category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.8	CVE-2026-56788	RTKLIB 2.4.3 – Out-of-bounds Read via Negative Array Index in getcodepri_CVE-2026-56788 RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allo...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-56787	RTKLIB 2.4.3 – Off-by-One Out-of-Bounds Read in decode_ssr3 via RTCM3 SSR Message_CVE-2026-56787 RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote att...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2026-56786	RTKLIB 2.4.3 – Out-of-bounds Write in decode_type1033 via Crafted RTCM3 Message_CVE-2026-56786 RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination b...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-56779	MaxKB < 2.10.0 - Server-Side Request Forgery via downloadCallbackUrl and download_url Parameters_CVE-2026-56779 MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to m...	1Panel-dev	MaxKB	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-56774	Kanboard – Cross-User Deletion of Persistent Login Sessions via Unvalidated Session ID_CVE-2026-56774 Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to...	kanboard	kanboard	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-56772	NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint_CVE-2026-56772 NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplyi...	samuelclay	NewsBlur	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-56771	NewsBlur < 14.5.0 - Server-Side Request Forgery via add_url Endpoint_CVE-2026-56771 NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make...	samuelclay	NewsBlur	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-56770	libais 0.15 – Out-of-bounds Vector Access in VdmStream::AddLine via Invalid Sequential Message ID_CVE-2026-56770 libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range ...	schwehr	libais	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-56769	Huly Platform – Server-Side Request Forgery via /import Endpoint_CVE-2026-56769 Huly Platform before commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that a...	hcengineering	platform	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-56768	Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method_CVE-2026-56768 Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass au...	haiwen	seahub	Jun 25, 2026	CVE