category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-47324	Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system_CVE-2026-47324 ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers obj...	ProjectsAndPrograms	school-management-system 6b6fae5	Jun 3, 2026	CVE
LOW 3.7	CVE-2026-44546	Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing_CVE-2026-44546 daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twis...	djangoproject	daphne 4.2.0	Jun 3, 2026	CVE
MEDIUM 5.3	CVE-2026-44545	Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service_CVE-2026-44545 daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both ...	djangoproject	daphne 4.2.0	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-35193	Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware_CVE-2026-35193 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `A...	djangoproject	Django 6.0	Jun 3, 2026	CVE
LOW 1.2	CVE-2026-10729	HTML injection in the notification email for “Slow Redirect” and “Cloned Website” Canarytokens_CVE-2026-10729 An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research ...	Thinkst Applied Research	Canarytokens sha-c42435e	Jun 3, 2026	CVE
MEDIUM 6.3	CVE-2026-35717	CVE-2026-35717_CVE-2026-35717 A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers ...	n/a	n/a n/a	Jun 2, 2026	CVE
HIGH 8.7	CVE-2026-35085	Stack buffer overflow in method gdv-serverconfig_CVE-2026-35085 A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.	MBS	Single-A V1_0_0_0	Jun 3, 2026	CVE
HIGH 8.7	CVE-2026-35084	Stack buffer overflow in method dali-devconfig_CVE-2026-35084 A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.	MBS	Single-A V1_0_0_0	Jun 3, 2026	CVE
HIGH 8.7	CVE-2026-35083	Stack buffer overflow in method bac-deviceobject_CVE-2026-35083 A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.	MBS	Single-A V1_0_0_0	Jun 3, 2026	CVE
HIGH 8.7	CVE-2026-35082	Local file inclusion vulnerability and deletion in ugw-logread method_CVE-2026-35082 The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplie...	MBS	MBS products including Single-A, Double-A, Single-X, Double-X, and Triple-X V1_0_0_0	Jun 3, 2026	CVE