CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-54361	MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records_CVE-2026-54361 MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. ...	misp	misp	Jun 12, 2026	CVE
HIGH 8.4	CVE-2026-54360	MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups_CVE-2026-54360 A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove ...	misp	misp	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-54359	MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default_CVE-2026-54359 MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disable...	misp	misp	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-54358	MISP organization administrators can target site administrator accounts for password reset_CVE-2026-54358 An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same o...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5	CVE-2026-54055	Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol_CVE-2026-54055 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transm...	kovidgoyal	kitty < 0.47.2	Jun 12, 2026	CVE
HIGH 7.8	CVE-2026-42851	@kitty-edit DCS + –color=geninclude vulnerable to Unauthenticated in-process RCE_CVE-2026-42851 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a...	kovidgoyal	kitty < 0.47.0	Jun 12, 2026	CVE
HIGH 7.4	CVE-2026-42850	Kitty has a shell command injection_CVE-2026-42850 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty erro...	kovidgoyal	kitty < 0.47.0	Jun 12, 2026	CVE
MEDIUM 6.1	CVE-2026-54397	MISP event editing allows unauthorized assignment to undisclosed sharing groups_CVE-2026-54397 A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form da...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54396	MISP AuthKey edit endpoint allows authenticated user email enumeration_CVE-2026-54396 An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit reques...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54395	MISP UiBeta event index reflected XSS in advanced filter popup_CVE-2026-54395 MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScr...	misp	misp	Jun 12, 2026	CVE