CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.4	CVE-2026-4764	Privilege Escalation in Dialogflow CX via Playbook Import_CVE-2026-4764 A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user w...	Google Cloud	Dialogflow CX	Jun 11, 2026	CVE
LOW 3.1	CVE-2026-3553	Incorrect Authorization in GitLab_CVE-2026-3553 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 12.0	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-1500	Allocation of Resources Without Limits or Throttling in GitLab_CVE-2026-1500 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that ...	GitLab	GitLab 17.10	Jun 11, 2026	CVE
MEDIUM 4.3	CVE-2026-10733	Improper Restriction of Rendered UI Layers or Frames in GitLab_CVE-2026-10733 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that c...	GitLab	GitLab 17.0	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-10087	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab_CVE-2026-10087 GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that unde...	GitLab	GitLab 17.1, 18.11, 19.0	Jun 11, 2026	CVE
CRITICAL 9.8	CVE-2026-7852	Unrestricted File Upload in Limatek’s LimRAD NAC_CVE-2026-7852 Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects L...	Limatek System Inc.	LimRAD NAC before 5.5.7.3.9	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-49214	guzzlehttp/psr7 has CRLF Injection via URI Host Component_CVE-2026-49214 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace...	guzzle	psr7 < 2.10.2	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-48998	guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation_CVE-2026-48998 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsin...	guzzle	psr7 < 2.10.2	Jun 11, 2026	CVE
MEDIUM 6.3	CVE-2026-11956	TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute_CVE-2026-11956 A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC S...	TwiN	gatus 5.36.0	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-11561	SSTI in Soagen Informatics’ Apinizer_CVE-2026-11561 Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Info...	Soagen Informatics Technologies Software and Consulting Inc.	Apinizer 2026.04.0	Jun 11, 2026	CVE