Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-46386	OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`_CVE-2026-46386 OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KE...	opf	openproject >= 8.3.0, < 17.2.4	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-44736	OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects_CVE-2026-44736 OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated use...	opf	openproject < 17.4.0	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-44735	OpenProject: Shares API Information Disclosure_CVE-2026-44735 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share detail...	opf	openproject < 17.3.2	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-44734	OpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/rename_CVE-2026-44734 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in Open...	opf	openproject < 17.3.2	Jun 26, 2026	CVE
MEDIUM 5.9	CVE-2026-44733	OpenProject: Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements_CVE-2026-44733 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH re...	opf	openproject < 17.3.2	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-44732	OpenProject: IDOR on OpenProject through /api/v3/documents/{id} via PATCH parameter “project_id” leads to Unauthorized Modification of Resources_CVE-2026-44732 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used ...	opf	openproject < 17.3.2	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-44731	OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via “invited_user_id” in GET parameter “filters” leads to user names disclosure_CVE-2026-44731 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks ...	opf	openproject < 17.3.2	Jun 26, 2026	CVE
MEDIUM 5.7	CVE-2026-44696	OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltration_CVE-2026-44696 OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text (markdown) rendering pipeline uses Sani...	opf	openproject < 17.4.0	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-32833	Cudy LT300 3.0 OS Command Injection via NTP Configuration_CVE-2026-32833 Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execu...	Shenzhen Cudy Technology Co., Ltd.	LT300 3.0	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-29509	Patool < 4.0.5 Path Traversal via safe_extract() Function_CVE-2026-29509 Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Pytho...	wummel	patool	Jun 26, 2026	CVE