category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-49338	Subsonic API: any authenticated user can delete or read any other user’s playlist (IDOR)_CVE-2026-49338 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints `/rest/de...	sentriz	gonic < 0.21.0	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-27878	Tempo TraceQL query with exemplar hint could result in unbounded memory usage_CVE-2026-27878 A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resultin...	Grafana	Enterprise Traces (GET) 2.6.1	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-12726	Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential_CVE-2026-12726 A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.status...	Red Hat	Red Hat Ansible Automation Platform 2	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-12622	Open Redirect Vulnerability in Password Reset Submission in GridTime™ 3000 GNSS Time Server_CVE-2026-12622 The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: fr...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-12621	Cross-Site Scripting (XSS) Vulnerability in Password Reset Redirect in GridTime™ 3000 GNSS Time Server_CVE-2026-12621 Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) allows XSS. This issue a...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE
MEDIUM 4.6	CVE-2026-12620	Access Token Exposure in URL Parameters in GridTime™ 3000 GNSS Time Server_CVE-2026-12620 The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE
MEDIUM 5.1	CVE-2026-12619	GridTime™ 3000 GNSS Time Server CSRF to XSS_CVE-2026-12619 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTime 3000 allows Cross-S...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE
HIGH 8.1	CVE-2026-56211	Libaom: libaom: remote code execution via svc layer context handling with attacker-controlled frames_CVE-2026-56211 A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encode...	Red Hat	Red Hat Enterprise Linux 10	Jun 19, 2026	CVE
HIGH 8.2	CVE-2026-56210	Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id_CVE-2026-56210 A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable ...	Red Hat	Red Hat Enterprise Linux 10	Jun 19, 2026	CVE
CRITICAL 9.1	CVE-2026-56209	Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map pointer hijack_CVE-2026-56209 An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable V...	Red Hat	Red Hat Enterprise Linux 10	Jun 19, 2026	CVE