HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.3	CVE-2026-47267	Gogs: SSRF in webhook deliveries_CVE-2026-47267 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs wi...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-25119	Gogs: Authentication Bypass via Unvalidated Reverse Proxy Headers_CVE-2026-25119 Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured a...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-1840	Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface_CVE-2026-1840 The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system func...	Hubbell	Aclara Metrum Cellular Web Interface	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-52812	Gogs: LFS dedupe path leaks private repo content across tenants_CVE-2026-52812 Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone (///) but per-repo authorization...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-52810	Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusion_CVE-2026-52810 Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied servic...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-52808	Gogs: Write-level collaborators can mutate admin-only repository settings via API_CVE-2026-52808 Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.5	CVE-2026-52797	Gogs: Overwriting critical files results in a denial of service_CVE-2026-52797 Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the gi...	gogs	gogs < 0.14.0	Jun 24, 2026	CVE
HIGH 8.5	CVE-2026-45687	Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage_CVE-2026-45687 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-45677	Rocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoS_CVE-2026-45677 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-33235	AutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating features_CVE-2026-33235 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6...	Significant-Gravitas	AutoGPT >= 0.1.0, < 0.6.52	Jun 24, 2026	CVE