category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-42840	ERPNext 16.16.0 – Stored XSS in POS customer section via unescaped template literals_CVE-2026-42840 An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped renderin...	Frappe	ERPNext 16.16.0	Jun 3, 2026	CVE
MEDIUM 4.8	CVE-2026-42839	ERPNext 16.16.0 – Stored XSS in POS cart item rendering_CVE-2026-42839 An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image field...	Frappe	ERPNext 16.16.0	Jun 3, 2026	CVE
HIGH 8.8	CVE-2026-30650	CVE-2026-30650_CVE-2026-30650 A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD...	Vivotek	Vivotek FD8136 FD8136-VVTK-0300a	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-10702	JIT miscompilation in the JavaScript Engine: JIT component_CVE-2026-10702 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.	Mozilla	Firefox 151.0.3	Jun 2, 2026	CVE
HIGH 7.5	CVE-2026-42504	Quadratic complexity in WordDecoder.DecodeHeader in mime_CVE-2026-42504 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.	Go standard library	mime	Jun 2, 2026	CVE
MEDIUM 6.1	CVE-2026-6657	CORS Origin Validation Bypass in jupyter-server_CVE-2026-6657 A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` co...	jupyter	jupyter/jupyter unspecified	Jun 3, 2026	CVE
HIGH 7	CVE-2026-44281	GLPI vulnerable to unauthorized reading of a specific asset object_CVE-2026-44281 GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user w...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 3, 2026	CVE
HIGH 8.4	CVE-2026-42321	GLPI has stored XSS in asset locks_CVE-2026-42321 GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS pay...	glpi-project	glpi >= 10.0.4, < 10.0.25	Jun 3, 2026	CVE
MEDIUM 5.9	CVE-2026-42320	GLPI vulnerable to arbitrary file access_CVE-2026-42320 GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read a...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 3, 2026	CVE
HIGH 7	CVE-2026-42318	GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint_CVE-2026-42318 GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users wi...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 3, 2026	CVE