HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-40079	Cacti: Command Injection via escape_command() no-op in RRDtool execution_CVE-2026-40079 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sa...	Cacti	cacti < 1.2.31	Jun 24, 2026	CVE
HIGH 7.6	CVE-2026-39951	Cacti: Stored SQL Injection via graph_name_regexp in Reports feature_CVE-2026-39951 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through gra...	Cacti	cacti < 1.2.31	Jun 24, 2026	CVE
HIGH 7.3	CVE-2026-7539	HP Dock Accessory WMI Provider Installer Security Update_CVE-2026-7539 A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow e...	HP Inc.	HP Dock Accessory	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-52805	Gogs: Migration Redirect Bypass Leads to Internal Repository Theft_CVE-2026-52805 Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery (SSRF) vulnerability exists in the repository migrat...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.1	CVE-2026-52801	Gogs: Ability to import local repositories via Mirror Settings_CVE-2026-52801 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well pr...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-52800	Gogs: CSRF Leading to Organization Owner Takeover_CVE-2026-52800 Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-52799	Gogs: Missing Authorization in Attachment Download_CVE-2026-52799 Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether t...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.9	CVE-2026-52798	Gogs: Stored XSS in `.ipynb` Preview_CVE-2026-52798 Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitize_ipyn...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-50129	Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER_CVE-2026-50129 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaugh...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.11	Jun 24, 2026	CVE
HIGH 8.3	CVE-2026-47267	Gogs: SSRF in webhook deliveries_CVE-2026-47267 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs wi...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE