Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-44785	Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts_CVE-2026-44785 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-44784	Discourse: Non-staff group owners can see email password in plaintext through group history_CVE-2026-44784 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-44783	Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts_CVE-2026-44783 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44782	Discourse: GroupPostSerializer leaks hidden full names through reaction post association_CVE-2026-44782 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44780	Discourse: Category queue reviewers can read raw incoming emails from queued posts_CVE-2026-44780 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.4.0-latest, < 2026.4.1	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44779	Discourse: Bot debug endpoints disclose whisper translation audit logs_CVE-2026-44779 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-42853	@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input_CVE-2026-42853 ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a c...	apostrophecms	@apostrophecms/cli <= 3.6.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-24618	WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability_CVE-2026-24618 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensi...	HashThemes	Hash Elements n/a	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-12130	CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting_CVE-2026-12130 A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Proje...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-12129	CodeAstro Human Resource Management System Dashboard add_tod cross site scripting_CVE-2026-12129 A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file ...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE