exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-12130	CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting_CVE-2026-12130 A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Proje...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-12129	CodeAstro Human Resource Management System Dashboard add_tod cross site scripting_CVE-2026-12129 A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file ...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54398	MISP object edit authorization bypass allows unauthorized sharing group assignment_CVE-2026-54398 An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or ...	misp	misp	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-53609	Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass_CVE-2026-53609 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation...	apostrophecms	apostrophe <= 4.30.0	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-53608	@apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag_CVE-2026-53608 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects t...	apostrophecms	@apostrophecms/seo <= 1.4.2	Jun 12, 2026	CVE
MEDIUM 6.8	CVE-2026-53523	Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection_CVE-2026-53523 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the get...	nezhahq	nezha >= 1.0.0, < 2.2.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-53522	Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS_CVE-2026-53522 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nez...	nezhahq	nezha >= 1.0.0, < 2.2.0	Jun 12, 2026	CVE
MEDIUM 6.4	CVE-2026-53521	Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user’s DDNS profile context_CVE-2026-53521 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH ...	nezhahq	nezha >= 2.0.14, < 2.1.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-53520	Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing_CVE-2026-53520 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authen...	nezhahq	nezha >= 2.0.14, < 2.1.0	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-53519	Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key_CVE-2026-53519 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the ...	nezhahq	nezha < 2.0.13	Jun 12, 2026	CVE