MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-44947	Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher_CVE-2026-44947 A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 a...	SUSE	Rancher 2.13.0	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-27956	Coolify: Cross-team application domain enumeration via domains_by_server endpoint_CVE-2026-27956 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/servers/{...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 6.6	CVE-2026-27955	Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`_CVE-2026-27955 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker() ...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 5	CVE-2026-27883	Coolify: IDOR in Deployment API – Cross-Team Deployment Information Disclosure_CVE-2026-27883 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the `GET /api/v1/deplo...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 4.8	CVE-2026-27882	Coolify: Timing Attack in GitLab Webhook Token Validation_CVE-2026-27882 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook end...	coollabsio	coolify < 4.0.0-beta.461	Jun 30, 2026	CVE
MEDIUM 5	CVE-2026-27881	Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)_CVE-2026-27881 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/deploymen...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-48314	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)_CVE-2026-48314 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v...	Adobe	ColdFusion	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-58373	CVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report Existence_CVE-2026-58373 CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.get_queryset that allows authenticated attackers to enu...	cvat-ai	cvat	Jun 30, 2026	CVE
MEDIUM 5.3	CVE-2026-58369	Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service_CVE-2026-58369 Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name endpoint without authentication middleware, and the LookupOrg handler uncond...	woodpecker-ci	woodpecker	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-58176	RuoYi-Vue-Plus – Missing Authorization on Workflow Task Management Endpoints_CVE-2026-58176 RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task (FlwTaskController) without ...	dromara	RuoYi-Vue-Plus	Jun 30, 2026	CVE