CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-53737	Juicer through 1.12.18 Stored Cross-Site Scripting via Unescaped API Response_CVE-2026-53737 Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the ...	saas.group	Juicer	Jun 10, 2026	CVE
MEDIUM 5.1	CVE-2026-53736	Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action_CVE-2026-53736 Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verifica...	bplugins	Easy Twitter Feeds	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-53634	Sharp: Missing Authorization Check in Quick Creation Command Endpoints_CVE-2026-53634 Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints...	code16	sharp >= 9.0.0, < 9.22.3	Jun 10, 2026	CVE
HIGH 8.6	CVE-2026-50131	Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges_CVE-2026-50131 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access ...	fedify-dev	fedify >= 0.11.2, < 1.9.12	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-48110	Russh: SSH message fields were decoded through allocation-first parsers before field-specific bounds_CVE-2026-48110 Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded...	Eugeny	russh >= 0.34.0, < 0.61.0	Jun 10, 2026	CVE
MEDIUM 5.3	CVE-2026-48108	Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input_CVE-2026-48108 Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-stri...	Eugeny	russh >= 0.34.0-beta.1, < 0.61.0	Jun 10, 2026	CVE
MEDIUM 6.5	CVE-2026-48107	Russh: Unchecked keyboard-interactive prompt count in client auth path_CVE-2026-48107 Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication ...	Eugeny	russh >= 0.37.0, < 0.61.0	Jun 10, 2026	CVE
LOW 3.7	CVE-2026-48011	Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames_CVE-2026-48011 Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator us...	shopware	shopware >= 6.7.0.0, < 6.7.10.1	Jun 10, 2026	CVE
MEDIUM 5.3	CVE-2026-46705	russh server userauth state is not reset when authentication principal changes_CVE-2026-46705 Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps intern...	Eugeny	russh >= 0.34.0-beta.1, < 0.61.0	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46702	Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets_CVE-2026-46702 Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compress...	Eugeny	russh >= 0.34.0, < 0.61.1	Jun 10, 2026	CVE