Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-52810	Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusion_CVE-2026-52810 Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied servic...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 6.8	CVE-2026-52809	Gogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES_CVE-2026-52809 Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives (the account...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-52808	Gogs: Write-level collaborators can mutate admin-only repository settings via API_CVE-2026-52808 Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
HIGH 8.5	CVE-2026-52797	Gogs: Overwriting critical files results in a denial of service_CVE-2026-52797 Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the gi...	gogs	gogs < 0.14.0	Jun 24, 2026	CVE
MEDIUM 6.7	CVE-2026-49278	Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation_CVE-2026-49278 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
LOW 2.3	CVE-2026-49277	Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation_CVE-2026-49277 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
MEDIUM 4.4	CVE-2026-47733	Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images_CVE-2026-47733 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown...	RocketChat	Rocket.Chat < 8.5.0	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-46423	Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty_CVE-2026-46423 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
LOW 2.3	CVE-2026-45757	Rocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokens_CVE-2026-45757 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
CRITICAL 9.1	CVE-2026-45689	Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO_CVE-2026-45689 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE