category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-54223	Remote Code Execution via arbitrary file read and write in UBB.threads_CVE-2026-54223 UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s se...	UBB Systems	UBB.threads	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-54222	Blind SQL Injection in UBB.threads_CVE-2026-54222 UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying da...	UBB Systems	UBB.threads	Jun 18, 2026	CVE
MEDIUM 5.1	CVE-2026-54221	Reflected XSS in UBB.threads_CVE-2026-54221 UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitr...	UBB Systems	UBB.threads	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-54220	Cross-Site Request Forgery in UBB.threads_CVE-2026-54220 uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authen...	UBB Systems	UBB.threads	Jun 18, 2026	CVE
MEDIUM 5.1	CVE-2026-54219	Stored XSS in UBB.threads_CVE-2026-54219 UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low...	UBB Systems	UBB.threads	Jun 18, 2026	CVE
MEDIUM 5.2	CVE-2026-9158	CVE-2026-9158_CVE-2026-9158 In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling po...	Eclipse Foundation	Eclipse 4diac 3.0.0	Jun 18, 2026	CVE
HIGH 8.5	CVE-2026-56012	WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability_CVE-2026-56012 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows ...	David Lingren	Media LIbrary Assistant n/a	Jun 18, 2026	CVE
HIGH 7.1	CVE-2026-50141	Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation_CVE-2026-50141 Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any auth...	woodpecker-ci	woodpecker >= 3.0.0, < 3.14.1	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-42490	domctl lock open to abuse_CVE-2026-42490 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and man...	Xen	Xen consult Xen advisory XSA-492	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-42489	domctl lock open to abuse_CVE-2026-42489 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and man...	Xen	Xen consult Xen advisory XSA-492	Jun 18, 2026	CVE