CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-48768	TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName_CVE-2026-48768 TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses u...	baptisteArno	typebot.io < 3.17.0	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-48764	TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass_CVE-2026-48764 TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether th...	baptisteArno	typebot.io < 3.17.2	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-12569	Remote Code Execution (RCE) vulnerability in Windchill PDMlink_CVE-2026-12569 A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited...	PTC	Windchill PDMLink	Jun 18, 2026	CVE
CRITICAL 9.8	9FE6A20B-74FB-	Exploit for Unrestricted Upload of File with Dangerous Type in Eclipse Business_Intelligence_And_Reporting_Tools_9FE6A20B-74FB-5120-9B1F-6A63ED38C6E3 CVE-2021-34427 Windows POC for CVE-2021-34427 affecting Birt Viewer Tested on Birt 4.8.0 Built with Claude Based on research here: https://bugs.ecl...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
NONE	MSSECURE:D54D5B...	Crypto Clipper uses Tor and worm-like propagation for persistence and control_MSSECURE:D54D5BE0EDA21A0BA0238706877C8E42 In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligen...	N/A	N/A	Jun 17, 2026	MSSECURE
NONE	MALWAREBYTES:3B...	Roblox developers are losing entire games to malware attacks_MALWAREBYTES:3B2D0E131B2A9A8F5DD26DF6F363AD38 Account theft usually ends with someone losing a password. This one ends with hackers walking off with the entire game. Developers behind some of ...	N/A	N/A	Jun 17, 2026	MALWAREBYTES
MEDIUM 5.1	CVE-2026-54386	marimo < 0.23.9 XSS via file Query Parameter in assets.py_CVE-2026-54386 marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject a...	marimo-team	marimo	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-50200	Steeltoe’s env sanitizer misses connection strings — leaks embedded DB passwords_CVE-2026-50200 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-50196	Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch_CVE-2026-50196 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery....	SteeltoeOSS	Steeltoe.Discovery.Eureka >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-50194	Steeltoe vulnerable to management-port isolation bypass via spoofed Host header_CVE-2026-50194 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe manageme...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE