MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-53520	Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing_CVE-2026-53520 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authen...	nezhahq	nezha >= 2.0.14, < 2.1.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-49397	Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data_CVE-2026-49397 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, privat...	nezhahq	nezha >= 2.0.0, < 2.0.14	Jun 12, 2026	CVE
MEDIUM 6.4	CVE-2026-47268	Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host_CVE-2026-47268 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an au...	nezhahq	nezha >= 0.20.0, < 2.0.10	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-47124	Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members_CVE-2026-47124 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any aut...	nezhahq	nezha >= 1.4.0, < 2.0.9	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-12131	CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection_CVE-2026-12131 A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \appl...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-9641	Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations_CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which ...	ARODLAND	Crypt::PBKDF2	Jun 12, 2026	CVE
MEDIUM 6	CVE-2026-47225	Improper Search Cache Isolation for Scoped Search API Keys in Typesense_CVE-2026-47225 Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that ...	typesense	typesense < 29.1	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-47223	NanaZip: Heap out-of-bounds read in NanaZip AVB hashtree descriptor parser via 32-bit unsigned integer overflow_CVE-2026-47223 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bou...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 5	CVE-2026-44173	MariaDB: FILE privilege was not checked for subqueries in the FROM clause_CVE-2026-44173 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before ...	MariaDB	server >= 10.6.1, < 10.6.26	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-44172	MariaDB: mysql_real_escape_string() incorrectly handled big5_CVE-2026-44172 MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input...	MariaDB	server = 3.3.18	Jun 12, 2026	CVE