MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-24618	WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability_CVE-2026-24618 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensi...	HashThemes	Hash Elements n/a	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-12130	CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting_CVE-2026-12130 A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Proje...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-12129	CodeAstro Human Resource Management System Dashboard add_tod cross site scripting_CVE-2026-12129 A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file ...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54398	MISP object edit authorization bypass allows unauthorized sharing group assignment_CVE-2026-54398 An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or ...	misp	misp	Jun 12, 2026	CVE
MEDIUM 6.8	CVE-2026-53523	Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection_CVE-2026-53523 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the get...	nezhahq	nezha >= 1.0.0, < 2.2.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-53522	Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS_CVE-2026-53522 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nez...	nezhahq	nezha >= 1.0.0, < 2.2.0	Jun 12, 2026	CVE
MEDIUM 6.4	CVE-2026-53521	Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user’s DDNS profile context_CVE-2026-53521 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH ...	nezhahq	nezha >= 2.0.14, < 2.1.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-53520	Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing_CVE-2026-53520 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authen...	nezhahq	nezha >= 2.0.14, < 2.1.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-49397	Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data_CVE-2026-49397 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, privat...	nezhahq	nezha >= 2.0.0, < 2.0.14	Jun 12, 2026	CVE
MEDIUM 6.4	CVE-2026-47268	Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host_CVE-2026-47268 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an au...	nezhahq	nezha >= 0.20.0, < 2.0.10	Jun 12, 2026	CVE