category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-48281	ColdFusion \| Improper Input Validation (CWE-20)_CVE-2026-48281 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code exec...	Adobe	ColdFusion	Jun 30, 2026	CVE
CRITICAL 10	CVE-2026-48277	ColdFusion \| Improper Input Validation (CWE-20)_CVE-2026-48277 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code exec...	Adobe	ColdFusion	Jun 30, 2026	CVE
CRITICAL 10	CVE-2026-48276	ColdFusion \| Unrestricted Upload of File with Dangerous Type (CWE-434)_CVE-2026-48276 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result ...	Adobe	ColdFusion	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-58375	JimuReport 2.5.0 – Unauthenticated Report Export via /jmreport/auto/export_CVE-2026-58375 JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so ...	jeecgboot	jimureport	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-58373	CVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report Existence_CVE-2026-58373 CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.get_queryset that allows authenticated attackers to enu...	cvat-ai	cvat	Jun 30, 2026	CVE
HIGH 8.1	CVE-2026-58372	SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys_CVE-2026-58372 SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principal...	seaweedfs	seaweedfs	Jun 30, 2026	CVE
LOW 3.1	CVE-2026-58371	SeaweedFS < 4.30 - Cross-Origin Information Disclosure via Unvalidated JSONP callback Parameter_CVE-2026-58371 SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared w...	seaweedfs	seaweedfs	Jun 30, 2026	CVE
HIGH 8.1	CVE-2026-58370	Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name_CVE-2026-58370 Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is popu...	woodpecker-ci	woodpecker	Jun 30, 2026	CVE
MEDIUM 5.3	CVE-2026-58369	Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service_CVE-2026-58369 Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name endpoint without authentication middleware, and the LookupOrg handler uncond...	woodpecker-ci	woodpecker	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-58176	RuoYi-Vue-Plus – Missing Authorization on Workflow Task Management Endpoints_CVE-2026-58176 RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task (FlwTaskController) without ...	dromara	RuoYi-Vue-Plus	Jun 30, 2026	CVE