Sync EUVD catalog: Tue Jun 2 00:59:04 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2026/04/EUVD-2026-25420.json

@@ -2,16 +2,97 @@
   "id": "EUVD-2026-25420",
   "enisaUuid": "3d79cc81-4ebd-3ee3-a80b-f189209e9efa",
   "description": "When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the actual packet buffer size. A VM can send a short packet with an inflated IP length field that triggers an ICMP error (e.g., by hitting a reject ACL), causing ovn-controller to read heap memory beyond the valid packet data and include it in the ICMP response sent back to the VM.",
-  "datePublished": "Apr 24, 2026, 3:32:32 PM",
-  "dateUpdated": "Apr 24, 2026, 3:32:32 PM",
+  "datePublished": "Apr 24, 2026, 12:25:06 PM",
+  "dateUpdated": "Jun 1, 2026, 12:15:34 AM",
   "baseScore": 6.5,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
-  "references": "https://access.redhat.com/security/cve/CVE-2026-5265\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2453458\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5265\nhttp://www.openwall.com/lists/oss-security/2026/04/20/2\nhttp://www.openwall.com/lists/oss-security/2026/04/20/4\n",
+  "references": "https://access.redhat.com/errata/RHSA-2026:11694\nhttps://access.redhat.com/errata/RHSA-2026:11695\nhttps://access.redhat.com/errata/RHSA-2026:11696\nhttps://access.redhat.com/errata/RHSA-2026:11698\nhttps://access.redhat.com/errata/RHSA-2026:11700\nhttps://access.redhat.com/errata/RHSA-2026:11701\nhttps://access.redhat.com/errata/RHSA-2026:11702\nhttps://access.redhat.com/errata/RHSA-2026:22110\nhttps://access.redhat.com/security/cve/CVE-2026-5265\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2453458\n",
   "aliases": "GHSA-whr7-6788-jg2p\nCVE-2026-5265\n",
   "assigner": "redhat",
-  "epss": 0.0,
-  "enisaIdProduct": [],
+  "epss": 0.1,
+  "enisaIdProduct": [
+    {
+      "id": "00e899ac-a7b5-3798-b8aa-ec47f264caab",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:23.09.6-16.el9fdp"
+    },
+    {
+      "id": "2470735b-70cf-32f3-99e9-091d5d6dddab",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:25.03.2-100.el9fdp"
+    },
+    {
+      "id": "63abd9df-9747-33a0-9125-0db008e6bf03",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:24.03.7-82.el9fdp"
+    },
+    {
+      "id": "671fa0d0-e562-3bc1-ada0-3d1e2221faad",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 8",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:23.06.4-30.el8fdp"
+    },
+    {
+      "id": "723a35cf-2da9-3836-82dd-a57bb6289127",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 8",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:21.12.0-145.el8fdp"
+    },
+    {
+      "id": "bbbf9dde-3512-35f5-a964-f7482266bc2d",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:23.06.4-30.el9fdp"
+    },
+    {
+      "id": "bdd4206a-9a83-336b-bd94-8e5d475f1352",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:25.09.2-103.el9fdp"
+    },
+    {
+      "id": "c8e3fb8e-071b-3c44-92df-2730f10413ca",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 10",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:25.03.2-100.el10fdp"
+    }
+  ],
   "enisaIdVendor": [
     {
       "id": "591c0957-c373-33ad-b491-ecc294b0460f",

