category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8	CVE-2026-5241	Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers_CVE-2026-5241 A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to exe...	huggingface	huggingface/transformers unspecified	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-48587	Potential exposure of private data via whitespace padding in Vary header_CVE-2026-48587 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading o...	djangoproject	Django 6.0	Jun 3, 2026	CVE
MEDIUM 6.9	CVE-2026-47325	Weak password policy in ProjectsAndPrograms school-management-system_CVE-2026-47325 ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s da...	ProjectsAndPrograms	school-management-system 6b6fae5	Jun 3, 2026	CVE
MEDIUM 5.1	CVE-2026-47324	Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system_CVE-2026-47324 ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers obj...	ProjectsAndPrograms	school-management-system 6b6fae5	Jun 3, 2026	CVE
LOW 3.7	CVE-2026-44546	Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing_CVE-2026-44546 daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twis...	djangoproject	daphne 4.2.0	Jun 3, 2026	CVE
MEDIUM 5.3	CVE-2026-44545	Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service_CVE-2026-44545 daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both ...	djangoproject	daphne 4.2.0	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-35193	Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware_CVE-2026-35193 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `A...	djangoproject	Django 6.0	Jun 3, 2026	CVE
LOW 1.2	CVE-2026-10729	HTML injection in the notification email for “Slow Redirect” and “Cloned Website” Canarytokens_CVE-2026-10729 An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research ...	Thinkst Applied Research	Canarytokens sha-c42435e	Jun 3, 2026	CVE
MEDIUM 6.3	CVE-2026-35717	CVE-2026-35717_CVE-2026-35717 A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers ...	n/a	n/a n/a	Jun 2, 2026	CVE
HIGH 8.7	CVE-2026-35085	Stack buffer overflow in method gdv-serverconfig_CVE-2026-35085 A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.	MBS	Single-A V1_0_0_0	Jun 3, 2026	CVE