[{"id":"EUVD-2026-26366","enisaUuid":"cb326548-3367-30ca-aec0-7eaceabe3dd7","description":"LEX Baza Dokumentów is vulnerable to DOM-based XSS in \"em\" cookie parameter. The application unsafely\nprocesses the parameter on the client side, allowing an attacker to execute arbitrary\nJavaScript in the context of the victim\u0027s browser.\nAn attacker with ability to set a cookie can perform a more severe attack, so we evaluate the impact and risk of exploitation as minimal. However, the vendor considered this a vulnerability and released a security patch.\n\nThis issue was fixed in version 1.3.4.","datePublished":"Apr 30, 2026, 11:24:30 AM","dateUpdated":"Apr 30, 2026, 1:04:44 PM","baseScore":4.6,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","references":"https://www.wolterskluwer.com/pl-pl/solutions/lex-baza-dokumentow\nhttps://cert.pl/posts/2026/04/CVE-2025-1493\n","aliases":"CVE-2026-1493\n","assigner":"CERT-PL","epss":0.02},{"id":"EUVD-2026-26210","enisaUuid":"c1148614-0e42-3b15-8efd-bc66c77a82ea","description":"Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before staging or executing update payloads, enabling attacker‑supplied executables to be accepted and later executed by the application.\n\nCritically, Ollama for Windows performs silent automatic updates, so the malicious payload may be installed automatically without user awareness.\n\nMaintainers of this project were notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.","datePublished":"Apr 29, 2026, 11:44:33 AM","dateUpdated":"Apr 29, 2026, 1:23:07 PM","baseScore":7.7,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L","references":"https://cert.pl/en/posts/2026/04/CVE-2026-42248/\nhttps://ollama.com/\n","aliases":"CVE-2026-42248\n","assigner":"CERT-PL","epss":0.01},{"id":"EUVD-2026-26211","enisaUuid":"beabb86c-a1ec-37a4-80fb-e005cb92c224","description":"Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These values are passed directly to filepath.Join, allowing path traversal sequences (../) to be resolved and enabling files to be written outside the intended update staging directory.\nAn attacker who can influence update responses can exploit this flaw to write arbitrary executables to attacker‑chosen locations accessible to the current user, including the Windows Startup directory. This allows execution of arbitrary executables.\n\nCritically, when chained with CVE‑2026‑42248 (Missing Signature Verification for Updates), an attacker can deliver malicious payloads that are written to sensitive locations and executed automatically. Because Ollama for Windows performs silent automatic updates and executes staged binaries without user interaction, this results in automatic and persistent code execution without user awareness.\n\nMaintainers of this project were notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.","datePublished":"Apr 29, 2026, 11:44:39 AM","dateUpdated":"Apr 29, 2026, 1:20:29 PM","baseScore":7.7,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L","references":"https://cert.pl/en/posts/2026/04/CVE-2026-42248/\nhttps://ollama.com/\n","aliases":"CVE-2026-42249\n","assigner":"CERT-PL","epss":0.03},{"id":"EUVD-2026-26199","enisaUuid":"f8726b4d-c1ce-3900-a836-0a8ded4fe9b9","description":"SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “id_territorio” parameter, used immediately after the registration form is submitted, could be manipulated by an unauthenticated attacker to execute arbitrary SQL queries.","datePublished":"Apr 29, 2026, 8:37:32 AM","dateUpdated":"Apr 29, 2026, 12:06:07 PM","baseScore":10.0,"baseScoreVersion":"4.0","baseScoreVector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L","references":"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-megacms-crm-sistemas-de-fidelizacion\n","aliases":"CVE-2026-3325\n","assigner":"INCIBE","epss":0.03}]