MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-39897	Cacti has a Reflected XSS Vulnerability via html_auth_footer_CVE-2026-39897 Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_aut...	Cacti	cacti < 1.2.31	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-39900	Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context_CVE-2026-39900 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in ...	Cacti	cacti < 1.2.31	Jun 24, 2026	CVE
MEDIUM 6.9	CVE-2026-39899	Cacti: Path Traversal via filename parameter in package_import.php_CVE-2026-39899 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename paramet...	Cacti	cacti < 1.2.31	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-52816	Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS_CVE-2026-52816 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook (ipynb) sanitizer endpoint at POST /-/api/sanitize_ipynb allo...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-52815	Gogs: Unauthenticated Organization Teams Information Disclosure via API_CVE-2026-52815 Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-52814	Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)_CVE-2026-52814 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric De...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 4.8	CVE-2026-52807	Gogs: DOM-based XSS via Milestone Name on New Issue Page_CVE-2026-52807 Gogs is an open source self-hosted Git service. Prior to 0.14.3, in new_form.tmpl, milestone names are rendered with Go's default auto-escaping ({{...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-52804	Gogs: Privilege Escalation via Collaboration Access Mode Validation_CVE-2026-52804 Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level acces...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-52802	Gogs: Open Redirect via redirect_to in Gogs_CVE-2026-52802 Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirect_t...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-52795	Gogs: Authorization Bypass in Watch API allows any user to monitor private repository activity_CVE-2026-52795 Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to...	gogs	gogs <= 0.14.3	Jun 24, 2026	CVE