Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-45776	Open XDMoD has Broken Access Control via Client-Controlled Session Variable_CVE-2026-45776 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allow...	ubccr	xdmod < 11.0.3	Jun 5, 2026	CVE
CRITICAL 10	CVE-2026-11414	Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal_CVE-2026-11414 A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical ac...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
HIGH 8	CVE-2026-11401	Privilege Escalation in AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL_CVE-2026-11401 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenti...	AWS	AWS Advanced Go Wrapper 2026-04-06	Jun 5, 2026	CVE
HIGH 8	CVE-2026-11400	Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL_CVE-2026-11400 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authen...	AWS	AWS Advanced JDBC Wrapper 3.0.0	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2026-45779	Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise_CVE-2026-45779 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0...	ubccr	xdmod < 10.0.3	Jun 5, 2026	CVE
HIGH 8.6	CVE-2026-45778	Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset_CVE-2026-45778 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious Ja...	ubccr	xdmod < 11.0.3	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2026-45777	Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection_CVE-2026-45777 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can rem...	ubccr	xdmod >= 9.5.0, < 11.0.3	Jun 5, 2026	CVE
CRITICAL 9.6	CVE-2026-45758	Malicious code in guardrails-ai 0.10.1 (supply chain compromise)_CVE-2026-45758 Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a mal...	guardrails-ai	guardrails = 0.10.1	Jun 5, 2026	CVE
HIGH 7.4	CVE-2026-45300	async-http-client: Cookie header not stripped on cross-origin redirect_CVE-2026-45300 The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on t...	AsyncHttpClient	async-http-client >= 3.0.0.Beta1, < 3.0.10	Jun 5, 2026	CVE
MEDIUM 5.7	CVE-2026-25624	Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting_CVE-2026-25624 An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Ari...	Arista Networks	Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)	Jun 5, 2026	CVE