HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-54358	MISP organization administrators can target site administrator accounts for password reset_CVE-2026-54358 An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same o...	misp	misp	Jun 12, 2026	CVE
HIGH 7.8	CVE-2026-42851	@kitty-edit DCS + –color=geninclude vulnerable to Unauthenticated in-process RCE_CVE-2026-42851 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a...	kovidgoyal	kitty < 0.47.0	Jun 12, 2026	CVE
HIGH 7.4	CVE-2026-42850	Kitty has a shell command injection_CVE-2026-42850 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty erro...	kovidgoyal	kitty < 0.47.0	Jun 12, 2026	CVE
HIGH 7.3	CVE-2026-54057	Kitty vulnerable to command injection via unsanitized OSC 21 query reply_CVE-2026-54057 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled ...	kovidgoyal	kitty < 0.47.3	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-54056	Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging_CVE-2026-54056 Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to over...	kovidgoyal	kitty >= 0.47.0, < 0.47.2	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-4870	Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions._CVE-2026-4870 IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recu...	IBM	Qiskit SDK 0.43.0	Jun 12, 2026	CVE
HIGH 8.1	CVE-2026-45013	Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation_CVE-2026-45013 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs t...	apostrophecms	apostrophe <= 4.29.0	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-45012	Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget_CVE-2026-45012 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request...	apostrophecms	apostrophe <= 4.29.0	Jun 12, 2026	CVE
HIGH 7.3	CVE-2026-45011	Apostrophe has stored XSS via javascript: URL in Image Widget Link_CVE-2026-45011 ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widg...	apostrophecms	apostrophe = 4.29.0	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-44786	Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users_CVE-2026-44786 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE