Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-44990	Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`_CVE-2026-44990 ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the d...	apostrophecms	sanitize-html < 2.17.4	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-44786	Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users_CVE-2026-44786 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44785	Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts_CVE-2026-44785 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-44784	Discourse: Non-staff group owners can see email password in plaintext through group history_CVE-2026-44784 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-44783	Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts_CVE-2026-44783 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44782	Discourse: GroupPostSerializer leaks hidden full names through reaction post association_CVE-2026-44782 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44780	Discourse: Category queue reviewers can read raw incoming emails from queued posts_CVE-2026-44780 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.4.0-latest, < 2026.4.1	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44779	Discourse: Bot debug endpoints disclose whisper translation audit logs_CVE-2026-44779 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-42853	@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input_CVE-2026-42853 ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a c...	apostrophecms	@apostrophecms/cli <= 3.6.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-24618	WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability_CVE-2026-24618 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensi...	HashThemes	Hash Elements n/a	Jun 12, 2026	CVE