category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-12053	Insertion of Sensitive Information into Log File in GitLab_CVE-2026-12053 GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user ...	GitLab	GitLab 19.1	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-11379	Incorrect Authorization in GitLab_CVE-2026-11379 GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in w...	GitLab	GitLab 13.11	Jun 25, 2026	CVE
HIGH 8	CVE-2026-10712	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab_CVE-2026-10712 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that un...	GitLab	GitLab 18.10	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-10086	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab_CVE-2026-10086 GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under ...	GitLab	GitLab 16.4	Jun 25, 2026	CVE
LOW 3.8	CVE-2026-0934	Incorrect Authorization in GitLab_CVE-2026-0934 GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under ...	GitLab	GitLab 17.9	Jun 25, 2026	CVE
LOW 3.3	CVE-2026-8662	Path Traversal in Rapid7 InsightConnect Compression Plugin_CVE-2026-8662 Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to ...	Rapid7	InsightConnect Compression Plugin	Jun 25, 2026	CVE
MEDIUM 6	CVE-2026-8658	OS Command Injection in Rapid7 InsightConnect Tcpdump Plugin_CVE-2026-8658 OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands...	Rapid7	InsightConnect Tcpdump Plugin	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-2508	Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'_CVE-2026-2508 The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staff_id’ parameter in all versions up to, and in...	GravityMore	Gravity Bookings	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-12079	Dokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter_CVE-2026-12079 The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0....	wedevs	Dokan Pro	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-12077	Dokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' Parameters_CVE-2026-12077 The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up t...	wedevs	Dokan Pro	Jun 25, 2026	CVE