category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-55223	c3p0 exposes a deserialization “sink” via JDBC DataSource bean properties_CVE-2026-55223 c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for des...	swaldman	c3p0 < 0.14.0	Jun 30, 2026	CVE
CRITICAL 9.3	CVE-2026-50110	Use of Hard-coded Credentials in StoneFly Storage Concentrator_CVE-2026-50110 Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the cred...	StoneFly	Storage Concentrator	Jun 30, 2026	CVE
LOW 3.5	CVE-2026-9836	IBM DataStage Flow Designer application is affected by an information disclosure vulnerability_CVE-2026-9836 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.	IBM	InfoSphere Information Server 11.7.0.0	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-9002	IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled_CVE-2026-9002 IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the...	IBM	WebSphere Extreme Scale 8.6.1.0	Jun 30, 2026	CVE
CRITICAL 9.1	CVE-2026-7874	Weak Cryptographic Key Derivation Exposed All Stored Credentials_CVE-2026-7874 IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivat...	IBM	Langflow OSS 1.0.0	Jun 30, 2026	CVE
CRITICAL 9.9	CVE-2026-7873	Code Injection Vulnerability in Code Validation Endpoint_CVE-2026-7873 IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credential...	IBM	Langflow OSS 1.0.0	Jun 30, 2026	CVE
CRITICAL 9.8	CVE-2026-7871	Insecure Deserialization in Redis Cache Backend_CVE-2026-7871 IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all s...	IBM	Langflow OSS 1.0.0	Jun 30, 2026	CVE
CRITICAL 9.8	CVE-2026-7803	Flow Validation Bypass via Empty Component Type Field_CVE-2026-7803 IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component...	IBM	Langflow OSS 1.0.0	Jun 30, 2026	CVE
CRITICAL 9.1	CVE-2026-7663	Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass_CVE-2026-7663 IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due...	IBM	Langflow OSS 1.0.0-1.9.6	Jun 30, 2026	CVE
MEDIUM 4.7	CVE-2026-3602	IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection_CVE-2026-3602 IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is...	IBM	App Connect Enterprise 13.0.1.0	Jun 30, 2026	CVE