advisories/2026/04/EUVD-2026-25421.json

@@ -2,16 +2,97 @@
   "id": "EUVD-2026-25421",
   "enisaUuid": "a491ad58-aa51-30c5-a784-f279269f8d5c",
   "description": "A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.",
-  "datePublished": "Apr 24, 2026, 3:32:32 PM",
-  "dateUpdated": "Apr 24, 2026, 3:32:32 PM",
+  "datePublished": "Apr 24, 2026, 12:25:05 PM",
+  "dateUpdated": "Jun 1, 2026, 12:15:34 AM",
   "baseScore": 8.6,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
-  "references": "https://access.redhat.com/security/cve/CVE-2026-5367\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2455863\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5367\nhttp://www.openwall.com/lists/oss-security/2026/04/20/3\nhttp://www.openwall.com/lists/oss-security/2026/04/20/5\n",
+  "references": "https://access.redhat.com/errata/RHSA-2026:11694\nhttps://access.redhat.com/errata/RHSA-2026:11695\nhttps://access.redhat.com/errata/RHSA-2026:11696\nhttps://access.redhat.com/errata/RHSA-2026:11698\nhttps://access.redhat.com/errata/RHSA-2026:11700\nhttps://access.redhat.com/errata/RHSA-2026:11701\nhttps://access.redhat.com/errata/RHSA-2026:11702\nhttps://access.redhat.com/errata/RHSA-2026:22110\nhttps://access.redhat.com/security/cve/CVE-2026-5367\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2455863\n",
   "aliases": "GHSA-r8vj-9qgr-m84x\nCVE-2026-5367\n",
   "assigner": "redhat",
-  "epss": 0.0,
-  "enisaIdProduct": [],
+  "epss": 0.02,
+  "enisaIdProduct": [
+    {
+      "id": "369136bf-6bbc-3581-b398-5b0b6ce24787",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:23.09.6-16.el9fdp"
+    },
+    {
+      "id": "42a32d90-78e0-3529-87b9-c6eae6acba0c",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 10",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:25.03.2-100.el10fdp"
+    },
+    {
+      "id": "4e0b43cd-2bef-3771-abec-3ea5a5b5441b",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:25.03.2-100.el9fdp"
+    },
+    {
+      "id": "5b5512cb-8a01-398f-ba55-182ca4e37cdc",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:25.09.2-103.el9fdp"
+    },
+    {
+      "id": "a2455ee2-aa9f-38b8-aa51-edc0c27de442",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:23.06.4-30.el9fdp"
+    },
+    {
+      "id": "ad2d40db-c798-37fe-a791-65330f090fd0",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 8",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:23.06.4-30.el8fdp"
+    },
+    {
+      "id": "d4ec1179-1477-3335-b621-e9691b76ad03",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 9",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:24.03.7-82.el9fdp"
+    },
+    {
+      "id": "e316c3aa-790b-350a-8663-a1161c205031",
+      "product": {
+        "name": "Fast Datapath for Red Hat Enterprise Linux 8",
+        "vendor": {
+          "name": "Red Hat"
+        }
+      },
+      "product_version": "patch: 0:21.12.0-145.el8fdp"
+    }
+  ],
   "enisaIdVendor": [
     {
       "id": "972a37f6-3182-38b5-9881-2fc4f76bc774",

advisories/2026/05/EUVD-2026-33446.json

@@ -3,7 +3,7 @@
   "enisaUuid": "7da18615-5ab2-32f5-99b0-6217e5f32c28",
   "description": "Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.",
   "datePublished": "May 30, 2026, 1:50:42 AM",
-  "dateUpdated": "May 30, 2026, 3:08:42 AM",
+  "dateUpdated": "Jun 1, 2026, 12:51:18 PM",
   "baseScore": 5.3,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",

advisories/2026/05/EUVD-2026-33453.json

@@ -3,7 +3,7 @@
   "enisaUuid": "092557e7-91e1-3c77-a72e-c32799e4fa9c",
   "description": "The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing WordPress's wp_magic_quotes protection, which only covers $_POST/$_GET/$_COOKIE/$_REQUEST), then each is split on ',' via explode() and the resulting fragments are interpolated directly into a SQL BETWEEN clause in gmw_get_locations_within_boundaries_sql() without is_numeric() validation, (float) casting, esc_sql(), or $wpdb->prepare(). This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires the site to host the Posts Locator search-results shortcode (`[gmw form=\"results\" form_id=N]`) on a public page and to have at least one published post with an associated gmw_location row.",
   "datePublished": "May 30, 2026, 9:28:59 AM",
-  "dateUpdated": "May 30, 2026, 9:28:59 AM",
+  "dateUpdated": "Jun 1, 2026, 10:33:52 AM",
   "baseScore": 7.5,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",

