category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.7	CVE-2026-6739	Mattermost: Delegated admins could patch protected default system roles_CVE-2026-6739 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-6689	Missing {{invite_user}} permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings_CVE-2026-6689 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-6046	Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server_CVE-2026-6046 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-53982	Capgo Console < 12.28.2 Account Deletion DoS via Device Identifier Association_CVE-2026-53982 Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authenticat...	Cap-go	console.capgo.app	Jun 12, 2026	CVE
HIGH 7.2	CVE-2026-53981	Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism_CVE-2026-53981 Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authentica...	Cap-go	Cap-go	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47224	NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check_CVE-2026-47224 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-ove...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-47222	NanaZip: Heap out-of-bounds read in NanaZip AVB property descriptor parser via unsigned integer underflow_CVE-2026-47222 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bou...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-3840	Path Traversal in kedro-org/kedro_CVE-2026-3840 A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path...	kedro-org	kedro-org/kedro unspecified	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-3433	Mattermost fails to scope role_updated websocket events to authorized team and channel members_CVE-2026-3433 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
CRITICAL 9.6	CVE-2026-12027	CVE-2026-12027_CVE-2026-12027 Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer proces...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE