tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	THN:C8391FC028E...	Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input_THN:C8391FC028E73E226BA3BA54EF61F2E4 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOcObOpyIQZzuiNoFu6Lv4jCDh64o1WYrC3stGdk58mMRg69RT56svVrXVwu618f6szk2lj_Tqbt6b7Rg25y...	N/A	N/A	Jun 29, 2026	THN
NONE	0E17DEF0-1222-	xss_writte_up_0E17DEF0-1222-52CC-A48C-346FDC06E436 Bug-Bounty-Writeups...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
NONE	E6D0A451-B59B-	protection_E6D0A451-B59B-5672-A0DD-F0FAC9CFACFB 🛡️ protection Kernel-level abuse protection for container hosts One static Go binary that guards Pterodactyl/Wings nodes, Docker hosts and bare VPS...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
HIGH 8.3	CVE-2026-57960	Hi.Events 1.9.0 – Unauthenticated Attendee PII Exposure via Check-in List short_id_CVE-2026-57960 Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control, allowing unauthenticated access to retrieve full attend...	HiEventsDev	Hi.Events	Jun 29, 2026	CVE
HIGH 8.2	CVE-2026-57959	Hi.Events 1.9.0 – Promo Code Max-Usage Bypass via Asynchronous Job Race Condition_CVE-2026-57959 Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStati...	HiEventsDev	Hi.Events	Jun 29, 2026	CVE
MEDIUM 5.1	CVE-2026-57958	Mixpost 2.6.0 – Reflected XSS via OAuth Callback Error Parameter_CVE-2026-57958 Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript...	inovector	mixpost	Jun 29, 2026	CVE
LOW 2.3	CVE-2026-57957	Papermark 0.22.0 – CORS Misconfiguration in Viewer Upload Endpoint_CVE-2026-57957 Papermark through 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability that allows unauthenticated remote attacker...	papermark	papermark	Jun 29, 2026	CVE
MEDIUM 6.1	CVE-2026-57956	SigNoz 0.130.1 – Cross-Organization Insecure Direct Object Reference in Alert Rules_CVE-2026-57956 SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by...	SigNoz	signoz	Jun 29, 2026	CVE
HIGH 8.3	CVE-2026-57955	SigNoz 0.130.1 – SQL Injection in Alert History Endpoints via Rule ID Parameter_CVE-2026-57955 SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by inject...	SigNoz	signoz	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-57954	Elide 7.1.17 – Permission Bypass in Sort Expression Validation_CVE-2026-57954 Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers t...	yahoo	elide	Jun 29, 2026	CVE