exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2	CVE-2026-4360	Tarfile.extract() doesn’t fully respect filter parameter_CVE-2026-4360 In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content ...	Python Software Foundation	CPython	Jun 30, 2026	CVE
MEDIUM 5.4	CVE-2026-48192	CVE-2026-48192_CVE-2026-48192 A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All...	Siemens	Mendix Studio Pro 10.11	Jun 30, 2026	CVE
HIGH 7	CVE-2026-44949	Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook_CVE-2026-44949 A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to ...	SUSE	Rancher 0.7.0	Jun 30, 2026	CVE
MEDIUM 6.9	CVE-2026-44947	Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher_CVE-2026-44947 A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 a...	SUSE	Rancher 2.13.0	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-27957	Coolify: Authenticated RCE via command injection in CA certificate management feature_CVE-2026-27957 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated comma...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-27956	Coolify: Cross-team application domain enumeration via domains_by_server endpoint_CVE-2026-27956 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/servers/{...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 6.6	CVE-2026-27955	Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`_CVE-2026-27955 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker() ...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 5	CVE-2026-27883	Coolify: IDOR in Deployment API – Cross-Team Deployment Information Disclosure_CVE-2026-27883 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the `GET /api/v1/deplo...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 4.8	CVE-2026-27882	Coolify: Timing Attack in GitLab Webhook Token Validation_CVE-2026-27882 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook end...	coollabsio	coolify < 4.0.0-beta.461	Jun 30, 2026	CVE
MEDIUM 5	CVE-2026-27881	Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)_CVE-2026-27881 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/deploymen...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE