CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-7387	Mattermost group syncable endpoints allow privilege escalation via scheme_admin_CVE-2026-7387 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-7184	Mattermost Remote Cluster PATCH API Leaks Authentication Tokens_CVE-2026-7184 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-6961	CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync_CVE-2026-6961 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 6.7	CVE-2026-6739	Mattermost: Delegated admins could patch protected default system roles_CVE-2026-6739 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-6689	Missing {{invite_user}} permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings_CVE-2026-6689 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-6046	Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server_CVE-2026-6046 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-53982	Capgo Console < 12.28.2 Account Deletion DoS via Device Identifier Association_CVE-2026-53982 Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authenticat...	Cap-go	console.capgo.app	Jun 12, 2026	CVE
HIGH 7.2	CVE-2026-53981	Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism_CVE-2026-53981 Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authentica...	Cap-go	Cap-go	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47224	NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check_CVE-2026-47224 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-ove...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-47222	NanaZip: Heap out-of-bounds read in NanaZip AVB property descriptor parser via unsigned integer underflow_CVE-2026-47222 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bou...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE