category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-8829	HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities_CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities c...	OALDERS	HTML::Entities	Jun 4, 2026	CVE
CRITICAL 9.6	CVE-2026-8037	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF_CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary c...	Progress Software	LoadMaster V7.2.60.0	Jun 4, 2026	CVE
HIGH 8.7	CVE-2026-45433	Hardcoded Cryptographic Key Vulnerability in GX Earth ONT Models_CVE-2026-45433 This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacke...	GX INDIA	GX Earth 2022 version E2022 - 3.1.2A	Jun 4, 2026	CVE
MEDIUM 6.3	CVE-2026-43926	FOSSBilling’s password reset confirmation endpoint lacks rate limiting_CVE-2026-43926 FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/...	FOSSBilling	FOSSBilling < 0.8.0	Jun 4, 2026	CVE
MEDIUM 5.7	CVE-2026-40605	Tautulli Vulnerable to Authenticated Path Traversal in Cache Deletion API_CVE-2026-40605 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache...	Tautulli	Tautulli < 2.17.1	Jun 4, 2026	CVE
MEDIUM 5.1	CVE-2026-10861	MISP post-login open redirect via pre_login_requested_url_CVE-2026-10861 An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session k...	misp	misp	Jun 4, 2026	CVE
MEDIUM 5.1	CVE-2026-10856	Open redirect in MISP dashboard button widget URL handling_CVE-2026-10856 A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpr...	misp	misp	Jun 4, 2026	CVE
MEDIUM 5.1	CVE-2026-10855	MISP Event template importer authorization bypass_CVE-2026-10855 An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the appli...	misp	misp	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-10854	Unauthorized exposure of private galaxies in MISP event template creation_CVE-2026-10854 A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organ...	misp	misp	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-10810	itsourcecode Fees Management System navbar.php cross site scripting_CVE-2026-10810 A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This mani...	itsourcecode	Fees Management System 1.0	Jun 4, 2026	CVE