Sync EUVD catalog: Mon Apr 13 00:40:24 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2026/04/EUVD-2017-18965.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2017-18965",
+  "enisaUuid": "d339999c-4a4f-3b15-9079-bd5723baa210",
+  "description": "MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without sanitization, causing the injected scripts to execute in the victim's browser context.",
+  "datePublished": "Apr 12, 2026, 3:30:25 PM",
+  "dateUpdated": "Apr 12, 2026, 3:30:25 PM",
+  "baseScore": 5.1,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46097\nhttps://www.vulncheck.com/advisories/mdwiki-cross-site-scripting-via-location-hash-parameter\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-20239\n",
+  "aliases": "GHSA-gp82-mmj7-m5w2\nCVE-2017-20239\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "dd351865-44df-3936-8bde-83c3b18d1a68",
+      "product": {
+        "name": "MDwiki"
+      },
+      "product_version": "0.6.2"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "56db384a-d476-3d0f-a5bc-049b45012757",
+      "vendor": {
+        "name": "Dynalon"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21768.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21768",
+  "enisaUuid": "3f720c1a-4b25-3a45-9bb1-eb436fb6f461",
+  "description": "Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.",
+  "datePublished": "Apr 12, 2026, 3:30:25 PM",
+  "dateUpdated": "Apr 12, 2026, 3:30:25 PM",
+  "baseScore": 7.1,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46217\nhttps://www.vulncheck.com/advisories/adianti-framework-and-sql-injection-via-profile\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-25257\n",
+  "aliases": "GHSA-9f59-h5gf-pg3f\nCVE-2018-25257\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "a40f309b-566f-3e7c-ab7e-2bd17c9d4f14",
+      "product": {
+        "name": "Adianti Framework"
+      },
+      "product_version": "5.5.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "2171f89c-39c5-3210-b1bc-5aa131620a6b",
+      "vendor": {
+        "name": "Adianti"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2018-21770.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2018-21770",
+  "enisaUuid": "040e2d0f-c2bc-30fc-b5ce-2fd1917acc27",
+  "description": "RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.",
+  "datePublished": "Apr 12, 2026, 3:30:25 PM",
+  "dateUpdated": "Apr 12, 2026, 3:30:25 PM",
+  "baseScore": 8.6,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46107\nhttps://www.r-project.org/\nhttps://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe\nhttps://www.vulncheck.com/advisories/rgui-local-buffer-overflow-seh-dep-bypass\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-25258\n",
+  "aliases": "CVE-2018-25258\nGHSA-p8hm-rwgf-6c7f\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "cf150e69-5b0a-3e63-8b84-6b4f20e52e25",
+      "product": {
+        "name": "RGui"
+      },
+      "product_version": "3.5.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "a3af15f5-807d-3150-9956-31ad7b9091e1",
+      "vendor": {
+        "name": "R-Project"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20124.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20124",
+  "enisaUuid": "b8b11cfb-e164-38f0-82fd-c63ef1779f45",
+  "description": "HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process.",
+  "datePublished": "Apr 12, 2026, 3:30:25 PM",
+  "dateUpdated": "Apr 12, 2026, 3:30:25 PM",
+  "baseScore": 8.6,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46279\nhttp://www.html5videoplayer.net/download.html\nhttps://www.vulncheck.com/advisories/html5-video-player-local-buffer-overflow-non-seh\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25689\n",
+  "aliases": "CVE-2019-25689\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "c2401920-c52b-3901-8842-17fbad2ac443",
+      "product": {
+        "name": "Html5 Video Player"
+      },
+      "product_version": "1.2.5"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "71dc9e2d-59e2-338c-9a81-0b55cfd5156d",
+      "vendor": {
+        "name": "Html5Videoplayer"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20126.json

@@ -0,0 +1,23 @@
+{
+  "id": "EUVD-2019-20126",
+  "enisaUuid": "e0fd0152-3359-3a6b-a6ca-96b33dc8b206",
+  "description": "Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a buffer overflow and execute arbitrary code via ROP chain gadgets.",
+  "datePublished": "Apr 12, 2026, 3:30:25 PM",
+  "dateUpdated": "Apr 12, 2026, 3:30:25 PM",
+  "baseScore": 8.6,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46269\nhttps://www.faleemi.com/\nhttps://www.vulncheck.com/advisories/faleemi-desktop-software-local-buffer-overflow-seh-dep-bypass\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25691\n",
+  "aliases": "CVE-2019-25691\nGHSA-w77h-76xc-792q\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [],
+  "enisaIdVendor": [
+    {
+      "id": "23a5c3db-870e-343d-8eff-6f915194ecf7",
+      "vendor": {
+        "name": "Faleemi"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20128.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20128",
+  "enisaUuid": "fa9bbd6e-e470-3f6c-ac7d-d9b22c2657a5",
