Sync EUVD catalog: Sat Apr 18 00:37:18 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

advisories/2026/04/EUVD-2024-55542.json

@@ -2,15 +2,15 @@
   "id": "EUVD-2024-55542",
   "enisaUuid": "6d67b792-837c-34d6-8a2e-198e527fc972",
   "description": "Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 \r\nallows attackers to consume excessive amounts of disk space via network interface.",
-  "datePublished": "Apr 15, 2026, 9:51:52 AM",
-  "dateUpdated": "Apr 15, 2026, 9:51:52 AM",
+  "datePublished": "Apr 17, 2026, 3:31:17 PM",
+  "dateUpdated": "Apr 17, 2026, 3:31:17 PM",
   "baseScore": 7.5,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
-  "references": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html\n",
+  "references": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-33618\n",
   "aliases": "CVE-2024-33618\n",
   "assigner": "bosch",
-  "epss": 0.0,
+  "epss": 0.04,
   "enisaIdProduct": [
     {
       "id": "1e656699-c0d4-38e1-8d86-daf4280edcd7",

advisories/2026/04/EUVD-2024-55551.json

@@ -2,13 +2,13 @@
   "id": "EUVD-2024-55551",
   "enisaUuid": "98252aef-8646-3be3-a6cd-062004aa1a43",
   "description": "Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.",
-  "datePublished": "Apr 16, 2026, 10:27:03 PM",
-  "dateUpdated": "Apr 16, 2026, 10:36:12 PM",
+  "datePublished": "Apr 17, 2026, 12:31:02 AM",
+  "dateUpdated": "Apr 17, 2026, 12:31:02 AM",
   "baseScore": 4.3,
   "baseScoreVersion": "3.1",
   "baseScoreVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
-  "references": "https://github.com/websec/Vision-Helpdesk-Exploit\nhttps://websec.net/blog/critical-vulnerability-in-vision-helpdesk-allows-unauthorized-session-access-67264646bde7fa99ea26446f\n",
-  "aliases": "CVE-2024-58343\n",
+  "references": "https://github.com/websec/Vision-Helpdesk-Exploit\nhttps://websec.net/blog/critical-vulnerability-in-vision-helpdesk-allows-unauthorized-session-access-67264646bde7fa99ea26446f\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-58343\n",
+  "aliases": "CVE-2024-58343\nGHSA-gqwq-8j5x-ghf8\n",
   "assigner": "mitre",
   "epss": 0.0,
   "enisaIdProduct": [

advisories/2026/04/EUVD-2025-209467.json

@@ -2,15 +2,15 @@
   "id": "EUVD-2025-209467",
   "enisaUuid": "d511689d-37b4-31eb-a250-09cd597fb9c2",
   "description": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher.\n\nGOSTCTR implementation unable to process more than 255 blocks correctly.\n\n\nThis issue affects BC-JAVA: from 1.59 before 1.84.",
-  "datePublished": "Apr 15, 2026, 8:56:34 AM",
-  "dateUpdated": "Apr 15, 2026, 10:08:52 AM",
+  "datePublished": "Apr 17, 2026, 6:31:50 PM",
+  "dateUpdated": "Apr 17, 2026, 6:31:50 PM",
   "baseScore": 9.3,
   "baseScoreVersion": "4.0",
   "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/RE:M/U:Red",
-  "references": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813\nhttps://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f\nhttps://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3\n",
+  "references": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813\nhttps://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f\nhttps://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-14813\n",
   "aliases": "CVE-2025-14813\n",
   "assigner": "bcorg",
-  "epss": 0.0,
+  "epss": 0.01,
   "enisaIdProduct": [
     {
       "id": "48a55827-61e8-39ee-b452-b47cbd678eb2",

