CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-46622	SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach_CVE-2026-46622 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as pla...	SolidInvoice	SolidInvoice < 2.3.17	Jun 11, 2026	CVE
HIGH 8.1	CVE-2026-46489	SolidInvoice: Unrestricted file upload with no MIME validation allows stored XSS via malicious SVG logo_CVE-2026-46489 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validatio...	SolidInvoice	SolidInvoice < 2.3.17	Jun 11, 2026	CVE
MEDIUM 6	CVE-2026-45802	FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service_CVE-2026-45802 FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version...	Setasign	FPDI < 2.6.7	Jun 11, 2026	CVE
HIGH 8.5	CVE-2026-45175	Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes_CVE-2026-45175 Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local a...	CyberArk Software, a Palo Alto Networks Company	Idira Endpoint Privilege Manager 26.0	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-53819	OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override_CVE-2026-53819 OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Hom...	OpenClaw	OpenClaw	Jun 11, 2026	CVE
MEDIUM 6.9	CVE-2026-53818	OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback_CVE-2026-53818 OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-on...	OpenClaw	OpenClaw	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-53817	OpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device Pairing_CVE-2026-53817 OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof loc...	OpenClaw	OpenClaw	Jun 11, 2026	CVE
HIGH 8.6	CVE-2026-53816	OpenClaw < 2026.5.18 - Exec Lifecycle Event Forgery via Paired Node_CVE-2026-53816 OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exe...	OpenClaw	OpenClaw	Jun 11, 2026	CVE
HIGH 7.1	CVE-2026-53815	OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions_CVE-2026-53815 OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust c...	OpenClaw	OpenClaw	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-53814	OpenClaw < 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority_CVE-2026-53814 OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopba...	OpenClaw	OpenClaw	Jun 11, 2026	CVE