category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2026-53662	immich: One-click account takeover via XSS in login page continue redirect_CVE-2026-53662 immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting ...	immich-app	immich >= main@4ffa26c9, < main@4eb1003	Jun 23, 2026	CVE
MEDIUM 4.2	CVE-2026-52846	Caddy: stripHTML template function bypass_CVE-2026-52846 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HT...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-52845	Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`_CVE-2026-52845 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied ident...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
HIGH 7.5	CVE-2026-52844	Caddy: Windows `file_server` path authorization bypass via encoded backslash_CVE-2026-52844 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outs...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
MEDIUM 5.4	CVE-2026-45692	Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization_CVE-2026-45692 Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer d...	caddyserver	caddy >= 2.4.0, < 2.11.3	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-45135	Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files_CVE-2026-45135 Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/r...	caddyserver	caddy >= 2.7.0, < 2.11.3	Jun 23, 2026	CVE
MEDIUM 4.1	CVE-2026-0864	Configuration Injection via Carriage Return (\r) in write() method_CVE-2026-0864 When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the result...	Python Software Foundation	CPython	Jun 23, 2026	CVE
HIGH 7.5	CVE-2026-8379	Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download_CVE-2026-8379 The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing una...	Unknown	Frontend File Manager Plugin	Jun 23, 2026	CVE
CRITICAL 9.1	CVE-2026-9733	Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter_CVE-2026-9733 Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specifi...	HAYAJO	Mojolicious::Plugin::Web::Auth::OAuth2 0.17	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-12969	Dnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validation_CVE-2026-12969 An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is ca...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE