category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-44653	LibreChat Shared MCP Server View Leaks Decrypted Admin Secrets_CVE-2026-44653 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to...	danny-avila	LibreChat < 0.8.4	Jun 2, 2026	CVE
MEDIUM 4.9	CVE-2026-41412	alf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension Script_CVE-2026-41412 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io e...	alfio-event	alf.io < 2.0-M5-2606	Jun 2, 2026	CVE
HIGH 7.1	CVE-2026-40108	GLPI Vulnerable to Stored XSS in ITIL Costs_CVE-2026-40108 GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. ...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 2, 2026	CVE
HIGH 8	CVE-2026-35482	alf.io has an Authenticated RCE via Extension Script Sandbox Escape_CVE-2026-35482 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox es...	alfio-event	alf.io < 2.0-M5-2606	Jun 2, 2026	CVE
CRITICAL 9.6	CVE-2026-32625	LibreChat Exfiltrates Server Secrets via MCP Server URL Injection_CVE-2026-32625 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP)...	danny-avila	LibreChat < 0.8.4-rc1	Jun 2, 2026	CVE
LOW 1.8	CVE-2026-10719	Open Seachest/Seachest NVMe show Format Descriptors Vulnerability_CVE-2026-10719 Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 ext...	N/A	N/A	Jun 2, 2026	CVE
MEDIUM 5.1	CVE-2026-10688	ahujasid blender-mcp server.py execute_blender_code code injection_CVE-2026-10688 A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute...	ahujasid	blender-mcp 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-9732	EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update_CVE-2026-9732 The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, an...	planetshaker	EmergencyWP – Dead Man's switch & legacy deliverance	Jun 2, 2026	CVE
MEDIUM 4.4	CVE-2026-7421	Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting_CVE-2026-7421 The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to t...	passeum	Passeum Ticketing	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10692	johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos_CVE-2026-10692 A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_...	johnhuang316	code-index-mcp 2.0	Jun 2, 2026	CVE