ENISA EU Vulnerability Database (EUVD)
enisa-euvd · A · active
EU vulnerability database mandated by NIS2 Art. 12(2), operated by ENISA — the EU counterpart to CISA KEV for exploitation ground truth, plus CVSS/EPSS-enriched coverage of newly published vulnerabilities. Records carry EUVD-YYYY-NNNNN ids aliased to CVE/GHSA ids, references to vendor advisories, `baseScore`/`epss`, and — on the exploited listing — `exploitedSince` (EU-side actively-exploited signal to read NEXT TO cisa-kev every run; the two catalogs overlap but neither is a superset). tier: essential — attempted on EVERY intel run, and the check means ALL THREE listing endpoints, not just one: (1) newest records → `python3 tools/fetch_source.py enisa-euvd recent lastvulnerabilities` (≙ https://euvd.enisa.europa.eu/); (2) critical CVSS 9.0–10.0 → `python3 tools/fetch_source.py enisa-euvd recent criticals` (≙ https://euvd.enisa.europa.eu/search?fromScore=9&toScore=10); (3) actively exploited → `python3 tools/fetch_source.py enisa-euvd recent exploited` (≙ https://euvd.enisa.europa.eu/search?exploited=true). Drill one record with `enisa-euvd advisory <EUVD-id>`. REQUIRED FETCH METHOD: the bridge api subcommands only — the SPA at euvd.enisa.europa.eu returns an empty <noscript> shell to WebFetch (not a fetch failure; recipe transition per the agent definition). The JSON API lives on the separate services host euvdservices.enisa.europa.eu (bridge re-pointed 2026-05-11). Citation discipline: the API JSON is the data, never the citation — cite the vendor advisory / CERT primary the record references (CVE primary-source order puts EUVD below vendor/CERT but above researcher write-ups); where the EUVD entry itself is the source, cite the human detail page https://euvd.enisa.europa.eu/enisa/eu_vulnerability_database/<EUVD-id>, never the search/listing URL. | 2026-07-09 added as tier: essential on operator request (EUVD ground truth next to CISA KEV): all three listing endpoints verified live and current same day — lastvulnerabilities, criticals, and exploited each returned in-window JSON (exploited carries exploitedSince; e.g. EUVD-2026-40121 / CVE-2026-56290 exploitedSince Jul 7).
Cited in 15 entries
Citation cadence
Citation days per ISO week (8 weeks of coverage span, total 12).
- CVE-2026-58053 — Gitea act_runner Docker backend: container-hardening bypass to host escape (public PoC, ENISA-critical)2026-06-29
- CVE-2026-12569 — PTC Windchill / FlexPLM: pre-auth deserialization RCE, now confirmed exploited with JSP web shells (CISA KEV)2026-06-29
- CVE-2026-58053 — Gitea act_runner Docker backend: container-hardening bypass to host escape (CVSS 9.4, public PoC)2026-06-28
- PTC Windchill CVE-2026-12569 now confirmed exploited in the wild with JSP web shells2026-06-27
- CVE-2026-12789 — ILIAS 11.0: unpatched, PoC-public SQL injection in the learning-progress subsystem (DACH education exposure)2026-06-23
- CVE-2026-12046 / CVE-2026-12045 / CVE-2026-12048 — pgAdmin 4: unauthenticated pickle deserialization RCE, AI-Assistant read-only-transaction bypass, stored XSS2026-06-19
- CVE-2026-28318 — SolarWinds Serv-U: unauthenticated DoS added to CISA KEV2026-06-06
- CVE-2026-8931 — Disig Web Signer: critical RCE in a Slovak electronic-signature client2026-06-02
- CVE-2026-35087 / CVE-2026-35089 / CVE-2026-35090 — Slican PBX telephony exchanges, triple pre-authentication admin bypass (CERT Polska)2026-05-28
- CVE-2026-9642 — Delta Electronics DIAView SCADA: incomplete fix for prior unauthenticated remote database access (CVE-2025-62582)2026-05-27
- CVE-2026-9312 — GitHub Enterprise Server (< 3.22): unauthenticated SSRF via upload-endpoint path traversal exposes internal services and credentials2026-05-27
- CVE-2026-9058 — Szafir SDK (KIR): signature-verification routine reports success on an untrusted certificate chain, enabling auth bypass in Polish e-government2026-05-26
- Sparx Enterprise Architect / Pro Cloud Server — five-CVE chain (pre-auth SQL injection + WebEA race-condition RCE), public PoC, no vendor patch2026-05-20
- CVE-2026-41553 — DHTMLX PDF Export Module: unauthenticated server-side JavaScript injection RCE (CVSS 4.0 score 10.0), with CVE-2026-41552 and CVE-2026-7182 path-traversal companions2026-05-17
- CERT-PL CVE-2026-44088 — SzafirHost JAR zip-polyglot bypass in Poland's qualified e-signature browser helper2026-05-17