advisories/2026/04/EUVD-2025-209469.json

@@ -2,15 +2,15 @@
   "id": "EUVD-2025-209469",
   "enisaUuid": "3b8dd955-5ea1-3ab8-946b-874a3f35b4d0",
   "description": "An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability.",
-  "datePublished": "Apr 15, 2026, 8:18:05 AM",
-  "dateUpdated": "Apr 15, 2026, 8:18:05 AM",
+  "datePublished": "Apr 17, 2026, 6:31:50 PM",
+  "dateUpdated": "Apr 17, 2026, 6:31:50 PM",
   "baseScore": 7.2,
   "baseScoreVersion": "4.0",
   "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
-  "references": "https://security.nozominetworks.com/NN-2026:1-01\n",
-  "aliases": "CVE-2025-40897\n",
+  "references": "https://security.nozominetworks.com/NN-2026:1-01\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40897\n",
+  "aliases": "GHSA-57pr-fgr5-wqvx\nCVE-2025-40897\n",
   "assigner": "Nozomi",
-  "epss": 0.0,
+  "epss": 0.04,
   "enisaIdProduct": [
     {
       "id": "66c3be0b-f262-3999-91b0-0a24391a0f62",

advisories/2026/04/EUVD-2025-209471.json

@@ -2,15 +2,15 @@
   "id": "EUVD-2025-209471",
   "enisaUuid": "767fdb4c-4523-35e4-a651-7ac57f639e4e",
   "description": "A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the Assets or Nodes pages, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.",
-  "datePublished": "Apr 15, 2026, 8:18:36 AM",
-  "dateUpdated": "Apr 15, 2026, 8:18:36 AM",
+  "datePublished": "Apr 17, 2026, 6:31:50 PM",
+  "dateUpdated": "Apr 17, 2026, 6:31:50 PM",
   "baseScore": 7.1,
   "baseScoreVersion": "4.0",
   "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L",
-  "references": "https://security.nozominetworks.com/NN-2026:2-01\n",
-  "aliases": "CVE-2025-40899\n",
+  "references": "https://security.nozominetworks.com/NN-2026:2-01\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40899\n",
+  "aliases": "CVE-2025-40899\nGHSA-28p4-5j5m-924h\n",
   "assigner": "Nozomi",
-  "epss": 0.0,
+  "epss": 0.03,
   "enisaIdProduct": [
     {
       "id": "7297b2ff-8800-3c2e-a5c8-27f19055da30",

advisories/2026/04/EUVD-2025-209512.json

@@ -0,0 +1,38 @@
+{
+  "id": "EUVD-2025-209512",
+  "enisaUuid": "316d15a5-d18c-379c-8477-54269fee8ca4",
+  "description": "Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect.\u00a0Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.",
+  "datePublished": "Apr 17, 2026, 9:31:19 AM",
+  "dateUpdated": "Apr 17, 2026, 9:31:19 AM",
+  "baseScore": 6.2,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:N/S:P/AU:Y/V:C/RE:M/U:Red",
+  "references": "https://sparxsystems.com/products/ea/17.1/history.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15622\n",
+  "aliases": "GHSA-g7j3-235h-9jvv\nCVE-2025-15622\n",
+  "assigner": "NCSC-FI",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "94f4d987-16a0-3196-a3fe-460756569021",
+      "product": {
+        "name": "Sparx Enterprise Architect"
+      },
+      "product_version": "16.1.1627"
+    },
+    {
+      "id": "9bce1144-74a0-3707-8f3e-9f0976f13467",
+      "product": {
+        "name": "Sparx Enterprise Architect"
+      },
+      "product_version": ""
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "e4ce4fb2-2401-3e79-a5c7-796074d2c953",
+      "vendor": {
+        "name": "Sparx Systems Pty Ltd."
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209513.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2025-209513",
+  "enisaUuid": "ad0c5709-72d2-3fad-abf9-8b6cc4b05e4a",
+  "description": "Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.\n\nUnauthenticated user can retrieve database password in plaintext in certain situations",
+  "datePublished": "Apr 17, 2026, 9:31:19 AM",
+  "dateUpdated": "Apr 17, 2026, 9:31:19 AM",
+  "baseScore": 9.3,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:P/AU:Y/V:C/RE:M/U:Red",
+  "references": "https://sparxsystems.com/products/procloudserver/6.1/history.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15623\n",
+  "aliases": "CVE-2025-15623\nGHSA-mqmv-fjj3-cwjx\n",
+  "assigner": "NCSC-FI",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "4647b6de-65f9-338d-ae30-463e81ec1d38",
+      "product": {
+        "name": "Sparx Pro Cloud Server"
+      },
+      "product_version": "6.0.163"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "fc320110-44e1-3ff0-a0f9-181ad5f51d68",
+      "vendor": {
+        "name": "Sparx Systems Pty Ltd."
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209514.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2025-209514",
+  "enisaUuid": "ace5b3aa-cf99-307e-9eeb-1b4092de277d",
+  "description": "Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.\u00a0\nIn a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.",
+  "datePublished": "Apr 17, 2026, 9:31:19 AM",
+  "dateUpdated": "Apr 17, 2026, 9:31:19 AM",
+  "baseScore": 9.3,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/V:C/RE:M/U:Red",
+  "references": "https://sparxsystems.com/products/procloudserver/6.1/history.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15624\n",
+  "aliases": "CVE-2025-15624\nGHSA-9gf7-444h-6v98\n",
+  "assigner": "NCSC-FI",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "eff2c6d2-2ca6-3cf2-88e4-ad669c88d6d2",
+      "product": {
+        "name": "Sparx Pro Cloud Server"
+      },
+      "product_version": "6.0.163"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "27c4eb13-34d6-36ee-a13f-d23204e1d789",
+      "vendor": {
+        "name": "Sparx Systems Pty Ltd."
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209515.json

