata/RHSA-2024:6818\nhttps://access.redhat.com/errata/RHSA-2024:6824\nhttps://access.redhat.com/errata/RHSA-2024:7164\nhttps://access.redhat.com/errata/RHSA-2024:7174\nhttps://access.redhat.com/errata/RHSA-2024:7182\nhttps://access.redhat.com/errata/RHSA-2024:7187\nhttps://access.redhat.com/errata/RHSA-2024:7922\nhttps://access.redhat.com/errata/RHSA-2024:7941\nhttps://access.redhat.com/errata/RHSA-2024:8260\nhttps://access.redhat.com/errata/RHSA-2024:8425\nhttps://access.redhat.com/errata/RHSA-2024:9097\nhttps://access.redhat.com/errata/RHSA-2024:9098\nhttps://access.redhat.com/errata/RHSA-2024:9102\nhttps://access.redhat.com/errata/RHSA-2024:9960\nhttps://access.redhat.com/security/cve/CVE-2024-3727\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2274767\n",
   "aliases": "CVE-2024-3727\nGHSA-6wvf-f2vw-3425\n",
   "assigner": "redhat",
-  "epss": 0.56,
+  "epss": 0.49,
   "enisaIdProduct": [
     {
       "id": "005651e3-8dbd-3dc3-a388-b2cd1cd9e102",

advisories/2024/08/EUVD-2024-48330.json

@@ -2,15 +2,16 @@
   "id": "EUVD-2024-48330",
   "enisaUuid": "f7d816c9-b1c0-382c-ba3b-44b4275b546d",
   "description": "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.",
-  "datePublished": "Aug 12, 2024, 3:30:52 PM",
-  "dateUpdated": "Aug 12, 2024, 3:30:52 PM",
+  "datePublished": "Aug 9, 2024, 4:43:29 AM",
+  "dateUpdated": "Apr 25, 2026, 3:55:30 AM",
   "baseScore": 8.8,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
-  "references": "https://security.samsungtv.com/securityUpdates\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7399\n",
+  "references": "https://security.samsungtv.com/securityUpdates\n",
   "aliases": "CVE-2024-7399\nGHSA-9x68-238r-w7mq\n",
   "assigner": "samsung.tv_appliance",
-  "epss": 71.0,
+  "epss": 82.26,
+  "exploitedSince": "Apr 24, 2026, 12:00:00 AM",
   "enisaIdProduct": [
     {
       "id": "b13cf4b5-0605-3df7-8949-5822b17e9fa0",

advisories/2025/01/EUVD-2024-53724.json

@@ -2,15 +2,16 @@
   "id": "EUVD-2024-53724",
   "enisaUuid": "be13e8e7-1897-316f-acaa-95e12d264254",
   "description": "SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.",
-  "datePublished": "Jan 16, 2025, 12:31:22 AM",
-  "dateUpdated": "Jan 16, 2025, 9:30:57 PM",
+  "datePublished": "Jan 15, 2025, 12:00:00 AM",
+  "dateUpdated": "Apr 25, 2026, 3:55:35 AM",
   "baseScore": 9.9,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
-  "references": "https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/\nhttps://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57726\n",
+  "references": "https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/\nhttps://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier\n",
   "aliases": "CVE-2024-57726\nGHSA-8388-c89m-3x67\n",
   "assigner": "mitre",
-  "epss": 0.31,
+  "epss": 52.25,
+  "exploitedSince": "Apr 24, 2026, 12:00:00 AM",
   "enisaIdProduct": [
     {
       "id": "d28f6c3d-004f-3501-a3dd-5da6fa46205c",

advisories/2025/01/EUVD-2024-53726.json

@@ -2,15 +2,16 @@
   "id": "EUVD-2024-53726",
   "enisaUuid": "b501b939-d5f3-3fea-bc36-568671294b9f",
   "description": "SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.",
-  "datePublished": "Jan 16, 2025, 12:31:22 AM",
-  "dateUpdated": "Jan 16, 2025, 9:30:57 PM",
+  "datePublished": "Jan 15, 2025, 12:00:00 AM",
+  "dateUpdated": "Apr 25, 2026, 3:55:36 AM",
   "baseScore": 7.2,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
-  "references": "https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/\nhttps://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57728\n",
+  "references": "https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/\nhttps://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier\n",
   "aliases": "GHSA-mchm-7mqx-7299\nCVE-2024-57728\n",
   "assigner": "mitre",
-  "epss": 1.06,
+  "epss": 50.59,
+  "exploitedSince": "Apr 24, 2026, 12:00:00 AM",
   "enisaIdProduct": [
     {
       "id": "9ccc6663-40d6-31e0-9018-dba712ec2c84",

