HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-53608	@apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag_CVE-2026-53608 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects t...	apostrophecms	@apostrophecms/seo <= 1.4.2	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-49396	Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim’s agents_CVE-2026-49396 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-...	nezhahq	nezha >= 1.0.0, < 2.0.14	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-48119	Nezha Monitoring: Authenticated agents can forge service-monitor results for other users’ services_CVE-2026-48119 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authe...	nezhahq	nezha >= 0.20.0, < 2.0.12	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-47120	Nezha Monitoring: RoleMember can fire other users’ cron tasks via AlertRule.FailTriggerTasks (no ownership check)_CVE-2026-47120 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleM...	nezhahq	nezha >= 1.4.0, < 2.0.8	Jun 12, 2026	CVE
HIGH 7.7	CVE-2026-46717	Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification_CVE-2026-46717 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's...	nezhahq	nezha >= 1.4.0, < 2.0.8	Jun 12, 2026	CVE
HIGH 8.6	5581E532-E0A6-	Exploit for CVE-2026-20230_5581E532-E0A6-5210-9EB3-48C5BA4A5411 CVE-2026-20230 Scanner A Python-based scanner and validation tool for identifying potentially vulnerable Cisco Unified Communications Manager Unifi...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
HIGH 7.5	3F8B37D2-6288-	Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U_3F8B37D2-6288-5724-B73B-D65A8373E501 SolarWinds Serv-U Unauthenticated DoS: Safe Detection Script A safe, non-destructive detector for CVE-2026-28318, an unauthenticated denial-of-serv...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-9638	Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts_CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is...	ARODLAND	Crypt::PBKDF2	Jun 12, 2026	CVE
HIGH 7.8	CVE-2026-53406	CVE-2026-53406_CVE-2026-53406 Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticate...	Zoom Communications	Remote Control for Zoom Contact Center	Jun 12, 2026	CVE
HIGH 8	CVE-2026-48165	MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side_CVE-2026-48165 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before ...	MariaDB	server >= 10.6.1, < 10.6.27	Jun 12, 2026	CVE