Sync EUVD catalog: Fri Apr 24 00:43:19 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2026/04/EUVD-2025-209557.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2025-209557",
+  "enisaUuid": "6e5cb967-cd57-3019-8158-4f2f6bc4fdfd",
+  "description": "IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.",
+  "datePublished": "Apr 23, 2026, 12:31:18 AM",
+  "dateUpdated": "Apr 23, 2026, 12:31:18 AM",
+  "baseScore": 5.5,
+  "baseScoreVersion": "3.1",
+  "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
+  "references": "https://www.ibm.com/support/pages/node/7268907\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-36074\n",
+  "aliases": "CVE-2025-36074\nGHSA-w9g3-hc6p-qwh3\n",
+  "assigner": "ibm",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "fb38ad90-69fe-3fab-afae-69f659767f4f",
+      "product": {
+        "name": "Security Verify Directory (Container)"
+      },
+      "product_version": "10.0.0 \u226410.0.0.3"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "0756cd74-3706-39e2-bd37-f9a9c5e82bf8",
+      "vendor": {
+        "name": "IBM"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209559.json

@@ -0,0 +1,29 @@
+{
+  "id": "EUVD-2025-209559",
+  "enisaUuid": "044b3456-1d57-33be-89aa-75e66619def8",
+  "description": "EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\\SYSTEM.",
+  "datePublished": "Apr 23, 2026, 9:32:56 AM",
+  "dateUpdated": "Apr 23, 2026, 9:32:56 AM",
+  "baseScore": 0.0,
+  "references": "https://r.sec-consult.com/controlio\nhttps://kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-10549\n",
+  "aliases": "GHSA-hhv5-qpmh-pc66\nCVE-2025-10549\n",
+  "assigner": "SEC-VLab",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "de5fa28d-55dc-3a63-ba6e-4d3b37d10733",
+      "product": {
+        "name": "Controlio"
+      },
+      "product_version": "<1.3.95"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "bbc66a5b-775c-3bf2-a07d-958fcbdabdf8",
+      "vendor": {
+        "name": "EfficientLab, LLC"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209561.json

@@ -0,0 +1,23 @@
+{
+  "id": "EUVD-2025-209561",
+  "enisaUuid": "8ea71cc4-55a1-36c2-b78c-63ea7a4af4dd",
+  "description": "Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2.",
+  "datePublished": "Apr 23, 2026, 12:31:34 PM",
+  "dateUpdated": "Apr 23, 2026, 12:31:34 PM",
+  "baseScore": 4.3,
+  "baseScoreVersion": "3.1",
+  "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+  "references": "https://patchstack.com/database/wordpress/plugin/acf-galerie-4/vulnerability/wordpress-acf-galerie-4-plugin-1-4-2-broken-access-control-vulnerability?_s_id=cve\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-62104\n",
+  "aliases": "GHSA-3p5v-c45v-mqqc\nCVE-2025-62104\n",
+  "assigner": "Patchstack",
+  "epss": 0.0,
+  "enisaIdProduct": [],
+  "enisaIdVendor": [
+    {
+      "id": "597a89db-b4f7-3105-bde7-ca5960397e99",
+      "vendor": {
+        "name": "Navneil Naicker"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209563.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2025-209563",
+  "enisaUuid": "bdeaa370-0633-3f10-8e56-0696c40e22e8",
+  "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3.",
+  "datePublished": "Apr 23, 2026, 12:31:34 PM",
+  "dateUpdated": "Apr 23, 2026, 12:31:34 PM",
+  "baseScore": 6.5,
+  "baseScoreVersion": "3.1",
+  "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+  "references": "https://patchstack.com/database/wordpress/plugin/rescue-shortcodes/vulnerability/wordpress-rescue-shortcodes-plugin-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-62110\n",
+  "aliases": "CVE-2025-62110\nGHSA-595f-wpcr-x297\n",
+  "assigner": "Patchstack",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "eb684431-84bc-3944-8f96-ee22473cf82b",
+      "product": {
+        "name": "Rescue Shortcodes"
+      },
+      "product_version": "n/a \u22643.3"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "b11ffc8d-cb4e-33a9-b2c6-d76ad4aa68c1",
+      "vendor": {
+        "name": "Rescue Themes"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209564.json

@@ -0,0 +1,37 @@
+{
+  "id": "EUVD-2025-209564",
+  "enisaUuid": "c24dbcd0-e8ba-371c-8c43-418eaaea2b05",
+  "description": "Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs",
+  "datePublished": "Apr 23, 2026, 12:27:41 PM",
+  "dateUpdated": "Apr 23, 2026, 12:33:39 PM",
+  "baseScore": 5.7,
+  "baseScoreVersion": "3.1",
+  "baseScoreVector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
+  "references": "https://access.redhat.com/security/cve/CVE-2025-13763\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2417581\nhttps://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv\nhttps://github.com/OpenSC/OpenSC/wiki/CVE-2025-13763\n",
+  "aliases": "CVE-2025-13763\n",
+  "assigner": "redhat",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "0ad5e846-51aa-34bd-9cf8-1053da3de36d",
+      "product": {
+        "name": "opensc"
+      },
+      "product_version": "0 <0.27.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "69b216dc-a087-3632-8f58-fb02d41f159d",
+      "vendor": {
+        "name": "OpenSC"
+      }
+    },
+    {
+      "id": "9950c292-2d86-3dcb-94b9-829535b57e6c",
+      "vendor": {
+        "name": "Red Hat"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209565.json

