CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-52800	Gogs: CSRF Leading to Organization Owner Takeover_CVE-2026-52800 Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-52799	Gogs: Missing Authorization in Attachment Download_CVE-2026-52799 Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether t...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.9	CVE-2026-52798	Gogs: Stored XSS in `.ipynb` Preview_CVE-2026-52798 Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitize_ipyn...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
LOW 3.5	CVE-2026-52796	Gogs: DoS in rendering issue index pattern_CVE-2026-52796 Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting ...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-52795	Gogs: Authorization Bypass in Watch API allows any user to monitor private repository activity_CVE-2026-52795 Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to...	gogs	gogs <= 0.14.3	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-50129	Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER_CVE-2026-50129 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaugh...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.11	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-50128	Mastodon: Spoofing of attribution domains_CVE-2026-50128 Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.11	Jun 24, 2026	CVE
HIGH 8.3	CVE-2026-47267	Gogs: SSRF in webhook deliveries_CVE-2026-47267 Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs wi...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-25119	Gogs: Authentication Bypass via Unvalidated Reverse Proxy Headers_CVE-2026-25119 Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured a...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-1840	Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface_CVE-2026-1840 The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system func...	Hubbell	Aclara Metrum Cellular Web Interface	Jun 24, 2026	CVE