CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.4	CVE-2026-56423	MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints_CVE-2026-56423 MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection hand...	misp	misp	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-54100	Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft_CVE-2026-54100 A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Window...	Red Hat	Red Hat OpenShift Container Platform 4	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-54099	Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters_CVE-2026-54099 A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that ...	Red Hat	Red Hat OpenShift Container Platform 4	Jun 22, 2026	CVE
HIGH 7.7	CVE-2026-42129	Path Traversal in Loki Datasource leads to Internal Information Disclosure_CVE-2026-42129 The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin'...	Grafana	Grafana OSS	Jun 22, 2026	CVE
CRITICAL 9.6	CVE-2026-28381	Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT_CVE-2026-28381 The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write fil...	Grafana	Snowflake Datasource 1.14.7	Jun 22, 2026	CVE
LOW 2	CVE-2026-12888	HTML injection in the Canarytoken Google Chat notification_CVE-2026-12888 An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface M...	Thinkst Applied Research	Canarytokens sha-4aef1db90	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-12602	Incorrect permissions in ArubaSign by Aruba_CVE-2026-12602 Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate perm...	Aruba	ArubaSign	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-10601	Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access_CVE-2026-10601 The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, ena...	Grafana	Grafana OSS 11.6.0	Jun 22, 2026	CVE
CRITICAL 10	CVE-2026-10561	Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection_CVE-2026-10561 IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass t...	IBM	Langflow OSS 1.0.0	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2025-33128	IBM Engineering Lifecycle Management – Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed_CVE-2025-33128 IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting....	IBM	Engineering Workflow Management 7.0.3	Jun 22, 2026	CVE