category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-53577	Kestra: Cross-Execution File Read via Preview Endpoint (IDOR)_CVE-2026-53577 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tena...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
CRITICAL 10	CVE-2026-53576	Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass_CVE-2026-53576 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/ap...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-49984	Kestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)_CVE-2026-49984 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-suppli...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
CRITICAL 10	CVE-2026-49869	Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`_CVE-2026-49869 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath(...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-45807	Kestra: Path traversal via URL-encoded “%2E%2E” in execution and namespace file endpoints allows arbitrary file read_CVE-2026-45807 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from...	kestra-io	kestra < 1.0.43	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2025-64152	Apache IoTDB: Path Traversal Vulnerability_CVE-2025-64152 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro...	Apache Software Foundation	Apache IoTDB 1.0.0	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2025-55017	Apache IoTDB: Path Traversal Vulnerability_CVE-2025-55017 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro...	Apache Software Foundation	Apache IoTDB 2.0.0	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-5757	There exists an unauthenticated remote information disclosure vulnerability in Ollama’s model quantization engine_CVE-2026-5757 Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the ser...	Ollama AI	Ollama v0.13.5	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-0828	Kernel driver vulnerability in Safetica Endpoint Client_CVE-2026-0828 Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCT...	Safetica	Endpoint Client 10.5.75.0	Jun 26, 2026	CVE
CRITICAL 9.8	CVE-2026-0685	Server side template inject (SSTI) in Edgewall Genshi Template Engine_CVE-2026-0685 Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achie...	Edgewall	Genshi 0.7.9	Jun 26, 2026	CVE