category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-31016	CVE-2026-31016_CVE-2026-31016 Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a remote attacker to escalate privileges via the Iden...	n/a	n/a n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-28979	CVE-2026-28979_CVE-2026-28979 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macO...	Apple	Safari	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-13593	CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away_CVE-2026-13593 CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory lea...	GTERMARS	CSS::Minifier::XS	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-41896	Coolify: Unauthenticated Deployment Trigger via Webhook HMAC Bypass with Null Secret_CVE-2026-41896 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the ap...	coollabsio	coolify < 4.0.0-beta.474	Jun 29, 2026	CVE
HIGH 8.8	CVE-2026-34597	Coolify: Authenticated Host RCE_CVE-2026-34597 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticat...	coollabsio	coolify < 4.0.0-beta.470	Jun 29, 2026	CVE
HIGH 8.8	CVE-2026-34594	Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management_CVE-2026-34594 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated comma...	coollabsio	coolify < 4.0.0-beta.471	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57997	Strapi users-permissions – JWT Algorithm Confusion via Missing Algorithm Configuration_CVE-2026-57997 Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowin...	strapi	strapi	Jun 29, 2026	CVE
HIGH 7.7	CVE-2026-34592	Coolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and Infrastructure_CVE-2026-34592 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and pro...	coollabsio	coolify < 4.0.0-beta.471	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-10647	Deadlock denial of service in USB CDC-NCM device class on TX enqueue failure_CVE-2026-10647 The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in its ethernet transmit c...	zephyrproject	zephyr 4.1.0	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-8023	Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read_CVE-2026-8023 Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYS...	zephyrproject	zephyr 4.0.0	Jun 29, 2026	CVE