category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-13766	DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers_CVE-2026-13766 DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subcla...	EXODIST	DBIx::QuickORM	Jun 30, 2026	CVE
MEDIUM 5.4	CVE-2025-53648	Apache Gravitino: SQL misconfiguration can access or truncate files_CVE-2025-53648 SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended ...	Apache Software Foundation	Apache Gravitino 0.5.0	Jun 30, 2026	CVE
LOW 2	CVE-2026-4360	Tarfile.extract() doesn’t fully respect filter parameter_CVE-2026-4360 In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content ...	Python Software Foundation	CPython	Jun 30, 2026	CVE
MEDIUM 5.4	CVE-2026-48192	CVE-2026-48192_CVE-2026-48192 A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All...	Siemens	Mendix Studio Pro 10.11	Jun 30, 2026	CVE
HIGH 7	CVE-2026-44949	Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook_CVE-2026-44949 A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to ...	SUSE	Rancher 0.7.0	Jun 30, 2026	CVE
MEDIUM 6.9	CVE-2026-44947	Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher_CVE-2026-44947 A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 a...	SUSE	Rancher 2.13.0	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-27957	Coolify: Authenticated RCE via command injection in CA certificate management feature_CVE-2026-27957 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated comma...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-27956	Coolify: Cross-team application domain enumeration via domains_by_server endpoint_CVE-2026-27956 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/servers/{...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 6.6	CVE-2026-27955	Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`_CVE-2026-27955 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker() ...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 5	CVE-2026-27883	Coolify: IDOR in Deployment API – Cross-Team Deployment Information Disclosure_CVE-2026-27883 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the `GET /api/v1/deplo...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE