Sync EUVD catalog: Mon Apr 27 00:43:36 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2026/04/EUVD-2018-21791.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21791",
+  "enisaUuid": "4f5500bf-d798-3f63-b76f-fd9b153c3383",
+  "description": "Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log interface to execute arbitrary code with calculator proof-of-concept execution.",
+  "datePublished": "Apr 26, 2026, 1:19:03 PM",
+  "dateUpdated": "Apr 26, 2026, 1:19:03 PM",
+  "baseScore": 8.6,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45492\nhttp://support.faleemi.com/fsc776/Faleemi_v1.8.exe\nhttps://www.vulncheck.com/advisories/faleemi-desktop-software-local-buffer-overflow-seh\n",
+  "aliases": "CVE-2018-25263\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "07580ce6-1021-3e1e-82ac-4a318ef03868",
+      "product": {
+        "name": "Faleemi Desktop Software"
+      },
+      "product_version": "1.8.2"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "819b84af-8938-3604-b8de-1efe9e15b7c1",
+      "vendor": {
+        "name": "Faleemi"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21792.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21792",
+  "enisaUuid": "b1856a6c-3616-3950-b0b0-9d02ff33517f",
+  "description": "TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a denial of service condition.",
+  "datePublished": "Apr 26, 2026, 1:19:04 PM",
+  "dateUpdated": "Apr 26, 2026, 1:19:04 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45493\nhttps://www.vulncheck.com/advisories/transmac-denial-of-service-via-license-key-field\n",
+  "aliases": "CVE-2018-25264\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "85fd4b96-90c8-3a9f-9751-11e8bcdc6999",
+      "product": {
+        "name": "TransMac"
+      },
+      "product_version": "12.2"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "b856f683-d1f5-3cbd-b36f-4b1783ad2208",
+      "vendor": {
+        "name": "Acutesystems"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21793.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21793",
+  "enisaUuid": "30de7da1-a021-3793-b962-a6a003556bd7",
+  "description": "CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an application crash when processing the input.",
+  "datePublished": "Apr 26, 2026, 1:19:04 PM",
+  "dateUpdated": "Apr 26, 2026, 1:19:04 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45494\nhttps://www.vulncheck.com/advisories/crossfont-denial-of-service-via-license-key-field\n",
+  "aliases": "CVE-2018-25273\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "c93a0d92-be4a-39ab-813e-61e19efd7a6e",
+      "product": {
+        "name": "CrossFont"
+      },
+      "product_version": "7.5"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "28fe59d2-69f4-3329-8b6c-d9c1cf22d7e0",
+      "vendor": {
+        "name": "Acutesystems"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21794.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21794",
+  "enisaUuid": "5be62cef-2dab-3beb-9505-e4366f187b58",
+  "description": "InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an application crash.",
+  "datePublished": "Apr 26, 2026, 1:19:05 PM",
+  "dateUpdated": "Apr 26, 2026, 1:19:05 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45413\nhttps://www.vulncheck.com/advisories/infrarecorder-denial-of-service-via-txt-file-import\n",
+  "aliases": "CVE-2018-25274\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "05925734-b9dd-3319-aed4-39f617f80918",
+      "product": {
+        "name": "InfraRecorder"
+      },
+      "product_version": "0.53"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "94e73ca8-d74d-3400-b404-7a4fdd1e1ff1",
+      "vendor": {
+        "name": "infrarecorder"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21795.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21795",
+  "enisaUuid": "8443ca0f-c8ce-3fa1-8143-a570cca90520",
+  "description": "Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an application crash.",
+  "datePublished": "Apr 26, 2026, 1:19:06 PM",
+  "dateUpdated": "Apr 26, 2026, 1:19:06 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45414\nhttp://support.faleemi.com/fsc776/Faleemi_Plus_v1.0.2.exe\nhttps://www.vulncheck.com/advisories/faleemi-plus-denial-of-service-via-buffer-overflow\n",
+  "aliases": "CVE-2018-25275\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "b42db214-9833-3193-a388-058dc00fbce3",
+      "product": {
+        "name": "Faleemi Plus"
+      },
+      "product_version": "1.0.2"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "baea1419-39df-3444-aad6-594e2ab39765",
+      "vendor": {
+        "name": "Faleemi"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21796.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21796",
