CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-47386	NocoDB: OAuth Authorization Code Race Condition_CVE-2026-47386 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authoriz...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-47385	NocoDB: Path Traversal via SQLite Source Filename_CVE-2026-47385 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLit...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-47384	NocoDB: SQL Injection via Column Title in Bulk GroupBy_CVE-2026-47384 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL i...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
HIGH 7.4	CVE-2026-47383	NocoDB: Stored Cross-Site Scripting via Row Comments_CVE-2026-47383 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that exe...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47381	NocoDB: Cross-Workspace Integration Use in Connection Test_CVE-2026-47381 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integrati...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47379	NocoDB: Plaintext Password Comparison in Shared Views_CVE-2026-47379 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) co...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-23513	FOSSBilling: Broken Authorization in Client Transaction and Order Listings_CVE-2026-23513 FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endp...	FOSSBilling	FOSSBilling < 0.8.0	Jun 23, 2026	CVE
MEDIUM 4.4	CVE-2026-12892	Gstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in h.264 nal extension slice parser_CVE-2026-12892 A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC exten...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-12891	Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parser_CVE-2026-12891 A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-12112	Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse_CVE-2026-12112 A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active ...	Red Hat	Red Hat Satellite 6	Jun 23, 2026	CVE