HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.3	CVE-2026-9029	Stored XSS via Geomap Panel Template Variable Attribution Injection_CVE-2026-9029 The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent() runs on the raw template string before g...	Grafana	Grafana OSS 12.4.0	Jun 22, 2026	CVE
HIGH 7	CVE-2026-6653	libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling_CVE-2026-6653 Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-servic...	GNOME	libxml2 2.9.11	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-56448	Authenticated Path Traversal in AIL Framework Investigation Downloads Allows Arbitrary File Read_CVE-2026-56448 A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authentica...	ail project	ail framework	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-56446	Authenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISP_CVE-2026-56446 MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can i...	misp	misp	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-56424	Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models_CVE-2026-56424 MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/edi...	misp	misp	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-54100	Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft_CVE-2026-54100 A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Window...	Red Hat	Red Hat OpenShift Container Platform 4	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-54099	Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters_CVE-2026-54099 A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that ...	Red Hat	Red Hat OpenShift Container Platform 4	Jun 22, 2026	CVE
HIGH 7.7	CVE-2026-42129	Path Traversal in Loki Datasource leads to Internal Information Disclosure_CVE-2026-42129 The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin'...	Grafana	Grafana OSS	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-12602	Incorrect permissions in ArubaSign by Aruba_CVE-2026-12602 Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate perm...	Aruba	ArubaSign	Jun 22, 2026	CVE
HIGH 7.8	762AC12D-EAE0-	Exploit for Out-of-bounds Write in Linux Linux_Kernel_762AC12D-EAE0-5CAD-AE9B-86D5B412786A No description provided...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT