Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	CVE-2026-50137	Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials_CVE-2026-50137 Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id (app_...) and an S3-...	Budibase	budibase < 3.39.0	Jun 26, 2026	CVE
HIGH 7.4	CVE-2026-50136	Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials_CVE-2026-50136 Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObje...	Budibase	budibase < 3.39.3	Jun 26, 2026	CVE
HIGH 7.3	CVE-2026-50132	Budibase: Chat Identity Link Hijacking via Missing Consent & CSRF — Account Impersonation in Budibase_CVE-2026-50132 Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public endpoint (no auth require...	Budibase	budibase < 3.39.0	Jun 26, 2026	CVE
HIGH 7.8	CVE-2026-48800	Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection_CVE-2026-48800 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::value(a...	notepad-plus-plus	notepad-plus-plus < 8.9.6.1	Jun 26, 2026	CVE
HIGH 7.8	CVE-2026-48778	Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter_CVE-2026-48778 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) a...	notepad-plus-plus	notepad-plus-plus < 8.9.6.1	Jun 26, 2026	CVE
MEDIUM 5	CVE-2026-48770	Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash_CVE-2026-48770 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malfor...	notepad-plus-plus	notepad-plus-plus < 8.9.6.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-46710	Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path_CVE-2026-46710 Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in th...	notepad-plus-plus	notepad-plus-plus >= 8.9.4, < 8.9.6	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-55069	Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack_CVE-2026-55069 Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component...	kestra-io	kestra < 1.3.24	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-53577	Kestra: Cross-Execution File Read via Preview Endpoint (IDOR)_CVE-2026-53577 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tena...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
CRITICAL 10	CVE-2026-53576	Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass_CVE-2026-53576 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/ap...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE