MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-9153	Arbitrary File Read in Rapid7 InsightConnect Sed Plugin_CVE-2026-9153 Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expre...	Rapid7	InsightConnect Sed Plugin	Jun 25, 2026	CVE
MEDIUM 6	CVE-2026-8664	OS Command Injection in Rapid7 InsightConnect Finger Plugin_CVE-2026-8664 OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands ...	Rapid7	InsightConnect Finger Plugin	Jun 25, 2026	CVE
MEDIUM 5.1	CVE-2026-49979	Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter_CVE-2026-49979 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accept...	appsmithorg	appsmith < 1.99	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-39897	Cacti has a Reflected XSS Vulnerability via html_auth_footer_CVE-2026-39897 Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_aut...	Cacti	cacti < 1.2.31	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-39900	Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context_CVE-2026-39900 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in ...	Cacti	cacti < 1.2.31	Jun 24, 2026	CVE
MEDIUM 6.9	CVE-2026-39899	Cacti: Path Traversal via filename parameter in package_import.php_CVE-2026-39899 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename paramet...	Cacti	cacti < 1.2.31	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-52816	Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS_CVE-2026-52816 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook (ipynb) sanitizer endpoint at POST /-/api/sanitize_ipynb allo...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-52815	Gogs: Unauthenticated Organization Teams Information Disclosure via API_CVE-2026-52815 Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-52814	Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)_CVE-2026-52814 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric De...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 4.8	CVE-2026-52807	Gogs: DOM-based XSS via Milestone Name on New Issue Page_CVE-2026-52807 Gogs is an open source self-hosted Git service. Prior to 0.14.3, in new_form.tmpl, milestone names are rendered with Go's default auto-escaping ({{...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE