HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-4870	Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions._CVE-2026-4870 IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recu...	IBM	Qiskit SDK 0.43.0	Jun 12, 2026	CVE
HIGH 8.1	CVE-2026-45013	Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation_CVE-2026-45013 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs t...	apostrophecms	apostrophe <= 4.29.0	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-45012	Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget_CVE-2026-45012 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request...	apostrophecms	apostrophe <= 4.29.0	Jun 12, 2026	CVE
HIGH 7.3	CVE-2026-45011	Apostrophe has stored XSS via javascript: URL in Image Widget Link_CVE-2026-45011 ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widg...	apostrophecms	apostrophe = 4.29.0	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-44786	Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users_CVE-2026-44786 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-53608	@apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag_CVE-2026-53608 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects t...	apostrophecms	@apostrophecms/seo <= 1.4.2	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-49396	Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim’s agents_CVE-2026-49396 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-...	nezhahq	nezha >= 1.0.0, < 2.0.14	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-48119	Nezha Monitoring: Authenticated agents can forge service-monitor results for other users’ services_CVE-2026-48119 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authe...	nezhahq	nezha >= 0.20.0, < 2.0.12	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-47120	Nezha Monitoring: RoleMember can fire other users’ cron tasks via AlertRule.FailTriggerTasks (no ownership check)_CVE-2026-47120 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleM...	nezhahq	nezha >= 1.4.0, < 2.0.8	Jun 12, 2026	CVE
HIGH 7.7	CVE-2026-46717	Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification_CVE-2026-46717 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's...	nezhahq	nezha >= 1.4.0, < 2.0.8	Jun 12, 2026	CVE