CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.8	CVE-2026-22674	Hashgraph Guardian Stored XSS via branding companyName field_CVE-2026-22674 Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users wit...	hashgraph	guardian	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-56078	PraisonAI – Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor_CVE-2026-56078 PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. At...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
HIGH 7.1	CVE-2026-56077	PraisonAI – Information Disclosure via Shared MultiAgentLedger State_CVE-2026-56077 PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensiti...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-56076	PraisonAI – Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint_CVE-2026-56076 PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitra...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-56075	PraisonAI – Arbitrary Shell Command Execution via Hardcoded Approval Mode Override_CVE-2026-56075 PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overridin...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
MEDIUM 6.8	CVE-2026-56074	PraisonAI – Tool Approval Cache Bypass via Coarse-Grained Caching_CVE-2026-56074 PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls t...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-52866	Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Missing Authorization_CVE-2026-52866 An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applica...	Apollo Pharmacy	Blood Glucose Monitoring System (Model No. APG-01 BT) 0x0110_v1.1.0	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-50034	Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information_CVE-2026-50034 An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including gl...	Apollo Pharmacy	Blood Glucose Monitoring System (Model No. APG-01 BT) 0x0110_v1.1.0	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-40624	AVer PTC cameras Files or Directories Accessible to External Parties_CVE-2026-40624 Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary...	AVer	PTC500S *	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-12050	pgAdmin 4: SQL injection in named restore point endpoint_CVE-2026-12050 SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was int...	pgadmin.org	pgAdmin 4 1.0	Jun 18, 2026	CVE