🚨 EUVD-2026-28261
📊 Score: 7.5/10 (CVSS v3.1)
📦 Product: nocobase
🏢 Vendor: nocobase
📅 Updated: 2026-05-07
📝 NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with st...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28261
🚨 EUVD-2026-28318
📊 Score: 7.2/10 (CVSS v3.1)
📦 Product: nocobase
🏢 Vendor: nocobase
📅 Updated: 2026-05-07
📝 NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is appli...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28318
🚨 EUVD-2026-28310
📊 Score: 8.8/10 (CVSS v3.1)
📦 Product: mathjs
🏢 Vendor: josdejong
📅 Updated: 2026-05-07
📝 Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28310
🚨 EUVD-2026-28316
📊 Score: 9.3/10 (CVSS v3.1)
📦 Product: fabric
🏢 Vendor: Hyperledger, Hyperledger
📅 Updated: 2026-05-07
📝 Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call Obj...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28316
🚨 EUVD-2026-28342
📊 Score: 6.9/10 (CVSS v3.1)
📦 Product: Cryptobox, Cryptobox
🏢 Vendor: Ercom
📅 Updated: 2026-05-07
📝 Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28342
🚨 EUVD-2026-28338
📊 Score: 6.5/10 (CVSS v3.1)
📦 Product: Royal Elementor Addons
🏢 Vendor: wproyal
📅 Updated: 2026-05-07
📝 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.
This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28338
🚨 EUVD-2026-28340
📊 Score: 4.7/10 (CVSS v3.1)
📦 Product: ZXCLOUD iRAI
🏢 Vendor: ZTE
📅 Updated: 2026-05-07
📝 A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28340
🚨 EUVD-2026-28334
📊 Score: 5.3/10 (CVSS v3.1)
📦 Product: YITH WooCommerce Wishlist
🏢 Vendor: YITH
📅 Updated: 2026-05-07
📝 Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28334
🚨 EUVD-2026-28336
📊 Score: 5.3/10 (CVSS v3.1)
📦 Product: PDF Poster
🏢 Vendor: bPlugins
📅 Updated: 2026-05-07
📝 Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PDF Poster: from n/a through 2.4.1.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28336
🚨 EUVD-2026-28330
📊 Score: 5.3/10 (CVSS v3.1)
📦 Product: Royal Elementor Addons
🏢 Vendor: wproyal
📅 Updated: 2026-05-07
📝 Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28330
EUVD Bot
