category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.6	CVE-2026-50710	Frappe Framework 17.0.0-dev – Stored XSS via eval in Number Card filters_config_CVE-2026-50710 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 4.8	CVE-2026-50709	Frappe Framework 17.0.0-dev – Stored XSS in Notifications Events color rendering_CVE-2026-50709 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 4.8	CVE-2026-50708	Frappe Framework 17.0.0-dev – Stored XSS in Multi Select Dialog result rendering_CVE-2026-50708 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 4.6	CVE-2026-50705	Frappe Framework 17.0.0-dev – Stored XSS in Form Dashboard headline rendering_CVE-2026-50705 A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the F...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 4.6	CVE-2026-50704	Frappe Framework 17.0.0-dev – Reflected/Stored XSS in File View breadcrumbs rendering_CVE-2026-50704 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 4.8	CVE-2026-50703	Frappe Framework 17.0.0-dev – Stored XSS in Desktop Icon label rendering_CVE-2026-50703 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 5.1	CVE-2026-50701	Frappe Framework 17.0.0-dev – Reflected DOM XSS in dashboard-view breadcrumb rendering_CVE-2026-50701 A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlle...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 4.6	CVE-2026-50700	Frappe Framework 17.0.0-dev – Stored XSS in frappe.get_avatar image rendering_CVE-2026-50700 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-9710	Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure_CVE-2026-9710 The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce ...	Unknown	Cornerstone 3.0.0	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-9709	Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure_CVE-2026-9709 The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to ...	Unknown	Cornerstone 3.0.0	Jun 24, 2026	CVE