[{"id":"EUVD-2026-31153","enisaUuid":"40aa7c09-b745-3fbd-b2a9-097c250ade1f","description":"Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Drupal Drupal core allows SQL Injection.\n\nThis issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.","datePublished":"May 20, 2026, 6:20:52 PM","dateUpdated":"May 22, 2026, 7:58:23 PM","baseScore":9.8,"baseScoreVersion":"3.1","baseScoreVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":"https://www.drupal.org/sa-core-2026-004\n","aliases":"CVE-2026-9082\n","assigner":"drupal","epss":0.02,"exploitedSince":"May 22, 2026, 12:00:00 AM"},{"id":"EUVD-2026-31284","enisaUuid":"c9b163f0-61ff-3f21-9b60-fb3a6c6785d5","description":"A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.\n\n\r\nThis vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.","datePublished":"May 21, 2026, 1:03:21 PM","dateUpdated":"May 22, 2026, 12:47:07 PM","baseScore":6.7,"baseScoreVersion":"3.1","baseScoreVector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L","references":"https://success.trendmicro.com/en-US/solution/KA-0023430\nhttps://success.trendmicro.com/ja-JP/solution/KA-0022974\nhttps://jvn.jp/en/vu/JVNVU90583059/\nhttps://www.jpcert.or.jp/english/at/2026/at260014.html\n","aliases":"CVE-2026-34926\nGHSA-4ccp-cqrh-3w9v\n","assigner":"trendmicro","epss":0.25,"exploitedSince":"May 21, 2026, 12:00:00 AM"},{"id":"EUVD-2025-201507","enisaUuid":"45683bbe-c6d1-35b1-ae32-2aa02f835842","description":"Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins\u003d\u0027*\u0027 with allow_credentials\u003dTrue) combined with a refresh token cookie configured as SameSite\u003dNone allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.","datePublished":"Dec 5, 2025, 10:27:26 PM","dateUpdated":"Mar 5, 2026, 12:03:54 PM","baseScore":9.4,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H","references":"https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform\nhttps://github.com/langflow-ai/langflow\nhttps://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce\n","aliases":"CVE-2025-34291\nPYSEC-2025-78\nGHSA-577h-p2hh-v4mv\n","assigner":"VulnCheck","epss":31.2,"exploitedSince":"May 21, 2026, 12:00:00 AM"},{"id":"EUVD-2026-31102","enisaUuid":"e5b5f671-0a4e-364a-a835-ef7c2673e26d","description":"Microsoft Defender Denial of Service Vulnerability","datePublished":"May 20, 2026, 1:09:12 PM","dateUpdated":"May 22, 2026, 10:03:59 PM","baseScore":4.0,"baseScoreVersion":"3.1","baseScoreVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C","references":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498\n","aliases":"CVE-2026-45498\nGHSA-8gp3-pghr-6wxp\n","assigner":"microsoft","epss":2.77,"exploitedSince":"May 20, 2026, 12:00:00 AM"}]