CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-54093	File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames_CVE-2026-54093 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54092	File Browser: DoS Vulnerability on Public Login API_CVE-2026-54092 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-54091	File Browser: Incorrect access control in public directory shares via rule path rebasing_CVE-2026-54091 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-54090	File Browser: Command Allowlist Bypass via Shell Metacharacter Injection_CVE-2026-54090 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.33.8	Jun 25, 2026	CVE
CRITICAL 9.1	CVE-2026-54089	File Browser: Authentication Bypass via Proxy Auth Header Forgery_CVE-2026-54089 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting w...	filebrowser	filebrowser >= 2.0.0-rc.1	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2026-54088	File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)_CVE-2026-54088 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
HIGH 7.8	CVE-2026-53925	Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration_CVE-2026-53925 Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interpret...	nicolargo	glances >= 4.0.8, < 4.5.5	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-46611	Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack_CVE-2026-46611 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/ser...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
HIGH 7.4	CVE-2026-46608	Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)_CVE-2026-46608 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable ...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
HIGH 7.8	CVE-2026-46607	Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution_CVE-2026-46607 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cac...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE