CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.7	CVE-2026-22551	CVE-2026-22551_CVE-2026-22551 In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary extern...	Eclipse Foundation	Eclipse Theia	Jun 18, 2026	CVE
MEDIUM 5	CVE-2026-11791	389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()_CVE-2026-11791 A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax informati...	Red Hat	Red Hat Directory Server 11	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2025-58175	GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution_CVE-2025-58175 GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses ...	geoserver	org.geoserver.web:gs-web-app < 2.26.4	Jun 18, 2026	CVE
HIGH 7.2	CVE-2025-52465	GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page_CVE-2025-52465 GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists...	geoserver	org.geoserver.web:gs-web-app < 2.26.4	Jun 18, 2026	CVE
HIGH 7.2	CVE-2025-27511	GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection_CVE-2025-27511 GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Exte...	geoserver	org.geoserver.extension:gs-db2 < 2.27.0	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-56024	WordPress WP EasyPay plugin <= 4.4.0 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-56024 Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/...	Saad Iqbal	WP EasyPay n/a	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-56022	Webmin MFA bypass_CVE-2026-56022 Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additiona...	Webmin	Webmin	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-56021	Webmin information disclosure via regex pattern_CVE-2026-56021 Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.	Webmin	Webmin *	Jun 18, 2026	CVE
HIGH 8.1	CVE-2026-56020	Webmin HTTP header authentication bypass_CVE-2026-56020 The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a...	Webmin	Webmin	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-55237	AutoGPT SignUp Page has DOM-Based XSS and Open Redirect_CVE-2026-55237 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62...	Significant-Gravitas	AutoGPT < 0.6.62	Jun 18, 2026	CVE