CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-48855	SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured_CVE-2026-48855 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_R...	Erlang	OTP 3.0.1	Jun 10, 2026	CVE
MEDIUM 5	CVE-2026-48096	OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning_CVE-2026-48096 OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check r...	openfga	openfga < 1.16.0	Jun 10, 2026	CVE
HIGH 8.3	CVE-2026-46558	Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces_CVE-2026-46558 Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticat...	makeplane	plane < 1.3.1	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-46497	SSRF via sitemap-derived URLs in Crawlee for Python_CVE-2026-46497 Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-der...	apify	crawlee-python >= 1.0.0, < 1.7.0	Jun 10, 2026	CVE
HIGH 8.1	CVE-2026-45569	Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)_CVE-2026-45569 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand valid...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
HIGH 8.3	CVE-2026-45567	Roxy-WI: Authentication bypass via ‘api’ substring in URL + unauthenticated /api/gpt_CVE-2026-45567 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication by...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
MEDIUM 6.1	CVE-2026-45566	Roxy-WI: Open redirect on /login?next= via basic-auth userinfo syntax bypass_CVE-2026-45566 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists ne...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
HIGH 8.1	CVE-2026-45565	Roxy-WI: EscapedString validator skips its ‘..’ block when stripping (root cause for several path-traversal/RCE vectors)_CVE-2026-45565 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/ro...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
HIGH 7.2	CVE-2026-25700	Apache Answer: AdminToken not invalidated after admin deactivation_CVE-2026-25700 Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously iss...	Apache Software Foundation	Apache Answer	Jun 10, 2026	CVE
MEDIUM 5.4	CVE-2026-46616	Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers_CVE-2026-46616 Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related opera...	umbraco	Umbraco-CMS < 13.14.0	Jun 10, 2026	CVE