CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	MSF:AUXILIARY-SCANNER-	Next.js Middleware Authorization Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-NEXTJS_MIDDLEWARE_AUTH_BYPASS- This module detects self-hosted Next.js applications affected by CVE-2025-29927, an authorization bypass in the middleware layer. Next.js tags its ...	N/A	N/A	Jun 24, 2026	METASPLOIT
CRITICAL 9.8	MSF:AUXILIARY-SCANNER-	BerriAI LiteLLM Proxy Pre-Auth SQL Injection Scanner_MSF:AUXILIARY-SCANNER-HTTP-LITELLM_PROXY_SQLI- This module detects BerriAI LiteLLM proxy servers affected by CVE-2026-42208, an unauthenticated SQL injection. During API-key verification the pro...	N/A	N/A	Jun 24, 2026	METASPLOIT
HIGH 8.8	MALWAREBYTES:EC...	PixelSmash flaw turns video files into attack tools_MALWAREBYTES:EC34003352AA88477BAACCE9BF91A066 A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have dis...	N/A	N/A	Jun 24, 2026	MALWAREBYTES
NONE	MSSECURE:3B070B...	CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms_MSSECURE:3B070B95A636749B56951E3900D3E767 Cloud security is shifting from visibility to context-aware risk reduction, helping security teams understand which exposures matter most, prioriti...	N/A	N/A	Jun 24, 2026	MSSECURE
HIGH 7.5	CVE-2026-53950	@tryghost/activitypub: XSS in Ghost’s ActivityPub client_CVE-2026-53950 @tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injecti...	TryGhost	Ghost < 3.1.0	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-53949	Ghost Content API filter bypass reveals private fields_CVE-2026-53949 Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be part...	TryGhost	Ghost >= 5.46.1, < 6.21.2	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-53948	Ghost: File Upload Content-Type Spoofing_CVE-2026-53948 Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admi...	TryGhost	Ghost >= 6.19.4, < 6.21.1	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-53947	Ghost: Member existence leak via magic link sign-in response_CVE-2026-53947 Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possib...	TryGhost	Ghost >= 5.18.0, < 6.21.1	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-53946	Ghost: Mobiledoc image-size fetch SSRF_CVE-2026-53946 Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by is...	TryGhost	Ghost >= 6.19.4, < 6.21.1	Jun 24, 2026	CVE
MEDIUM 4	CVE-2026-53945	Ghost: Server-side request forgery via DNS rebinding in external request handling_CVE-2026-53945 Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DN...	TryGhost	Ghost >= 6.0.9, < 6.21.1	Jun 24, 2026	CVE