Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-56767	Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers_CVE-2026-56767 Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenti...	getmaxun	maxun 0.0.42	Jun 25, 2026	CVE
HIGH 8.6	CVE-2026-56766	Hydra – Stack Buffer Overflow in NTLM Authentication Handler_CVE-2026-56766 Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy...	vanhauser-thc	thc-hydra	Jun 25, 2026	CVE
HIGH 8.2	CVE-2026-55667	File Browser: Out-of-scope file deletion by a Create-only scoped user via symlink-following RemoveAll in upload failure-cleanup_CVE-2026-55667 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.16	Jun 25, 2026	CVE
MEDIUM 5.8	CVE-2026-54250	K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression_CVE-2026-54250 K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerabilit...	k3s-io	k3s >= 1.35.0-rc1+k3s1, < 1.35.3+k3s1	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-54097	File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix_CVE-2026-54097 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
HIGH 8.4	CVE-2026-54096	File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path_CVE-2026-54096 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.7	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-54094	File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope_CVE-2026-54094 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.14	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-54093	File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames_CVE-2026-54093 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54092	File Browser: DoS Vulnerability on Public Login API_CVE-2026-54092 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-54091	File Browser: Incorrect access control in public directory shares via rule path rebasing_CVE-2026-54091 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE