exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.4	CVE-2026-44939	Command injection through unsanitized YAML parameter in Rancher_CVE-2026-44939 A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanit...	SUSE	Rancher 2.14.0	Jun 19, 2026	CVE
LOW 3.7	CVE-2026-9143	Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen_CVE-2026-9143 There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently d...	NI	grpc-device	Jun 19, 2026	CVE
CRITICAL 9.1	CVE-2026-9142	Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present_CVE-2026-9142 There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopb...	NI	grpc-device	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-4027	FlexNet Manager Suite Attachment File Disclosure_CVE-2026-4027 A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due t...	Flexera	FlexNet Manager Suite 2025 R1	Jun 19, 2026	CVE
HIGH 8.7	CVE-2026-4026	FlexNet Manager Suite Privilege Escalation Vulnerability_CVE-2026-4026 A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to accou...	Flexera	FlexNet Manager Suite 2025 R1	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-49872	Apache APISIX: Improper authentication in cas-auth plugin_CVE-2026-49872 Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself ...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-49871	Apache APISIX: cas-auth login CSRF / session injection issue_CVE-2026-49871 Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that man...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
HIGH 8.8	CVE-2026-49357	Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication_CVE-2026-49357 Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop app...	dtwang	line-desktop-mcp < 1.1.2	Jun 19, 2026	CVE
LOW 2.3	CVE-2026-49231	Apache APISIX: Identity spoofing issue in APISIX opa plugin_CVE-2026-49231 Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-de...	Apache Software Foundation	Apache APISIX 3.5.0	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-49230	Apache APISIX: Authentication bypass in jwe-decrypt_CVE-2026-49230 Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to a...	Apache Software Foundation	Apache APISIX 3.8.0	Jun 19, 2026	CVE