category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-53429	Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service_CVE-2026-53429 Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered docum...	leandrocp	mdex 0.11.0	Jun 29, 2026	CVE
HIGH 8.2	CVE-2026-53426	Atom-table exhaustion denial-of-service via JSON parse_document in MDEx_CVE-2026-53426 Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parse_document/2 accepts a ...	leandrocp	mdex 0.4.3	Jun 29, 2026	CVE
HIGH 7.8	CVE-2026-57919	CVE-2026-57919_CVE-2026-57919 PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ...	n/a	n/a n/a	Jun 29, 2026	CVE
CRITICAL 9.6	CVE-2026-57498	Coolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams’ Servers_CVE-2026-57498 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controll...	coollabsio	coolify < 4.0.0-beta.474	Jun 29, 2026	CVE
CRITICAL 9.8	CVE-2026-13763	HTTP/2 Stream Parser Confusion Body-Inspection Bypass in AWS Application Load Balancer with AWS WAF_CVE-2026-13763 Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF ma...	AWS	AWS Application Load Balancer	Jun 29, 2026	CVE
CRITICAL 9.8	CVE-2026-13762	HTTP/2 Stream Parser Confusion Body-Inspection Bypass in Amazon CloudFront with AWS WAF_CVE-2026-13762 Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule b...	AWS	Amazon CloudFront	Jun 29, 2026	CVE
HIGH 8.3	CVE-2026-57960	Hi.Events 1.9.0 – Unauthenticated Attendee PII Exposure via Check-in List short_id_CVE-2026-57960 Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control, allowing unauthenticated access to retrieve full attend...	HiEventsDev	Hi.Events	Jun 29, 2026	CVE
HIGH 8.2	CVE-2026-57959	Hi.Events 1.9.0 – Promo Code Max-Usage Bypass via Asynchronous Job Race Condition_CVE-2026-57959 Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStati...	HiEventsDev	Hi.Events	Jun 29, 2026	CVE
MEDIUM 5.1	CVE-2026-57958	Mixpost 2.6.0 – Reflected XSS via OAuth Callback Error Parameter_CVE-2026-57958 Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript...	inovector	mixpost	Jun 29, 2026	CVE
LOW 2.3	CVE-2026-57957	Papermark 0.22.0 – CORS Misconfiguration in Viewer Upload Endpoint_CVE-2026-57957 Papermark through 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability that allows unauthenticated remote attacker...	papermark	papermark	Jun 29, 2026	CVE