MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-45014	Apostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip_CVE-2026-45014 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scriptin...	apostrophecms	apostrophe <= 4.29.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44785	Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts_CVE-2026-44785 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-44784	Discourse: Non-staff group owners can see email password in plaintext through group history_CVE-2026-44784 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-44783	Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts_CVE-2026-44783 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44782	Discourse: GroupPostSerializer leaks hidden full names through reaction post association_CVE-2026-44782 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44780	Discourse: Category queue reviewers can read raw incoming emails from queued posts_CVE-2026-44780 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.4.0-latest, < 2026.4.1	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44779	Discourse: Bot debug endpoints disclose whisper translation audit logs_CVE-2026-44779 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-42853	@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input_CVE-2026-42853 ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a c...	apostrophecms	@apostrophecms/cli <= 3.6.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-24618	WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability_CVE-2026-24618 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensi...	HashThemes	Hash Elements n/a	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-12130	CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting_CVE-2026-12130 A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Proje...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE