CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-46397	haxcms-php Local File Inclusion via saveOutline API Location Parameter v2.0_CVE-2026-46397 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerabi...	haxtheweb	haxcms-php < 26.0.0	Jun 5, 2026	CVE
MEDIUM 6.5	CVE-2026-46357	HAX CMS NodeJS application Vulnerable to Denial of Service using Malicious Import Request_CVE-2026-46357 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authen...	haxtheweb	haxcms-nodejs < 26.0.0	Jun 5, 2026	CVE
MEDIUM 5.3	CVE-2026-45776	Open XDMoD has Broken Access Control via Client-Controlled Session Variable_CVE-2026-45776 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allow...	ubccr	xdmod < 11.0.3	Jun 5, 2026	CVE
CRITICAL 10	CVE-2026-11414	Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal_CVE-2026-11414 A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical ac...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
HIGH 8	CVE-2026-11401	Privilege Escalation in AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL_CVE-2026-11401 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenti...	AWS	AWS Advanced Go Wrapper 2026-04-06	Jun 5, 2026	CVE
HIGH 8	CVE-2026-11400	Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL_CVE-2026-11400 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authen...	AWS	AWS Advanced JDBC Wrapper 3.0.0	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2026-45779	Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise_CVE-2026-45779 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0...	ubccr	xdmod < 10.0.3	Jun 5, 2026	CVE
HIGH 8.6	CVE-2026-45778	Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset_CVE-2026-45778 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious Ja...	ubccr	xdmod < 11.0.3	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2026-45777	Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection_CVE-2026-45777 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can rem...	ubccr	xdmod >= 9.5.0, < 11.0.3	Jun 5, 2026	CVE
CRITICAL 9.6	CVE-2026-45758	Malicious code in guardrails-ai 0.10.1 (supply chain compromise)_CVE-2026-45758 Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a mal...	guardrails-ai	guardrails = 0.10.1	Jun 5, 2026	CVE