HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	CVE-2026-48778	Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter_CVE-2026-48778 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) a...	notepad-plus-plus	notepad-plus-plus < 8.9.6.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-46710	Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path_CVE-2026-46710 Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in th...	notepad-plus-plus	notepad-plus-plus >= 8.9.4, < 8.9.6	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-55069	Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack_CVE-2026-55069 Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component...	kestra-io	kestra < 1.3.24	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-49984	Kestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)_CVE-2026-49984 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-suppli...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-45807	Kestra: Path traversal via URL-encoded “%2E%2E” in execution and namespace file endpoints allows arbitrary file read_CVE-2026-45807 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from...	kestra-io	kestra < 1.0.43	Jun 26, 2026	CVE
HIGH 8.3	MS:CVE-2026-13025	Chromium: CVE-2026-13025 Insufficient validation of untrusted input in DevTools_MS:CVE-2026-13025 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE
HIGH 8.8	MS:CVE-2026-13026	Chromium: CVE-2026-13026 Use after free in Digital Credentials_MS:CVE-2026-13026 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE
HIGH 8.8	MS:CVE-2026-13027	Chromium: CVE-2026-13027 Use after free in FileSystem_MS:CVE-2026-13027 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE
HIGH 7.5	MS:CVE-2026-13029	Chromium: CVE-2026-13029 Use after free in Web Authentication_MS:CVE-2026-13029 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE
HIGH 8.8	MS:CVE-2026-13031	Chromium: CVE-2026-13031 Use after free in Blink_MS:CVE-2026-13031 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE