category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.7	CVE-2026-12039	Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution_CVE-2026-12039 Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwar...	Docker	Docker Sandboxes 0.13.0	Jun 18, 2026	CVE
HIGH 8.4	CVE-2026-46580	CVE-2026-46580_CVE-2026-46580 In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could ...	Eclipse Foundation	Eclipse Theia	Jun 18, 2026	CVE
HIGH 8.4	CVE-2026-44691	CVE-2026-44691_CVE-2026-44691 In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be execute...	Eclipse Foundation	Eclipse Theia	Jun 18, 2026	CVE
HIGH 8.4	CVE-2026-44688	CVE-2026-44688_CVE-2026-44688 In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without dis...	Eclipse Foundation	Eclipse Theia	Jun 18, 2026	CVE
MEDIUM 6.7	CVE-2026-22551	CVE-2026-22551_CVE-2026-22551 In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary extern...	Eclipse Foundation	Eclipse Theia	Jun 18, 2026	CVE
MEDIUM 5	CVE-2026-11791	389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()_CVE-2026-11791 A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax informati...	Red Hat	Red Hat Directory Server 11	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2025-58175	GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution_CVE-2025-58175 GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses ...	geoserver	org.geoserver.web:gs-web-app < 2.26.4	Jun 18, 2026	CVE
HIGH 7.2	CVE-2025-52465	GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page_CVE-2025-52465 GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists...	geoserver	org.geoserver.web:gs-web-app < 2.26.4	Jun 18, 2026	CVE
HIGH 7.2	CVE-2025-27511	GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection_CVE-2025-27511 GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Exte...	geoserver	org.geoserver.extension:gs-db2 < 2.27.0	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-56024	WordPress WP EasyPay plugin <= 4.4.0 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-56024 Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/...	Saad Iqbal	WP EasyPay n/a	Jun 18, 2026	CVE