category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-56020	Webmin HTTP header authentication bypass_CVE-2026-56020 The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a...	Webmin	Webmin	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-55237	AutoGPT SignUp Page has DOM-Based XSS and Open Redirect_CVE-2026-55237 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62...	Significant-Gravitas	AutoGPT < 0.6.62	Jun 18, 2026	CVE
HIGH 7.8	CVE-2026-12505	Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall_CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user informati...	Red Hat	Red Hat Enterprise Linux 10	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-12407	E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter_CVE-2026-12407 The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. Th...	oleksandrz	E2Pdf – Export Pdf Tool for WordPress	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-10023	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers_CVE-2026-10023 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecu...	dokaninc	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-48768	TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName_CVE-2026-48768 TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses u...	baptisteArno	typebot.io < 3.17.0	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-48764	TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass_CVE-2026-48764 TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether th...	baptisteArno	typebot.io < 3.17.2	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-12569	Remote Code Execution (RCE) vulnerability in Windchill PDMlink_CVE-2026-12569 A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited...	PTC	Windchill PDMLink	Jun 18, 2026	CVE
MEDIUM 5.1	CVE-2026-54386	marimo < 0.23.9 XSS via file Query Parameter in assets.py_CVE-2026-54386 marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject a...	marimo-team	marimo	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-50200	Steeltoe’s env sanitizer misses connection strings — leaks embedded DB passwords_CVE-2026-50200 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE