category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.4	CVE-2026-42321	GLPI has stored XSS in asset locks_CVE-2026-42321 GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS pay...	glpi-project	glpi >= 10.0.4, < 10.0.25	Jun 3, 2026	CVE
MEDIUM 5.9	CVE-2026-42320	GLPI vulnerable to arbitrary file access_CVE-2026-42320 GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read a...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 3, 2026	CVE
HIGH 7	CVE-2026-42318	GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint_CVE-2026-42318 GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users wi...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 3, 2026	CVE
HIGH 7	CVE-2026-42317	GLPI vulnerable to arbitrary files deletion by technician_CVE-2026-42317 GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 3, 2026	CVE
MEDIUM 6.3	CVE-2026-3276	Potential DoS via quadratic complexity in unicodedata.normalize()_CVE-2026-3276 unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters wi...	Python Software Foundation	CPython	Jun 3, 2026	CVE
MEDIUM 6.3	CVE-2026-35716	CVE-2026-35716_CVE-2026-35716 A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers t...	n/a	n/a n/a	Jun 2, 2026	CVE
HIGH 7.3	CVE-2026-30649	CVE-2026-30649_CVE-2026-30649 Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component	n/a	n/a n/a	Jun 2, 2026	CVE
LOW 3.1	CVE-2026-8404	Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware_CVE-2026-8404 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match ...	djangoproject	Django 6.0	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-7666	Potential unencrypted email transmission via STARTTLS in the SMTP backend_CVE-2026-7666 An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent ...	djangoproject	Django 6.0	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-6873	Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie_CVE-2026-6873 An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Django uses a non-injectiv...	djangoproject	Django 6.0	Jun 3, 2026	CVE