advisories/2026/05/EUVD-2026-33454.json

@@ -3,14 +3,14 @@
   "enisaUuid": "4959c4cd-f7f2-3b4d-8a6f-a1c6587a3bfd",
   "description": "The Spectra Gutenberg Blocks \u2013 Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. Exploitation requires a two-block payload embedded in post content: the first block registers a fake uagb/-prefixed block type with an attacker-specified render_callback, and the second block of the same fake type triggers invocation of that callback via call_user_func() during sequential block rendering in the same page request.",
   "datePublished": "May 30, 2026, 9:29:00 AM",
-  "dateUpdated": "May 30, 2026, 9:29:00 AM",
+  "dateUpdated": "Jun 1, 2026, 10:33:41 AM",
   "baseScore": 8.8,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
   "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60013752-d7cf-46e8-84e1-1b614f737b46?source=cve\nhttps://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-init-blocks.php#L335\nhttps://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tags/2.19.25/classes/class-uagb-init-blocks.php#L335\nhttps://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-init-blocks.php#L330\nhttps://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tags/2.19.25/classes/class-uagb-init-blocks.php#L330\nhttps://wordpress.org/plugins/ultimate-addons-for-gutenberg/#developers\n",
   "aliases": "CVE-2026-7465\nGHSA-m3v7-28jh-gr9j\n",
   "assigner": "Wordfence",
-  "epss": 0.22,
+  "epss": 0.08,
   "enisaIdProduct": [
     {
       "id": "a65d78f6-0931-3a6a-ba4d-06548052aac8",

advisories/2026/05/EUVD-2026-33455.json

@@ -3,7 +3,7 @@
   "enisaUuid": "7dadc1a1-769f-377f-be9b-74b0e9fcb69d",
   "description": "The Simple History \u2013 Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints (react_to_event() / unreact_to_event()). The endpoints register get_items_permissions_check() as their permission_callback, which only verifies the requester is logged in and does not enforce the per-logger capability checks normally applied by Log_Query. As a result, a Subscriber-level user can POST to /wp-json/simple-history/v1/events/<id>/react with the _fields=context query parameter and read the full context of any Simple History event \u2014 including SimpleUserLogger entries that record the full password-reset email body (reset URL with the reset key) for any user. The attacker triggers a password reset for an administrator via the lost-password form, brute-forces recent event IDs through the reaction endpoint to read the resulting user_requested_password_reset_link event, extracts the reset key from context.message, and completes the password reset to take over the administrator account. Exploitation requires an administrator to have first enabled the experimental features option (simple_history_experimental_features_enabled), which is not the default.",
   "datePublished": "May 30, 2026, 9:29:00 AM",
-  "dateUpdated": "May 30, 2026, 9:29:00 AM",
+  "dateUpdated": "Jun 1, 2026, 10:33:32 AM",
   "baseScore": 7.5,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",

advisories/2026/05/EUVD-2026-33476.json

@@ -3,14 +3,14 @@
   "enisaUuid": "f9d4d74b-5245-30b4-b249-d88a34c8a19b",
   "description": "A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is a188e36b1741ffc2252133f59b1bda4f14d3cb5c. It is suggested to install a patch to address this issue.",
   "datePublished": "May 31, 2026, 12:30:10 AM",
-  "dateUpdated": "May 31, 2026, 12:30:10 AM",
+  "dateUpdated": "Jun 1, 2026, 5:43:55 AM",
   "baseScore": 6.9,
   "baseScoreVersion": "4.0",
   "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
-  "references": "https://vuldb.com/vuln/367410\nhttps://vuldb.com/vuln/367410/cti\nhttps://vuldb.com/submit/818939\nhttps://github.com/open5gs/open5gs/issues/4393\nhttps://github.com/open5gs/open5gs/pull/4557\nhttps://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c\nhttps://github.com/open5gs/open5gs/\n",
+  "references": "https://vuldb.com/vuln/367410\nhttps://vuldb.com/vuln/367410/cti\nhttps://vuldb.com/cve/CVE-2026-10157\nhttps://vuldb.com/submit/818939\nhttps://github.com/open5gs/open5gs/issues/4393\nhttps://github.com/open5gs/open5gs/pull/4557\nhttps://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c\nhttps://github.com/open5gs/open5gs/\n",
   "aliases": "CVE-2026-10157\nGHSA-89hg-mhjp-f99q\n",
   "assigner": "VulDB",
-  "epss": 0.0,
+  "epss": 0.1,
   "enisaIdProduct": [
     {
       "id": "082791a7-2d1b-3aba-ae1b-20bc5da5fb79",

