exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-52885	Notepad++ TOCTOU: HMAC Checks Disk, Executes from Memory_CVE-2026-52885 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the momen...	notepad-plus-plus	notepad-plus-plus < 8.9.6.4	Jun 26, 2026	CVE
HIGH 7.8	CVE-2026-52884	Notepad++: CVE-2026-48800 Bypass_CVE-2026-52884 Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses...	notepad-plus-plus	notepad-plus-plus = 8.9.6.1	Jun 26, 2026	CVE
HIGH 8.2	CVE-2026-50137	Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials_CVE-2026-50137 Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id (app_...) and an S3-...	Budibase	budibase < 3.39.0	Jun 26, 2026	CVE
HIGH 7.4	CVE-2026-50136	Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials_CVE-2026-50136 Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObje...	Budibase	budibase < 3.39.3	Jun 26, 2026	CVE
HIGH 7.3	CVE-2026-50132	Budibase: Chat Identity Link Hijacking via Missing Consent & CSRF — Account Impersonation in Budibase_CVE-2026-50132 Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public endpoint (no auth require...	Budibase	budibase < 3.39.0	Jun 26, 2026	CVE
HIGH 7.8	CVE-2026-48800	Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection_CVE-2026-48800 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::value(a...	notepad-plus-plus	notepad-plus-plus < 8.9.6.1	Jun 26, 2026	CVE
HIGH 7.8	CVE-2026-48778	Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter_CVE-2026-48778 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) a...	notepad-plus-plus	notepad-plus-plus < 8.9.6.1	Jun 26, 2026	CVE
MEDIUM 5	CVE-2026-48770	Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash_CVE-2026-48770 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malfor...	notepad-plus-plus	notepad-plus-plus < 8.9.6.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-46710	Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path_CVE-2026-46710 Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in th...	notepad-plus-plus	notepad-plus-plus >= 8.9.4, < 8.9.6	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-55069	Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack_CVE-2026-55069 Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component...	kestra-io	kestra < 1.3.24	Jun 26, 2026	CVE