+  "description": "ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.",
+  "datePublished": "Apr 12, 2026, 3:30:25 PM",
+  "dateUpdated": "Apr 12, 2026, 3:30:25 PM",
+  "baseScore": 7.1,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46274\nhttps://www.resourcespace.com/\nhttps://www.resourcespace.com/get\nhttps://www.vulncheck.com/advisories/resourcespace-sql-injection-via-collection-edit-php\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25693\n",
+  "aliases": "CVE-2019-25693\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "6a3b638c-78f9-3f7a-b0e9-214f424702ca",
+      "product": {
+        "name": "ResourceSpace"
+      },
+      "product_version": "Stable release: 8.6"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "84511a99-cc37-3706-ba6e-0a52ef734b87",
+      "vendor": {
+        "name": "Resourcespace"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20130.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20130",
+  "enisaUuid": "22e95079-79dc-3090-96b5-28930d62adb4",
+  "description": "R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.",
+  "datePublished": "Apr 12, 2026, 3:30:26 PM",
+  "dateUpdated": "Apr 12, 2026, 3:30:26 PM",
+  "baseScore": 8.6,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46265\nhttps://cloud.r-project.org/bin/windows/\nhttps://www.vulncheck.com/advisories/r-local-buffer-overflow-windows-xp-sp3\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25695\n",
+  "aliases": "GHSA-j4f8-4p6w-v5h6\nCVE-2019-25695\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "2980a1d5-9315-3c29-93fd-0a17a164624f",
+      "product": {
+        "name": "R"
+      },
+      "product_version": "3.4.4"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "13d751bc-a784-3f0d-ade3-c94659443477",
+      "vendor": {
+        "name": "R-Project"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20131.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20131",
+  "enisaUuid": "c433caa5-e285-328c-abea-38a3026c208c",
+  "description": "CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information including usernames and credentials.",
+  "datePublished": "Apr 12, 2026, 3:30:26 PM",
+  "dateUpdated": "Apr 12, 2026, 3:30:26 PM",
+  "baseScore": 8.8,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46259\nhttps://github.com/VictorAlagwu/CMSsite/archive/master.zip\nhttps://www.vulncheck.com/advisories/cmssite-sql-injection-via-category-php\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25697\n",
+  "aliases": "CVE-2019-25697\nGHSA-vm4j-2vcw-g6gc\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "7ad34642-e600-3dd9-8d58-a97c1174db31",
+      "product": {
+        "name": "CMSsite"
+      },
+      "product_version": "1.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "c241b108-d011-3f9c-93dd-2f8193ef8cf8",
+      "vendor": {
+        "name": "VictorAlagwu"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20132.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20132",
+  "enisaUuid": "d6aaebe6-7c44-3106-b4f8-18d671c5e661",
+  "description": "Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search parameter in endpoints like /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs to manipulate database queries and retrieve sensitive data.",
+  "datePublished": "Apr 12, 2026, 3:30:26 PM",
+  "dateUpdated": "Apr 12, 2026, 3:30:26 PM",
+  "baseScore": 7.1,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46266\nhttp://newsbull.org/\nhttps://github.com/gurkanuzunca/newsbull\nhttps://www.vulncheck.com/advisories/newsbull-haber-script-authenticated-sql-injection-via-search-parameter\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25699\n",
+  "aliases": "GHSA-84gx-938q-j68m\nCVE-2019-25699\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "c00833a6-a300-3dd1-b525-10ff71c61879",
+      "product": {
+        "name": "Newsbull Haber Script"
+      },
+      "product_version": "1.0.0"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "6af9057b-e689-3a1c-be06-f2903e09d337",
+      "vendor": {
+        "name": "Newsbull"
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2019-20133.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2019-20133",
+  "enisaUuid": "339f46fa-acf8-3e66-8eab-d0604734e31e",
+  "description": "Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges.",
+  "datePublished": "Apr 12, 2026, 3:30:26 PM",
+  "dateUpdated": "Apr 12, 2026, 3:30:26 PM",
+  "baseScore": 8.6,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+  "references": "https://www.exploit-db.com/exploits/46255\nhttp://www.divxtodvd.net/\nhttp://www.divxtodvd.net/easy_video_to_ipod.exe\nhttps://www.vulncheck.com/advisories/easy-video-to-ipod-converter-local-buffer-overflow-seh\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25701\n",
+  "aliases": "GHSA-p592-jgc7-p79g\nCVE-2019-25701\n",
+  "assigner": "VulnCheck",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "f6606f23-ac91-3074-9885-ebb5a4dfa270",
+      "product": {
+        "name": "Easy Video to iPod Converter"
+      },
+      "product_version": "1.6.20"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "3ecab45d-0852-336d-a350-12fd41c8b987",
+      "vendor": {
+        "name": "Divxtodvd"
+      }
+    }
+  ]
+}