Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.1	CVE-2026-0864	Configuration Injection via Carriage Return (\r) in write() method_CVE-2026-0864 When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the result...	Python Software Foundation	CPython	Jun 23, 2026	CVE
HIGH 9.3	844FC1AB-4B6F-	Exploit for OS Command Injection in Apache Tomcat_844FC1AB-4B6F-5722-BE86-44451AAF41EC CVE-2019-0232 — Apache Tomcat CGI Servlet RCE Educational PoC for authorized CTF / penetration testing only. Running this against systems you do no...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
NONE	FILIPPOIO:7E5AA...	Vulnerability Reports Are Not Special Anymore_FILIPPOIO:7E5AA1729D42CFF70B3B99F0B9C1A508 A requirement for staying sane while working in public as an open source maintainer is realizing that every issue, PR, and piece of feedback is a p...	N/A	N/A	Jun 23, 2026	FILIPPOIO
NONE	QUALYSBLOG:FDC7...	3 Paths to Upgrade Windows 11 before 24H2 End of Servicing (EOL)_QUALYSBLOG:FDC705F50F73787D6AF114F35B4AE2FD * * * #### Key Takeaways * Windows 11 24H2 reaches the end of servicing on October 13, 2026, making timely enterprise upgrades critical. * En...	N/A	N/A	Jun 23, 2026	QUALYSBLOG
HIGH 7.5	CVE-2026-8379	Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download_CVE-2026-8379 The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing una...	Unknown	Frontend File Manager Plugin	Jun 23, 2026	CVE
CRITICAL 9.1	CVE-2026-9733	Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter_CVE-2026-9733 Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specifi...	HAYAJO	Mojolicious::Plugin::Web::Auth::OAuth2 0.17	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-12969	Dnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validation_CVE-2026-12969 An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is ca...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2026-11772	Reflected XSS in DRIMO CMS_CVE-2026-11772 DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in a...	DRIMO	DRIMO CMS	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-10609	Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization_CVE-2026-10609 A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output...	Red Hat	Logging Subsystem for Red Hat OpenShift	Jun 23, 2026	CVE
HIGH 7.4	CVE-2026-56815	CVE-2026-56815_CVE-2026-56815 pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor.	rasta-mouse	pwnlift	Jun 23, 2026	CVE