category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-12117	CVE-2026-12117_CVE-2026-12117 Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate ...	Devolutions	Devolutions Server 2026.2.0	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-12105	CVE-2026-12105_CVE-2026-12105 Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with ...	Devolutions	Devolutions Server	Jun 16, 2026	CVE
MEDIUM 4.3	CVE-2026-11890	CVE-2026-11890_CVE-2026-11890 Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve accou...	Devolutions	Devolutions Server	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-47340	Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access._CVE-2026-47340 Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler....	Apache Software Foundation	Apache DolphinScheduler	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-42357	Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access._CVE-2026-42357 Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to acc...	Apache Software Foundation	Apache DolphinScheduler	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-32967	Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks_CVE-2026-32967 Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: befo...	Apache Software Foundation	Apache DolphinScheduler	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-32966	Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure_CVE-2026-32966 DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apach...	Apache Software Foundation	Apache DolphinScheduler	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-9675	undici WebSocket client vulnerable to denial of service via cumulative fragment bypass_CVE-2026-9675 Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages....	undici	undici 8.0.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-53875	picklescan – Scanning Bypass via Dynamic Eval in scan_pytorch_CVE-2026-53875 picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic number...	picklescan	picklescan	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-53874	picklescan – Arbitrary Code Execution via Obfuscated eval Call_CVE-2026-53874 picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval ca...	picklescan	picklescan	Jun 17, 2026	CVE