category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-56081	Cap-go – Account Lockout via 2FA Misconfiguration on Unverified Email_CVE-2026-56081 Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email addres...	Cap-go	capgo	Jun 19, 2026	CVE
MEDIUM 6.9	CVE-2026-56080	Cap-go – Authentication Logic Flaw in Enforce Password Policy_CVE-2026-56080 Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their...	Cap-go	capgo	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-56079	Capgo – Cross-Tenant Authorization Bypass via PostgREST Webhook Access_CVE-2026-56079 Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to acc...	Capgo	Capgo	Jun 19, 2026	CVE
CRITICAL 9.3	CVE-2026-56073	Cap-go – OTP Bypass via Response Manipulation in Email Verification_CVE-2026-56073 Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by mo...	Cap-go	capgo	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-11551	Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover_CVE-2026-11551 The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is du...	wpmudev	Branda – White Label & Branding, Free Login Page Customizer	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-49345	Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)_CVE-2026-49345 Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forge...	sourcentis	mercator < 2025.05.19	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49344	Mercator has a Personal Identifiable Information Leak from Query Executor feature_CVE-2026-49344 Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine (`/...	sourcentis	mercator < 2025.05.19	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-49342	YARD static cache reads raw traversal paths before router sanitization_CVE-2026-49342 YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path...	lsegal	yard < 0.9.44	Jun 19, 2026	CVE
HIGH 7.4	CVE-2026-48787	gin-vue-admin vulnerable to RCE_CVE-2026-48787 gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature ...	flipped-aurora	gin-vue-admin = 2.9.1	Jun 19, 2026	CVE
HIGH 7.5	CVE-2026-48774	ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract_CVE-2026-48774 ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `run_sql_readonly` tool v...	sysown	proxysql >= 3.0.6, < 3.0.9	Jun 19, 2026	CVE