category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-49869	Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`_CVE-2026-49869 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath(...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-45807	Kestra: Path traversal via URL-encoded “%2E%2E” in execution and namespace file endpoints allows arbitrary file read_CVE-2026-45807 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from...	kestra-io	kestra < 1.0.43	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2025-64152	Apache IoTDB: Path Traversal Vulnerability_CVE-2025-64152 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro...	Apache Software Foundation	Apache IoTDB 1.0.0	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2025-55017	Apache IoTDB: Path Traversal Vulnerability_CVE-2025-55017 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro...	Apache Software Foundation	Apache IoTDB 2.0.0	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-5757	There exists an unauthenticated remote information disclosure vulnerability in Ollama’s model quantization engine_CVE-2026-5757 Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the ser...	Ollama AI	Ollama v0.13.5	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-0828	Kernel driver vulnerability in Safetica Endpoint Client_CVE-2026-0828 Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCT...	Safetica	Endpoint Client 10.5.75.0	Jun 26, 2026	CVE
CRITICAL 9.8	CVE-2026-0685	Server side template inject (SSTI) in Edgewall Genshi Template Engine_CVE-2026-0685 Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achie...	Edgewall	Genshi 0.7.9	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2025-11919	Unprotected temporary directories in Wolfram Cloud may result in privilege escalation_CVE-2025-11919 The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp...	Wolfram Research Inc.	Cloud 14.2	Jun 26, 2026	CVE
HIGH 8.1	CVE-2026-56876	extract-zip unvalidated symlink path traversal_CVE-2026-56876 extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relati...	max-mapper	extract-zip	Jun 26, 2026	CVE
MEDIUM 6.3	CVE-2026-55448	mise: Local credential_command executes untrusted config_CVE-2026-55448 mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local proj...	jdx	mise < 2026.6.4	Jun 26, 2026	CVE