category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-46710	Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path_CVE-2026-46710 Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in th...	notepad-plus-plus	notepad-plus-plus >= 8.9.4, < 8.9.6	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-55069	Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack_CVE-2026-55069 Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component...	kestra-io	kestra < 1.3.24	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-53577	Kestra: Cross-Execution File Read via Preview Endpoint (IDOR)_CVE-2026-53577 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tena...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
CRITICAL 10	CVE-2026-53576	Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass_CVE-2026-53576 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/ap...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-49984	Kestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)_CVE-2026-49984 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-suppli...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
CRITICAL 10	CVE-2026-49869	Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`_CVE-2026-49869 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath(...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-45807	Kestra: Path traversal via URL-encoded “%2E%2E” in execution and namespace file endpoints allows arbitrary file read_CVE-2026-45807 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from...	kestra-io	kestra < 1.0.43	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2025-64152	Apache IoTDB: Path Traversal Vulnerability_CVE-2025-64152 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro...	Apache Software Foundation	Apache IoTDB 1.0.0	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2025-55017	Apache IoTDB: Path Traversal Vulnerability_CVE-2025-55017 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro...	Apache Software Foundation	Apache IoTDB 2.0.0	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-5757	There exists an unauthenticated remote information disclosure vulnerability in Ollama’s model quantization engine_CVE-2026-5757 Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the ser...	Ollama AI	Ollama v0.13.5	Jun 26, 2026	CVE