category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.4	CVE-2026-56785	FlatPress – Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields_CVE-2026-56785 FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and ...	FlatPress	FlatPress	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-54588	Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction._CVE-2026-54588 Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` re...	poweradmin	poweradmin < 4.2.4	Jun 23, 2026	CVE
MEDIUM 5.5	CVE-2026-48493	Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment_CVE-2026-48493 Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their...	grokability	snipe-it < 8.6.0	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47693	Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications_CVE-2026-47693 Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula I...	poweradmin	poweradmin < 4.2.4	Jun 23, 2026	CVE
MEDIUM 4.9	CVE-2026-12164	Privilege Escalation in Fortra File Integrity Monitoring (FIM)_CVE-2026-12164 Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permission...	Fortra	File Integrity Monitoring (FIM)	Jun 23, 2026	CVE
MEDIUM 5.5	CVE-2026-12163	Stored XSS in Fortra File Integrity Monitoring (FIM)_CVE-2026-12163 Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnera...	Fortra	Fortra File Integrity Monitoring (FIM)	Jun 23, 2026	CVE
HIGH 8.2	CVE-2026-11972	tarfile opened in streaming mode mishandles EOF_CVE-2026-11972 When using the "tarfile" module with a file opened in "streaming mode" (mode="r\|") the tarfile module did not properly handle EOF, meaning an archi...	Python Software Foundation	CPython	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-55736	Private action arguments can be set by user input in Ash_CVE-2026-55736 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a...	ash-project	ash 3.0.0	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-55249	@rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String_CVE-2026-55249 @rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rew...	rtk-ai	rtk 1.0.0	Jun 23, 2026	CVE
HIGH 7.7	CVE-2026-54322	Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org’s roles_CVE-2026-54322 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organizatio...	daytonaio	daytona < 0.185.0	Jun 23, 2026	CVE