category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-46400	HAXCMS PHP has a File Upload Validation Bypass_CVE-2026-46400 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functi...	haxtheweb	haxcms-php >= 11.0.6, < 25.0.0	Jun 5, 2026	CVE
HIGH 8.8	CVE-2026-46398	HAX CMS Missing Secure Flag on Cookie_CVE-2026-46398 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcms_refresh_tok...	haxtheweb	haxcms-php >= 25.0.0, < 26.0.0	Jun 5, 2026	CVE
MEDIUM 6.5	CVE-2026-46397	haxcms-php Local File Inclusion via saveOutline API Location Parameter v2.0_CVE-2026-46397 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerabi...	haxtheweb	haxcms-php < 26.0.0	Jun 5, 2026	CVE
MEDIUM 6.5	CVE-2026-46357	HAX CMS NodeJS application Vulnerable to Denial of Service using Malicious Import Request_CVE-2026-46357 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authen...	haxtheweb	haxcms-nodejs < 26.0.0	Jun 5, 2026	CVE
MEDIUM 5.3	CVE-2026-45776	Open XDMoD has Broken Access Control via Client-Controlled Session Variable_CVE-2026-45776 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allow...	ubccr	xdmod < 11.0.3	Jun 5, 2026	CVE
CRITICAL 10	CVE-2026-11414	Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal_CVE-2026-11414 A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical ac...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
HIGH 8	CVE-2026-11401	Privilege Escalation in AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL_CVE-2026-11401 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenti...	AWS	AWS Advanced Go Wrapper 2026-04-06	Jun 5, 2026	CVE
HIGH 8	CVE-2026-11400	Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL_CVE-2026-11400 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authen...	AWS	AWS Advanced JDBC Wrapper 3.0.0	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2026-45779	Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise_CVE-2026-45779 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0...	ubccr	xdmod < 10.0.3	Jun 5, 2026	CVE
HIGH 8.6	CVE-2026-45778	Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset_CVE-2026-45778 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious Ja...	ubccr	xdmod < 11.0.3	Jun 5, 2026	CVE