advisories/2026/05/EUVD-2026-33483.json

@@ -3,14 +3,14 @@
   "enisaUuid": "3e738f14-f8c6-3988-b6fe-10b9aa7cbcf1",
   "description": "The Advanced Custom Fields (ACF\u00ae) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the post_title and post_content of any post bound to a publicly accessible acf_form() instance by injecting values into the _post_title and _post_content parameters of a form submission request.",
   "datePublished": "May 31, 2026, 2:28:00 AM",
-  "dateUpdated": "May 31, 2026, 2:28:00 AM",
+  "dateUpdated": "Jun 1, 2026, 10:33:23 AM",
   "baseScore": 5.3,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
   "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ddb2290d-d4bd-4f70-9fe9-927f49721811?source=cve\nhttps://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.8.0/includes/forms/form-front.php#L243\nhttps://plugins.trac.wordpress.org/changeset/3549586/advanced-custom-fields/trunk/includes/forms/form-front.php\n",
   "aliases": "CVE-2026-8382\nGHSA-mqv8-cjf6-jmc9\n",
   "assigner": "Wordfence",
-  "epss": 0.0,
+  "epss": 0.06,
   "enisaIdProduct": [
     {
       "id": "1c993c1b-668b-30af-927b-7128723d0d3b",

advisories/2026/05/EUVD-2026-33491.json

@@ -3,14 +3,14 @@
   "enisaUuid": "10dfdf65-90a4-3952-9712-95e4bf9fd89b",
   "description": "A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
   "datePublished": "May 31, 2026, 5:45:08 AM",
-  "dateUpdated": "May 31, 2026, 5:45:08 AM",
+  "dateUpdated": "Jun 1, 2026, 1:31:03 PM",
   "baseScore": 5.1,
   "baseScoreVersion": "4.0",
   "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
   "references": "https://vuldb.com/vuln/367425\nhttps://vuldb.com/vuln/367425/cti\nhttps://vuldb.com/submit/819292\nhttps://github.com/gtxy114514/CVE/issues/6\nhttps://code-projects.org/\n",
   "aliases": "CVE-2026-10171\nGHSA-pr9p-j46f-9gph\n",
   "assigner": "VulDB",
-  "epss": 0.0,
+  "epss": 0.03,
   "enisaIdProduct": [
     {
       "id": "df182bcd-03cb-3654-8935-7cefc5574014",

advisories/2026/05/EUVD-2026-33492.json

@@ -3,14 +3,14 @@
   "enisaUuid": "9939fc9f-c4f5-3ebe-bd1d-83680575634c",
   "description": "A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.",
   "datePublished": "May 31, 2026, 6:45:06 AM",
-  "dateUpdated": "May 31, 2026, 6:59:07 AM",
+  "dateUpdated": "Jun 1, 2026, 3:05:52 PM",
   "baseScore": 5.3,
   "baseScoreVersion": "4.0",
   "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
   "references": "https://vuldb.com/vuln/367429\nhttps://vuldb.com/vuln/367429/cti\nhttps://vuldb.com/cve/CVE-2026-10172\nhttps://vuldb.com/submit/819418\nhttps://github.com/kevin57545/CVE/blob/main/bdtask-multi-store-rce.md\n",
   "aliases": "CVE-2026-10172\nGHSA-55rv-vx3h-7mh7\n",
   "assigner": "VulDB",
-  "epss": 0.0,
+  "epss": 0.04,
   "enisaIdProduct": [
     {
       "id": "00ee7530-569e-3296-98e8-801244dd3078",