+  "enisaUuid": "50e27ae0-1267-33b2-b2f1-ef5d86284ffa",
+  "description": "RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields and click Register to trigger an application crash.",
+  "datePublished": "Apr 26, 2026, 1:19:06 PM",
+  "dateUpdated": "Apr 26, 2026, 1:19:06 PM",
+  "baseScore": 6.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45382\nhttp://www.picajet.com/download/RoboImportInstall.exe\nhttps://www.vulncheck.com/advisories/roboimport-denial-of-service-via-registration-fields\n",
+  "aliases": "CVE-2018-25276\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "49bb4ff0-f82f-33a7-8d09-e8136ce68236",
+      "product": {
+        "name": "RoboImport"
+      },
+      "product_version": "1.2.0.72"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "e901e9aa-2913-3cae-8ecf-dd48a1d081aa",
+      "vendor": {
+        "name": "Picajet"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21797.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21797",
+  "enisaUuid": "7ebd87f9-4267-3a0e-a5d6-7c73ddf0b1a1",
+  "description": "PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service condition.",
+  "datePublished": "Apr 26, 2026, 1:19:07 PM",
+  "dateUpdated": "Apr 26, 2026, 1:19:07 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45381\nhttp://www.br-software.com/pixgps11_setup.exe\nhttps://www.vulncheck.com/advisories/pixgps-buffer-overflow-denial-of-service\n",
+  "aliases": "CVE-2018-25277\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "f49e8519-c3d7-3470-8cd5-804d34c5eae0",
+      "product": {
+        "name": "PixGPS"
+      },
+      "product_version": "1.1.8"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "46012554-d2c3-3815-9190-0b946a055346",
+      "vendor": {
+        "name": "Br-Software"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21798.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21798",
+  "enisaUuid": "63c935d5-954a-3232-8479-d84baa5c9015",
+  "description": "PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields via the Help menu's Register PicaJet dialog to trigger an application crash.",
+  "datePublished": "Apr 26, 2026, 1:19:08 PM",
+  "dateUpdated": "Apr 26, 2026, 1:19:08 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45383\nhttps://www.vulncheck.com/advisories/picajet-fx-denial-of-service-via-registration-fields\n",
+  "aliases": "CVE-2018-25278\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "0aa7d070-a7b5-3067-b7cc-a38a7860d5e6",
+      "product": {
+        "name": "PicaJet FX"
+      },
+      "product_version": "2.6.5"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "78f1d284-097c-36c5-9026-2fb086a1556f",
+      "vendor": {
+        "name": "Picajet"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21799.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21799",
+  "enisaUuid": "06f983f3-4857-314b-b734-90dbfce856b8",
+  "description": "jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF.",
+  "datePublished": "Apr 26, 2026, 1:19:08 PM",
+  "dateUpdated": "Apr 26, 2026, 1:19:08 PM",
+  "baseScore": 6.9,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45380\nhttp://www.convertimagetotext.net/downloadsoftware.php\nhttps://www.vulncheck.com/advisories/jina-ocr-image-to-text-denial-of-service-via-png\n",
+  "aliases": "CVE-2018-25279\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "29a12009-f5d9-3839-90bb-3c1c80d10ef5",
+      "product": {
+        "name": "jiNa OCR Image to Text"
+      },
+      "product_version": "1.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "f86b0e42-d78a-39d7-a9b6-a3e8bc18c996",
+      "vendor": {
+        "name": "Convertimagetotext"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21800.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21800",
+  "enisaUuid": "e1c60162-a7e0-3f68-acad-bebbf45c5956",
+  "description": "Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a 6000-byte payload into the Scan Target field and trigger a denial of service condition when the Scan button is clicked.",
+  "datePublished": "Apr 26, 2026, 1:19:09 PM",
+  "dateUpdated": "Apr 26, 2026, 1:19:09 PM",
+  "baseScore": 6.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/45390\nhttps://www.infiltration-systems.com/download.shtml\nhttps://www.vulncheck.com/advisories/infiltrator-network-security-scanner-denial-of-service\n",
+  "aliases": "CVE-2018-25280\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "5ab7dd0c-a51f-314e-b9bc-997dc3c16efb",
+      "product": {
+        "name": "Infiltrator Network Security Scanner"
+      },
+      "product_version": "4.6"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "c9709007-7679-37b1-85ac-9d8ec018164b",
+      "vendor": {
+        "name": "Infiltration-Systems"
+      }
+    }
+  ]
+}