category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-53981	Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism_CVE-2026-53981 Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authentica...	Cap-go	Cap-go	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47224	NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check_CVE-2026-47224 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-ove...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-47222	NanaZip: Heap out-of-bounds read in NanaZip AVB property descriptor parser via unsigned integer underflow_CVE-2026-47222 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bou...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-3840	Path Traversal in kedro-org/kedro_CVE-2026-3840 A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path...	kedro-org	kedro-org/kedro unspecified	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-3433	Mattermost fails to scope role_updated websocket events to authorized team and channel members_CVE-2026-3433 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
CRITICAL 9.6	CVE-2026-12027	CVE-2026-12027_CVE-2026-12027 Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer proces...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-12024	CVE-2026-12024_CVE-2026-12024 Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a c...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE
MEDIUM 5.9	CVE-2026-9271	KeepInMind – Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS_CVE-2026-9271 Vulnerability Title	Unknown	KeepInMind Dashboard Notes	Jun 12, 2026	CVE
LOW 3.5	CVE-2026-9269	Secure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter_CVE-2026-9269 The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could...	Unknown	Secure Copy Content Protection and Content Locking	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50645	Apache CXF: No restriction on attachment headers per message_CVE-2026-50645 There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to unc...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE