category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-11769	Operator – Namespaced User Path Traversal_CVE-2026-11769 We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escala...	Grafana	Grafana Operator	Jun 13, 2026	CVE
HIGH 7.5	CVE-2026-9848	WP Ticket <= 6.0.4 - Unauthenticated SQL Injection via WordPress Search 's' Parameter_CVE-2026-9848 The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and including, ...	emarket-design	Customer Support Ticket System & Helpdesk	Jun 13, 2026	CVE
MEDIUM 5.5	CVE-2026-54231	Abrt: unsanitized systemd journal content written to dump directory files enables content injection_CVE-2026-54231 A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journa...	Red Hat	Red Hat Enterprise Linux 6	Jun 13, 2026	CVE
HIGH 7	CVE-2026-54230	Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites_CVE-2026-54230 A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shel...	Red Hat	Red Hat Enterprise Linux 6	Jun 13, 2026	CVE
HIGH 7	CVE-2026-54229	Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking_CVE-2026-54229 A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY ...	Red Hat	Red Hat Enterprise Linux 6	Jun 13, 2026	CVE
HIGH 7.8	CVE-2026-54228	Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories_CVE-2026-54228 A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation a...	Red Hat	Red Hat Enterprise Linux 6	Jun 13, 2026	CVE
MEDIUM 4.9	CVE-2026-12089	WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read_CVE-2026-12089 The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and includin...	aurelienlws	LWS Optimize – All-in-One Speed Booster & Cache Tools	Jun 13, 2026	CVE
HIGH 8.7	CVE-2026-53868	Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion_CVE-2026-53868 Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without ve...	Capgo	Capgo	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-53867	Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement_CVE-2026-53867 Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can acce...	Cap-go	capgo	Jun 12, 2026	CVE
MEDIUM 6	CVE-2026-53839	OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation_CVE-2026-53839 OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of ex...	OpenClaw	OpenClaw	Jun 12, 2026	CVE