@@ -0,0 +1,31 @@
+{
+  "id": "EUVD-2025-209515",
+  "enisaUuid": "389b528b-a1df-31bc-9113-04a71934e62d",
+  "description": "Unauthenticated user is able to\u00a0execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.",
+  "datePublished": "Apr 17, 2026, 9:31:20 AM",
+  "dateUpdated": "Apr 17, 2026, 9:31:20 AM",
+  "baseScore": 9.5,
+  "baseScoreVersion": "4.0",
+  "baseScoreVector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:M/U:Red",
+  "references": "https://sparxsystems.com/products/procloudserver/6.1/history.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15625\n",
+  "aliases": "GHSA-cpjc-5x9w-83h8\nCVE-2025-15625\n",
+  "assigner": "NCSC-FI",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "15471df9-e233-3d4d-883f-553da1f497e0",
+      "product": {
+        "name": "Sparx Pro Cloud Server"
+      },
+      "product_version": "6.0.163"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "c6d4a60c-9762-301c-b6c5-3cf586a03194",
+      "vendor": {
+        "name": "Sparx Systems Pty Ltd."
+      }
+    }
+  ]
+}

advisories/2026/04/EUVD-2025-209517.json

@@ -0,0 +1,45 @@
+{
+  "id": "EUVD-2025-209517",
+  "enisaUuid": "bf5db915-1611-318b-a33a-f7fd5905d057",
+  "description": "Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.",
+  "datePublished": "Apr 17, 2026, 9:31:20 AM",
+  "dateUpdated": "Apr 17, 2026, 9:31:20 AM",
+  "baseScore": 7.8,
+  "baseScoreVersion": "3.1",
+  "baseScoreVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
+  "references": "https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-36568\n",
+  "aliases": "GHSA-q846-2w2g-p6v6\nCVE-2025-36568\n",
+  "assigner": "dell",
+  "epss": 0.0,
+  "enisaIdProduct": [
+    {
+      "id": "3bf6e1d3-057a-3f59-8e4c-3408771a1094",
+      "product": {
+        "name": "PowerProtect Data Domain BoostFS"
+      },
+      "product_version": "0 <8.3.1.30 or later"
+    },
+    {
+      "id": "6fe69452-81d8-34ae-b900-91321482cb6c",
+      "product": {
+        "name": "PowerProtect Data Domain BoostFS"
+      },
+      "product_version": "0 <8.6.0.0 or later"
+    },
+    {
+      "id": "fca94498-0e34-3fd6-ad68-17960c6b1e63",
+      "product": {
+        "name": "PowerProtect Data Domain BoostFS"
+      },
+      "product_version": "0 <7.13.1.60 or later"
+    }
+  ],
+  "enisaIdVendor": [
+    {
+      "id": "c46860b9-85ee-3d5d-a49a-ee65c3816b43",
+      "vendor": {
+        "name": "Dell"
+      }
+    }
+  ]
+}