HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.4	CVE-2026-47383	NocoDB: Stored Cross-Site Scripting via Row Comments_CVE-2026-47383 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that exe...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-23513	FOSSBilling: Broken Authorization in Client Transaction and Order Listings_CVE-2026-23513 FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endp...	FOSSBilling	FOSSBilling < 0.8.0	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-12112	Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse_CVE-2026-12112 A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active ...	Red Hat	Red Hat Satellite 6	Jun 23, 2026	CVE
HIGH 10	01330BA9-9AFB-	vulnerability-assessment-metasploitable2_01330BA9-9AFB-5AA8-A3E2-3AB2FE216993 Vulnerability Assessment — Metasploitable 2 A end-to-end vulnerability assessment conducted against a controlled lab environment, documented in con...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
HIGH 8.1	C0FC9086-8648-	Exploit for CVE-2026-45156_C0FC9086-8648-5BF4-BFEE-F541B2675907 CVE-2026-45156: Nextcloud useroidc ID4me JWT Signature Bypass This repository contains the Proof of Concept PoC exploit script for CVE-2026-45156, ...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
HIGH 8.8	E3CC4BB2-C7CC-	Exploit for CVE-2026-8461_E3CC4BB2-C7CC-5E49-98CD-CB9550BC8BC3 CVE-2026-8461 PoC !WARNING This PoC is entirely generated by AI. Usage: bash python exploitcve20268461.py --baseline --frames 25 -o baseline.avi An...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
HIGH 7.1	CVE-2026-56116	dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling_CVE-2026-56116 dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling th...	NetworkConfiguration	dhcpcd	Jun 23, 2026	CVE
HIGH 7.5	CVE-2026-55446	Langflow: Unauthenticated DoS through multipart form boundary file upload_CVE-2026-55446 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ reques...	langflow-ai	langflow < 1.0.19	Jun 23, 2026	CVE
HIGH 8.5	CVE-2026-54307	n8n: Credential Exfiltration via Permission Bypass_CVE-2026-54307 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workf...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
HIGH 8.9	CVE-2026-54305	n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints_CVE-2026-54305 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials featu...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE