Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-40624	AVer PTC cameras Files or Directories Accessible to External Parties_CVE-2026-40624 Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary...	AVer	PTC500S *	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-12050	pgAdmin 4: SQL injection in named restore point endpoint_CVE-2026-12050 SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was int...	pgadmin.org	pgAdmin 4 1.0	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-12049	pgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated ‘next’ parameter_CVE-2026-12049 Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form...	pgadmin.org	pgAdmin 4 6.0	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-12048	pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser_CVE-2026-12048 Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messa...	pgadmin.org	pgAdmin 4 6.0	Jun 18, 2026	CVE
LOW 3.5	CVE-2026-12047	pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text_CVE-2026-12047 HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /...	pgadmin.org	pgAdmin 4 6.6	Jun 18, 2026	CVE
CRITICAL 9	CVE-2026-12046	pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution_CVE-2026-12046 Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connec...	pgadmin.org	pgAdmin 4 6.9	Jun 18, 2026	CVE
CRITICAL 9	CVE-2026-12045	pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution_CVE-2026-12045 Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execut...	pgadmin.org	pgAdmin 4 9.13	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-12044	pgAdmin 4: SQL injection in COMMENT ON … IS ‘‘ rendering across dialog templates_CVE-2026-12044 SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT ON ... IS ''`` for a user-supplied description field. The Jinja temp...	pgadmin.org	pgAdmin 4 1.0	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-8806	Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module_CVE-2026-8806 Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a r...	Mitsubishi Electric Corporation	Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP All versions	Jun 19, 2026	CVE
HIGH 8.7	CVE-2026-8805	Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module_CVE-2026-8805 Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-E...	Mitsubishi Electric Corporation	Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior	Jun 19, 2026	CVE