category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-56248	Capgo – Unauthenticated Denial-of-Service via audit_logs RLS Policy_CVE-2026-56248 Cap-go capgo (capgo-backend) before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the audit_logs table's Row-L...	Cap-go	capgo	Jun 23, 2026	CVE
HIGH 8.6	CVE-2026-56243	Capgo – Hashed API Key Enforcement Bypass via PostgREST/RLS Plane_CVE-2026-56243 Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey...	Capgo	Capgo	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-56234	Capgo – Password Spraying via Public-Key Accessible Credential Validation Endpoint_CVE-2026-56234 Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate_password_compliance endpoint that i...	Capgo	Capgo	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-56225	Capgo – Authorization Bypass in API Key Management via App-Limited Keys_CVE-2026-56225 Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys crea...	Capgo	Capgo	Jun 23, 2026	CVE
HIGH 8.6	CVE-2026-56222	Capgo – Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings_CVE-2026-56222 Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during ap...	Capgo	Capgo	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-54892	Plug: quadratic-time decoding of nested query/body parameters enables denial of service_CVE-2026-54892 Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Co...	elixir-plug	plug 1.15.0	Jun 23, 2026	CVE
MEDIUM 6.4	CVE-2026-4610	ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content_CVE-2026-4610 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_messag...	metagauss	ProfileGrid – User Profiles, Groups and Communities	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-44089	Buffer Overflow in Totolink EX1200L router_CVE-2026-44089 Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be ex...	Totolink	EX1200L 9.3.5u.6146_B20201023	Jun 23, 2026	CVE
MEDIUM 6.1	CVE-2026-10857	Reflected XSS in Akinsoft’s e-Commerce_CVE-2026-10857 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry...	AKIN Software Computer Import Export Industry and Trade Ltd.	e-Commerce	Jun 23, 2026	CVE
HIGH 8.8	CVE-2026-10711	RCE in Akınsoft’s CafePlus_CVE-2026-10711 Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessin...	AKIN Software Computer Import Export Industry and Trade Ltd.	CafePlus 12.05.03	Jun 23, 2026	CVE