HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-56245	Supabase Capgo – Unauthenticated Cross-Tenant Build-Time Accounting Poisoning via record_build_time RPC_CVE-2026-56245 Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows un...	Cap-go	capgo	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-56244	Capgo – Webhook Signing Secret Disclosure via Non-Admin API Key_CVE-2026-56244 Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies o...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-56232	Capgo – Subkey Scope Bypass in middlewareKey via x-limited-key-id Header_CVE-2026-56232 Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewar...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-56231	Capgo – Broken Object Level Authorization in Build Job Control via jobId Parameter_CVE-2026-56231 Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST /build/start/:jobId and POST /build/cancel/:job...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 10	671F5C5A-5DF1-	Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware_671F5C5A-5DF1-5396-BCA3-038841185E26 Mô phỏng khai thác Dahua Authentication Bypass PoC CVE-2021-33044 Tổng quan Camera IP Dahua là thiết bị IoT được sử dụng phổ biến trong các hệ thốn...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 7.8	1C4C9845-A374-	Exploit for Improper Privilege Management in Enlightenment_1C4C9845-A374-55A0-891B-94D916CABECA CVE-2022-37706 Overview CVE-2022-37706 adalah kerentanan Local Privilege Escalation LPE yang ditemukan pada komponen enlightenmentsys di lingkungan...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 7.6	CVE-2025-71354	picklescan – Remote Code Execution via idlelib.debugobj.ObjectTreeItem.SetText_CVE-2025-71354 picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. At...	picklescan	picklescan	Jun 24, 2026	CVE
HIGH 8.5	CVE-2025-71332	Flowise – SQL Injection in importChatflows API via chatflow.id Parameter_CVE-2025-71332 Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, a...	Flowise	Flowise	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-12242	AdRotate Banner Manager <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection via 'banner' Shortcode Attribute_CVE-2026-12242 The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' ...	adegans	AdRotate Banner Manager	Jun 24, 2026	CVE
HIGH 8.4	CVE-2026-42450	OpenColorIO vulnerable to stack buffer overflow via unbounded `sscanf %s` in Spi3D (.spi3d) LUT parser_CVE-2026-42450 OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with ...	AcademySoftwareFoundation	OpenColorIO < 2.5.2	Jun 24, 2026	CVE