advisories/2025/03/EUVD-2025-14821.json

@@ -2,15 +2,16 @@
   "id": "EUVD-2025-14821",
   "enisaUuid": "f2e9a124-1657-3aa3-a182-afad97c607bf",
   "description": "A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.",
-  "datePublished": "Mar 25, 2025, 3:31:29 PM",
-  "dateUpdated": "Mar 25, 2025, 3:31:29 PM",
-  "baseScore": 8.8,
+  "datePublished": "Mar 25, 2025, 12:00:00 AM",
+  "dateUpdated": "Apr 25, 2026, 3:55:37 AM",
+  "baseScore": 7.2,
   "baseScoreVersion": "3.1",
-  "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
-  "references": "https://github.com/mono7s/Dir-823x/blob/main/set_prohibiting/set_prohibiting.md\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-29635\n",
+  "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+  "references": "https://github.com/mono7s/Dir-823x/blob/main/set_prohibiting/set_prohibiting.md\n",
   "aliases": "CVE-2025-29635\nGHSA-m9wc-3h85-pp63\n",
   "assigner": "mitre",
-  "epss": 1.64,
+  "epss": 58.94,
+  "exploitedSince": "Apr 24, 2026, 12:00:00 AM",
   "enisaIdProduct": [
     {
       "id": "2978d7ff-007d-3a31-898e-feeb2dd0bd20",

advisories/2026/01/EUVD-2026-1483.json

@@ -1,13 +1,13 @@
 {
   "id": "EUVD-2026-1483",
   "enisaUuid": "253edb39-a294-384a-8a38-5eb68a4a7d95",
-  "description": "Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9.",
+  "description": "Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through <= 2.4.9.",
   "datePublished": "Jan 8, 2026, 4:24:37 PM",
-  "dateUpdated": "Jan 8, 2026, 4:57:01 PM",
+  "dateUpdated": "Apr 25, 2026, 1:58:24 AM",
   "baseScore": 5.4,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
-  "references": "https://nvd.nist.gov/vuln/detail/CVE-2026-22490\nhttps://patchstack.com/database/wordpress/plugin/lpagery/vulnerability/wordpress-bulk-landing-page-creator-for-wordpress-lpagery-plugin-2-4-4-broken-access-control-vulnerability?_s_id=cve\n",
+  "references": "https://patchstack.com/database/Wordpress/Plugin/lpagery/vulnerability/wordpress-bulk-landing-page-creator-for-wordpress-lpagery-plugin-2-4-4-broken-access-control-vulnerability?_s_id=cve\n",
   "aliases": "CVE-2026-22490\nGHSA-wf77-qcj8-w36g\n",
   "assigner": "Patchstack",
   "epss": 0.05,
@@ -18,6 +18,13 @@
         "name": "Bulk Landing Page Creator for WordPress LPagery"
       },
       "product_version": "n/a \u22642.4.9"
+    },
+    {
+      "id": "d34238d3-aef3-330b-8764-e718022e2f3e",
+      "product": {
+        "name": "Bulk Landing Page Creator for WordPress LPagery"
+      },
+      "product_version": "0 \u22642.4.9"
     }
   ],
   "enisaIdVendor": [

advisories/2026/01/EUVD-2026-1484.json

@@ -1,13 +1,13 @@
 {
   "id": "EUVD-2026-1484",
   "enisaUuid": "e636bac7-470a-3a4b-a169-5b5a0a32fa82",
-  "description": "Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0.",
+  "description": "Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.",
   "datePublished": "Jan 8, 2026, 4:22:10 PM",
-  "dateUpdated": "Jan 8, 2026, 5:01:30 PM",
+  "dateUpdated": "Apr 25, 2026, 1:57:38 AM",
   "baseScore": 5.4,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
-  "references": "https://nvd.nist.gov/vuln/detail/CVE-2026-22517\nhttps://patchstack.com/database/wordpress/plugin/ga-for-wp/vulnerability/wordpress-ga4wp-google-analytics-for-wordpress-plugin-2-10-0-broken-access-control-vulnerability?_s_id=cve\n",
+  "references": "https://patchstack.com/database/Wordpress/Plugin/ga-for-wp/vulnerability/wordpress-ga4wp-google-analytics-for-wordpress-plugin-2-10-0-broken-access-control-vulnerability?_s_id=cve\n",
   "aliases": "GHSA-w644-m557-r6g2\nCVE-2026-22517\n",
   "assigner": "Patchstack",
   "epss": 0.05,
@@ -18,6 +18,13 @@
         "name": "GA4WP: Google Analytics for WordPress"
       },
       "product_version": "n/a \u22642.10.0"
+    },
+    {
+      "id": "f1f173a7-aed1-3eb4-821b-7cb06bb4d142",
+      "product": {
+        "name": "GA4WP: Google Analytics for WordPress"
+      },
+      "product_version": "0 \u22642.10.0"
     }
   ],
   "enisaIdVendor": [