category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-56347	AVideo TopMenu Plugin – Stored Cross-Site Scripting via Unescaped Menu Item Fields_CVE-2026-56347 AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encodi...	WWBN	AVideo	Jun 20, 2026	CVE
MEDIUM 6.9	CVE-2026-56346	AVideo – Unauthenticated PGP Message Decryption via decryptMessage.json.php Endpoint_CVE-2026-56346 AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated use...	AVideo	AVideo	Jun 20, 2026	CVE
CRITICAL 9.2	CVE-2026-56345	AVideo – Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo Endpoint_CVE-2026-56345 AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the targ...	AVideo	AVideo	Jun 20, 2026	CVE
MEDIUM 6.1	CVE-2026-56342	AVideo – Server-Side Request Forgery in Live/test.php via statsURL Parameter_CVE-2026-56342 AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators t...	AVideo	AVideo	Jun 20, 2026	CVE
HIGH 8.7	CVE-2026-56341	AVideo – Unauthenticated Access to Payment Log DataTables Endpoints via list.json.php_CVE-2026-56341 AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing Pay...	AVideo	AVideo	Jun 20, 2026	CVE
HIGH 8.7	CVE-2026-56340	vLLM – Denial of Service via Unvalidated Multimodal Embeddings_CVE-2026-56340 vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tens...	vLLM	vLLM 0.10.2	Jun 20, 2026	CVE
MEDIUM 5.3	CVE-2025-71379	vllm – Regular Expression Denial of Service in Multiple Components_CVE-2025-71379 vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns — in vllm/...	vllm	vllm 0.6.3	Jun 20, 2026	CVE
MEDIUM 5.1	CVE-2026-56332	Capgo – Open Redirect via confirmation_url Parameter_CVE-2026-56332 Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary e...	Capgo	Capgo	Jun 20, 2026	CVE
MEDIUM 4.8	CVE-2026-56330	Capgo – Open Redirect via Unvalidated Stripe Billing URLs_CVE-2026-56330 Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, s...	Capgo	Capgo	Jun 20, 2026	CVE
MEDIUM 5.3	CVE-2026-56319	Capgo – App Existence Oracle via GET /statistics/app/:app_id_CVE-2026-56319 Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allows app-limited API keys...	Capgo	Capgo	Jun 20, 2026	CVE