MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.4	CVE-2026-52816	Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS_CVE-2026-52816 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook (ipynb) sanitizer endpoint at POST /-/api/sanitize_ipynb allo...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-52815	Gogs: Unauthenticated Organization Teams Information Disclosure via API_CVE-2026-52815 Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-52814	Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)_CVE-2026-52814 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric De...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 4.8	CVE-2026-52807	Gogs: DOM-based XSS via Milestone Name on New Issue Page_CVE-2026-52807 Gogs is an open source self-hosted Git service. Prior to 0.14.3, in new_form.tmpl, milestone names are rendered with Go's default auto-escaping ({{...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-52804	Gogs: Privilege Escalation via Collaboration Access Mode Validation_CVE-2026-52804 Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level acces...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-52802	Gogs: Open Redirect via redirect_to in Gogs_CVE-2026-52802 Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirect_t...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-52795	Gogs: Authorization Bypass in Watch API allows any user to monitor private repository activity_CVE-2026-52795 Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to...	gogs	gogs <= 0.14.3	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-50128	Mastodon: Spoofing of attribution domains_CVE-2026-50128 Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.11	Jun 24, 2026	CVE
MEDIUM 4.9	CVE-2025-64719	Gogs: Denial of Service in repository/wiki file listing web pages_CVE-2025-64719 Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 6.8	CVE-2026-52809	Gogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES_CVE-2026-52809 Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives (the account...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE