MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-53522	Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS_CVE-2026-53522 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nez...	nezhahq	nezha >= 1.0.0, < 2.2.0	Jun 12, 2026	CVE
MEDIUM 6.4	CVE-2026-53521	Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user’s DDNS profile context_CVE-2026-53521 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH ...	nezhahq	nezha >= 2.0.14, < 2.1.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-53520	Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing_CVE-2026-53520 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authen...	nezhahq	nezha >= 2.0.14, < 2.1.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-49397	Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data_CVE-2026-49397 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, privat...	nezhahq	nezha >= 2.0.0, < 2.0.14	Jun 12, 2026	CVE
MEDIUM 6.4	CVE-2026-47268	Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host_CVE-2026-47268 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an au...	nezhahq	nezha >= 0.20.0, < 2.0.10	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-47124	Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members_CVE-2026-47124 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any aut...	nezhahq	nezha >= 1.4.0, < 2.0.9	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-12131	CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection_CVE-2026-12131 A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \appl...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-9641	Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations_CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which ...	ARODLAND	Crypt::PBKDF2	Jun 12, 2026	CVE
MEDIUM 6	CVE-2026-47225	Improper Search Cache Isolation for Scoped Search API Keys in Typesense_CVE-2026-47225 Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that ...	typesense	typesense < 29.1	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-47223	NanaZip: Heap out-of-bounds read in NanaZip AVB hashtree descriptor parser via 32-bit unsigned integer overflow_CVE-2026-47223 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bou...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE