category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-46342	Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning_CVE-2026-46342 Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/ni...	nuxt	nuxt >= 3.1.0, < 3.21.6	Jun 12, 2026	CVE
MEDIUM 5.9	CVE-2026-45670	Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)_CVE-2026-45670 Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, an...	nuxt	nuxt >= 3.15.4, < 3.21.6	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-45669	Nuxt: Reflected XSS in `navigateTo()` external redirect_CVE-2026-45669 Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() w...	nuxt	nuxt >= 3.4.3, < 3.21.6	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-1836	Stored credentials in Redmine_CVE-2026-1836 The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platf...	Redmine	Redmine	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-12066	PbootCMS Password MemberController.php retrieve password recovery_CVE-2026-12066 A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/Mem...	n/a	PbootCMS 3.2.0	Jun 12, 2026	CVE
HIGH 8.5	CVE-2026-11879	Arbitrary code execution in MobaXterm Personal Edition (Portable)_CVE-2026-11879 MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary...	Mobatek	MobaXterm Personal Edition (Portable) 26.3	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-12035	CVE-2026-12035_CVE-2026-12035 Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a ...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE
HIGH 8.8	CVE-2026-47342	Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass_CVE-2026-47342 A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects A...	Apache Software Foundation	Apache OFBiz	Jun 10, 2026	CVE
MEDIUM 5.3	CVE-2026-49347	Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown_CVE-2026-49347 Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels....	duck-organization	questbot < 1.1.8	Jun 12, 2026	CVE
LOW 2.1	CVE-2026-48485	Quest Bot: Stored warn reasons can still trigger bot-powered mass mentions through `/warns`._CVE-2026-48485 Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking...	duck-organization	questbot < 1.1.6	Jun 12, 2026	CVE