CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2026-9774	ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability_CVE-2026-9774 ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary...	ATEN	Unizon 2.7.262.002	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-9773	Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability_CVE-2026-9773 Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrar...	Unraid	Unraid 1161ec120	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-9772	Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability_CVE-2026-9772 Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary...	Unraid	Unraid 1161ec120	Jun 24, 2026	CVE
HIGH 8.1	CVE-2026-55762	Rocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` Endpoint_CVE-2026-55762 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, ...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.1	Jun 24, 2026	CVE
HIGH 7.4	CVE-2026-55759	Rocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replay_CVE-2026-55759 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, ...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.1	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-55666	Rocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuth_CVE-2026-55666 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, ...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.1	Jun 24, 2026	CVE
CRITICAL 9	CVE-2026-55570	SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375’s patch)_CVE-2026-55570 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, desc...	siyuan-note	siyuan < 3.7.0	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-55455	Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist_CVE-2026-55455 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils...	appsmithorg	appsmith < 2.1	Jun 24, 2026	CVE
CRITICAL 9.9	CVE-2026-55454	Appsmith: Caddy admin API exposed without authentication_CVE-2026-55454 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has...	appsmithorg	appsmith < 2.1	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-54759	SiYuan: Lute HTML sanitizer allows `` tags in Bazaar package README, leading to arbitrary command execution via SiYuan Electron client_CVE-2026-54759</span> </h3> <p class="advisory-desc" title="SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious in a Bazaar package README that executes arbitrary commands on the victim's machine when the package details are viewed. No package installation is required. This vulnerability is fixed in 3.7.0."> <span class="desc-text">SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the S...</span> </p> </a> </td> <td class="col-vendor"> siyuan-note </td> <td class="col-product"> siyuan <span class="product-version">< 3.7.0</span> </td> <td class="col-date"> <time class="advisory-date">Jun 24, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> </tbody> </table> </div> <nav class="pagination" role="navigation" aria-label="Posts navigation"> <div class="pagination-links"> <a class="prev page-numbers" href="https://zero.redgem.net/?paged=5&page=6509&tag=cvss">← Prev</a> <a class="page-numbers" href="https://zero.redgem.net/?page=6509&tag=cvss">1</a> <span class="page-numbers dots">…</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=4&page=6509&tag=cvss">4</a> <a class="page-numbers" href="https://zero.redgem.net/?paged=5&page=6509&tag=cvss">5</a> <span aria-current="page" class="page-numbers current">6</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=7&page=6509&tag=cvss">7</a> <a class="page-numbers" href="https://zero.redgem.net/?paged=8&page=6509&tag=cvss">8</a> <span class="page-numbers dots">…</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=6524&page=6509&tag=cvss">6,524</a> <a class="next page-numbers" href="https://zero.redgem.net/?paged=7&page=6509&tag=cvss">Next →</a> </div> </nav> <div class="redgem-banner"> <div class="banner-content"> <div class="banner-icon"> <svg width="32" height="32" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/><path d="M9 12l2 2 4-4"/></svg> </div> <div class="banner-text"> <h3>Protect Your Attack Surface with RedGem</h3> <p>AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.</p> </div> <div class="banner-actions"> <a href="https://www.redgem.net" class="btn-primary" target="_blank" rel="noopener">Start Free Trial</a> <a href="https://www.redgem.net/demo" class="btn-secondary" target="_blank" rel="noopener">Request Demo</a> </div> </div> </div> </div> </div> </main><!-- #primary --> </div><!-- #content --> <footer id="colophon" class="site-footer"> <div class="footer-accent"></div> <div class="container"> <div class="footer-top"> <div class="footer-brand"> <div class="footer-logo"> <img src="https://www.redgem.net/logo.png" alt="zero redgem" width="100" height="80" class="footer-logo-img" /> </div> <p class="footer-tagline">Your trusted source for security vulnerabilities, exploits, and CVE intelligence. Part of the RedGem security platform.</p> <div class="footer-social"> <a href="#" aria-label="Twitter" title="Follow us on Twitter"> <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"/></svg> </a> <a href="#" aria-label="GitHub" title="View on GitHub"> <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23A11.509 11.509 0 0112 5.803c1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576C20.566 21.797 24 17.3 24 12c0-6.627-5.373-12-12-12z"/></svg> </a> <a href="https://zero.redgem.net/?feed=rss2" aria-label="RSS Feed" title="RSS Feed"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M4 11a9 9 0 0 1 9 9"/><path d="M4 4a16 16 0 0 1 16 16"/><circle cx="5" cy="19" r="1"/></svg> </a> </div> </div> <div class="footer-links-grid"> <div class="footer-section"> <h4>Quick Links</h4> <ul> <li><a href="https://zero.redgem.net/">Home</a></li> <li><a href="https://zero.redgem.net/?s=">Search</a></li> </ul> </div> <div class="footer-section"> <h4>RedGem Platform</h4> <ul> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Main Platform</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Asset Discovery</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Leakage Detection</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Vulnerability Scanners</a></li> </ul> </div> <div class="footer-section"> <h4>Security Resources</h4> <ul> <li><a href="https://cve.mitre.org/" target="_blank" rel="noopener">CVE Database</a></li> <li><a href="https://nvd.nist.gov/" target="_blank" rel="noopener">NVD</a></li> <li><a href="https://www.exploit-db.com/" target="_blank" rel="noopener">Exploit-DB</a></li> <li><a href="https://www.securityfocus.com/" target="_blank" rel="noopener">SecurityFocus</a></li> </ul> </div> </div> </div> <div class="footer-bottom"> <div class="footer-info"> <p>© 2026 zero redgem. All rights reserved.</p> <p>Powered by <a href="https://wordpress.org/" target="_blank" rel="noopener">WordPress</a> · RedGem Security Theme</p> </div> <div class="footer-badges"> <span class="footer-badge"> <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg> Secured </span> <span class="footer-badge"> <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 11.08V12a10 10 0 1 1-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg> Verified Data </span> </div> </div> </div> </footer> </div><!-- #page --> <script id="security-news-script-js-extra"> var securityNewsAjax = {"ajaxurl":"//zero.redgem.net/wp-admin/admin-ajax.php","nonce":"71be5f81ab"}; //# sourceURL=security-news-script-js-extra </script> <script src="https://zero.redgem.net/wp-content/themes/security-news/js/theme.js?ver=2.14.0" id="security-news-script-js"></script> <script id="wp-emoji-settings" type="application/json"> {"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://zero.redgem.net/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4"}} </script> <script type="module"> /! This file is auto-generated / const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything\|\|((t=a.source\|\|{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))}); //# sourceURL=https://zero.redgem.net/wp-includes/js/wp-emoji-loader.min.js </script> </body> </html>