CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-44779	Discourse: Bot debug endpoints disclose whisper translation audit logs_CVE-2026-44779 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-42853	@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input_CVE-2026-42853 ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a c...	apostrophecms	@apostrophecms/cli <= 3.6.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-24618	WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability_CVE-2026-24618 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensi...	HashThemes	Hash Elements n/a	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-12130	CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting_CVE-2026-12130 A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Proje...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-12129	CodeAstro Human Resource Management System Dashboard add_tod cross site scripting_CVE-2026-12129 A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file ...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54398	MISP object edit authorization bypass allows unauthorized sharing group assignment_CVE-2026-54398 An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or ...	misp	misp	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-53609	Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass_CVE-2026-53609 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation...	apostrophecms	apostrophe <= 4.30.0	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-53608	@apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag_CVE-2026-53608 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects t...	apostrophecms	@apostrophecms/seo <= 1.4.2	Jun 12, 2026	CVE
MEDIUM 6.8	CVE-2026-53523	Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection_CVE-2026-53523 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the get...	nezhahq	nezha >= 1.0.0, < 2.2.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-53522	Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS_CVE-2026-53522 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nez...	nezhahq	nezha >= 1.0.0, < 2.2.0	Jun 12, 2026	CVE