category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-48768	TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName_CVE-2026-48768 TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses u...	baptisteArno	typebot.io < 3.17.0	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-48764	TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass_CVE-2026-48764 TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether th...	baptisteArno	typebot.io < 3.17.2	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-12569	Remote Code Execution (RCE) vulnerability in Windchill PDMlink_CVE-2026-12569 A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited...	PTC	Windchill PDMLink	Jun 18, 2026	CVE
MEDIUM 5.1	CVE-2026-54386	marimo < 0.23.9 XSS via file Query Parameter in assets.py_CVE-2026-54386 marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject a...	marimo-team	marimo	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-50200	Steeltoe’s env sanitizer misses connection strings — leaks embedded DB passwords_CVE-2026-50200 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-50196	Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch_CVE-2026-50196 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery....	SteeltoeOSS	Steeltoe.Discovery.Eureka >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-50194	Steeltoe vulnerable to management-port isolation bypass via spoofed Host header_CVE-2026-50194 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe manageme...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-48997	e107: Command Injection via shell expansion in ImageMagick resize destination path_CVE-2026-48997 e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destinat...	e107inc	e107 < 2.3.6	Jun 17, 2026	CVE
MEDIUM 5.5	CVE-2026-48991	XianYuLauncher: Legacy Microsoft account OAuth sign-in flow lacks PKCE and state validation_CVE-2026-48991 XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts could be exposed during a user-...	XianYuLauncher	XianYuLauncher < 1.5.5	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48990	joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization_CVE-2026-48990 joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 throu...	authlib	joserfc < 1.6.7	Jun 17, 2026	CVE