MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-54517	jackson-databind: @JsonView bypass for setterless creator properties_CVE-2026-54517 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....	FasterXML	jackson-databind >= 2.21.0, < 2.21.4	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54516	jackson-databind: Renamed @JsonIgnore’d setters can deserialize via private fields_CVE-2026-54516 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....	FasterXML	jackson-databind >= 2.21.0, < 2.21.4	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54515	jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties_CVE-2026-54515 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5...	FasterXML	jackson-databind >= 2.8.0, < 2.18.9	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54514	jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)_CVE-2026-54514 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4...	FasterXML	jackson-databind >= 2.0.0, < 2.18.8	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-50193	jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()_CVE-2026-50193 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a pot...	FasterXML	jackson-databind >= 2.10.0, < 2.14.0	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-47382	NocoDB: Server-Side Request Forgery via Database Connection Host_CVE-2026-47382 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-sup...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-47380	NocoDB: User Enumeration via Sign-In Timing_CVE-2026-47380 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email add...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47378	NocoDB: Hidden Column Exposure in Public Shared View Endpoints_CVE-2026-47378 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the vi...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2026-47377	NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin_CVE-2026-47377 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace()...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2026-47376	NocoDB: Reflected Cross-Site Scripting via Password Reset Token_CVE-2026-47376 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the password-reset page rendered the URL token directly into a JavaS...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE