CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.1	CVE-2026-41568	Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap_CVE-2026-41568 Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prio...	moby	moby github.com/docker/docker/daemon <= 28.5.2	Jun 12, 2026	CVE
CRITICAL 9.2	CVE-2026-28742	Naxclow IoT Platform Use of hard-coded cryptographic key_CVE-2026-28742 Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is ...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-12143	form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)_CVE-2026-12143 form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and ...	form-data	form-data	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-12043	Heap double-free in AWS Common Runtime aws-c-http_CVE-2026-12043 Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a se...	AWS	aws-c-http 0.4.22	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-10715	Camaleon CMS 2.9.2 – Improper authorization in draft autosave endpoint_CVE-2026-10715 Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated us...	Camaleon CMS	Camaleon CMS 2.9.2	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-54357	MISP improper authorization allows organization administrators to modify site administrator user settings_CVE-2026-54357 An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to ...	misp	misp	Jun 12, 2026	CVE
MEDIUM 6.3	CVE-2026-50552	Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail_CVE-2026-50552 Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery (SSRF) vulnerability in t...	koel	koel < 9.7.1	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-50287	Missing Authentication for Critical Function in @agenticmail/mcp_CVE-2026-50287 AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport w...	agenticmail	agenticmail < 0.9.27	Jun 12, 2026	CVE
HIGH 7.7	CVE-2026-47260	Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs_CVE-2026-47260 Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolut...	koel	koel < 9.3.5	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-43872	actual-server has a path traversal vulnerability_CVE-2026-43872 Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. V...	actualbudget	actual < 26.5.0	Jun 12, 2026	CVE