@@ -0,0 +1,23 @@
+{
+  "id": "EUVD-2025-209565",
+  "enisaUuid": "5ccf8c4f-ad32-3f99-9304-3890a3145777",
+  "description": "An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the\nWebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.",
+  "datePublished": "Apr 23, 2026, 3:38:56 PM",
+  "dateUpdated": "Apr 23, 2026, 3:38:56 PM",
+  "baseScore": 4.7,
+  "baseScoreVersion": "3.1",
+  "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
+  "references": "https://access.redhat.com/security/cve/CVE-2025-66286\nhttps://bugs.webkit.org/show_bug.cgi?id=259787\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2424652\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-66286\n",
+  "aliases": "GHSA-qx86-g93j-m25r\nCVE-2025-66286\n",
+  "assigner": "redhat",
+  "epss": 0.0,
+  "enisaIdProduct": [],
+  "enisaIdVendor": [
+    {
+      "id": "25a2d8a1-6d6b-3bdc-8319-c619dcbef704",
+      "vendor": {
+        "name": "Red Hat"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209567.json

@@ -0,0 +1,29 @@
+{
+  "id": "EUVD-2025-209567",
+  "enisaUuid": "ea2ed782-f57a-3035-bcff-bfc4ff70ecf5",
+  "description": "Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal forgery after a local attacker intercepts any legitimate key fob transmission, allowing for complete unauthorized vehicle operation via a replay attack.",
+  "datePublished": "Apr 23, 2026, 6:33:03 PM",
+  "dateUpdated": "Apr 23, 2026, 6:33:03 PM",
+  "baseScore": 0.0,
+  "references": "https://github.com/ktauchathuranga/ghost-keys\nhttps://github.com/ktauchathuranga/CVE-2025-70994\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-70994\n",
+  "aliases": "CVE-2025-70994\nGHSA-4cpv-8qgx-f9fv\n",
+  "assigner": "mitre",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "620596a7-5ab6-303d-9f91-d837665bf125",
+      "product": {
+        "name": "n/a"
+      },
+      "product_version": "n/a"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "c47a8567-c5ad-3519-aa4a-4e252c796c1c",
+      "vendor": {
+        "name": "n/a"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209568.json

@@ -0,0 +1,29 @@
+{
+  "id": "EUVD-2025-209568",
+  "enisaUuid": "bffd53fa-f0e5-3c34-958d-c541a4c385c3",
+  "description": "Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.",
+  "datePublished": "Apr 23, 2026, 6:33:03 PM",
+  "dateUpdated": "Apr 23, 2026, 6:33:03 PM",
+  "baseScore": 0.0,
+  "references": "https://github.com/Cherry-toto/jizhicms\nhttp://jizhicms.cn\nhttps://github.com/Cherry-toto/jizhicms/issues/105\nhttps://gist.github.com/4iFei/14ad89c3b44348dd575bf5ae0ed5a19c\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-50229\n",
+  "aliases": "CVE-2025-50229\n",
+  "assigner": "mitre",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "68103c9f-2138-3b7c-8f06-b431591a3f3d",
+      "product": {
+        "name": "n/a"
+      },
+      "product_version": "n/a"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "188764fc-3e6f-3da2-a88b-f70989240ab7",
+      "vendor": {
+        "name": "n/a"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209570.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2025-209570",
+  "enisaUuid": "9f00aab6-cff4-3742-b34e-55348af3d45c",
+  "description": "Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer",
+  "datePublished": "Apr 23, 2026, 9:15:42 PM",
+  "dateUpdated": "Apr 23, 2026, 9:15:42 PM",
+  "baseScore": 9.8,
+  "baseScoreVersion": "3.1",
+  "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+  "references": "https://github.com/pipecat-ai/pipecat/security/advisories/GHSA-c2jg-5cp7-6wc7\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-62373\nhttps://github.com/pipecat-ai/pipecat/releases/tag/v0.0.94\n",
+  "aliases": "GHSA-c2jg-5cp7-6wc7\nCVE-2025-62373\n",
+  "assigner": "GitHub_M",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "e81e4a8e-c90a-3b1c-93b2-1b9509d9efd1",
+      "product": {
+        "name": "pipecat"
+      },
+      "product_version": "0.0.41, < 0.0.94"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "9cd17937-5a06-3100-9dd9-80a4ca508983",
+      "vendor": {
+        "name": "pipecat-ai"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-5343.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2025-5343",
+  "enisaUuid": "914f887d-fb02-37ec-8777-04d4448baa85",
+  "description": "Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3.",
+  "datePublished": "Apr 23, 2026, 3:35:54 PM",
+  "dateUpdated": "Apr 23, 2026, 3:35:54 PM",
+  "baseScore": 4.3,
+  "baseScoreVersion": "3.1",
+  "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+  "references": "https://patchstack.com/database/wordpress/plugin/admin-menu-manager/vulnerability/wordpress-admin-menu-manager-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26925\nhttps://patchstack.com/database/Wordpress/Plugin/admin-menu-manager/vulnerability/wordpress-admin-menu-manager-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\n",
+  "aliases": "CVE-2025-26925\nGHSA-r634-gv2r-vh8r\n",
+  "assigner": "Patchstack",
+  "epss": 0.16,
+  "enisaIdProduct": [
+    {
+      "id": "324cf3d1-27cb-3249-931b-edc23d30c735",
+      "product": {
+        "name": "Admin Menu Manager"
+      },
+      "product_version": "n/a \u22641.0.3"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "65db7410-6f76-304b-8587-e787ab417de1",
+      "vendor": {
+        "name": "Required"
+      }
+    }
+  ]
+}