Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-13372	CVE-2026-13372_CVE-2026-13372 Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allo...	Devolutions	Remote Desktop Manager 2026.2.5	Jun 26, 2026	CVE
CRITICAL 9.9	CVE-2026-52785	OpenProject: SQL injection in timestamps functionality_CVE-2026-52785 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
HIGH 8.8	CVE-2026-52784	OpenProject: CSRF on TARGET through /users/:id via POST parameter “user[admin]”_CVE-2026-52784 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POS...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
HIGH 8.2	CVE-2026-52783	OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others “storage..httpx_access_token” leads to Sensitive Data Exposure_CVE-2026-52783 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/Sh...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
CRITICAL 9.9	CVE-2026-52782	OpenProject: IDOR through /projects//settings/project_storages/ via PATCH parameter “storages_project_storage[project_folder_id]” leads to Access to Unauthorized Resources_CVE-2026-52782 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/project...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
MEDIUM 6.4	CVE-2026-52781	OpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work_packages via POST parameter “description”_CVE-2026-52781 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants elements unrestricted dat...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2026-52780	OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)_CVE-2026-52780 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-52779	OpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projects_CVE-2026-52779 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusi...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-47193	OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks_CVE-2026-47193 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historica...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-55838	RustFS: Missing admin authorization on /rustfs/admin/v3/metrics allows any authenticated user to read server metrics_CVE-2026-55838 RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metric...	rustfs	rustfs <= 1.0.0-beta.7	Jun 26, 2026	CVE