๐จ EUVD-2026-28261
๐ Score: 7.5/10 (CVSS v3.1)
๐ฆ Product: nocobase
๐ข Vendor: nocobase
๐
Updated: 2026-05-07
๐ NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with st...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28261
๐จ EUVD-2026-28318
๐ Score: 7.2/10 (CVSS v3.1)
๐ฆ Product: nocobase
๐ข Vendor: nocobase
๐
Updated: 2026-05-07
๐ NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is appli...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28318
๐จ EUVD-2026-28310
๐ Score: 8.8/10 (CVSS v3.1)
๐ฆ Product: mathjs
๐ข Vendor: josdejong
๐
Updated: 2026-05-07
๐ Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0.
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28310
๐จ EUVD-2026-28316
๐ Score: 9.3/10 (CVSS v3.1)
๐ฆ Product: fabric
๐ข Vendor: Hyperledger, Hyperledger
๐
Updated: 2026-05-07
๐ Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call Obj...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28316
๐จ EUVD-2026-28342
๐ Score: 6.9/10 (CVSS v3.1)
๐ฆ Product: Cryptobox, Cryptobox
๐ข Vendor: Ercom
๐
Updated: 2026-05-07
๐ Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28342
๐จ EUVD-2026-28338
๐ Score: 6.5/10 (CVSS v3.1)
๐ฆ Product: Royal Elementor Addons
๐ข Vendor: wproyal
๐
Updated: 2026-05-07
๐ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.
This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28338
๐จ EUVD-2026-28340
๐ Score: 4.7/10 (CVSS v3.1)
๐ฆ Product: ZXCLOUD iRAI
๐ข Vendor: ZTE
๐
Updated: 2026-05-07
๐ A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28340
๐จ EUVD-2026-28334
๐ Score: 5.3/10 (CVSS v3.1)
๐ฆ Product: YITH WooCommerce Wishlist
๐ข Vendor: YITH
๐
Updated: 2026-05-07
๐ Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28334
๐จ EUVD-2026-28336
๐ Score: 5.3/10 (CVSS v3.1)
๐ฆ Product: PDF Poster
๐ข Vendor: bPlugins
๐
Updated: 2026-05-07
๐ Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PDF Poster: from n/a through 2.4.1.
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28336
๐จ EUVD-2026-28330
๐ Score: 5.3/10 (CVSS v3.1)
๐ฆ Product: Royal Elementor Addons
๐ข Vendor: wproyal
๐
Updated: 2026-05-07
๐ Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28330
EUVD Bot
