tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-58450	Invoice Ninja 5.13.26 – Open Redirect in Client Portal Login via intended Parameter_CVE-2026-58450 Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect ...	invoiceninja	invoiceninja	Jun 30, 2026	CVE
CRITICAL 9.8	CVE-2026-58449	txtai – Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter_CVE-2026-58449 txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolv...	neuml	txtai	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-58448	yudao-cloud < 2026.06 - BPM Module Broken Access Control via process-instance API_CVE-2026-58448 yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary ...	YunaiV	yudao-cloud	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-58447	Invidious – Cross-User Playlist Video Deletion via Missing Ownership Check_CVE-2026-58447 Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attac...	iv-org	Invidious	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-58446	Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint_CVE-2026-58446 Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PAS...	presenton	presenton	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-52868	OFFIS DCMTK Toolkit Path Traversal_CVE-2026-52868 An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deploymen...	OFFIS DICOM	DCMTK Toolkit	Jun 30, 2026	CVE
HIGH 8.7	CVE-2026-50254	OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime_CVE-2026-50254 An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-p...	OFFIS DICOM	DCMTK Toolkit	Jun 30, 2026	CVE
CRITICAL 9.3	CVE-2026-50003	OFFIS DCMTK Toolkit Path Traversal_CVE-2026-50003 A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, ...	OFFIS DICOM	DCMTK Toolkit	Jun 30, 2026	CVE
HIGH 8.7	CVE-2026-35505	OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime_CVE-2026-35505 An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows u...	OFFIS DICOM	DCMTK Toolkit	Jun 30, 2026	CVE
HIGH 7.4	CVE-2026-11541	IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling_CVE-2026-11541 IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP requ...	IBM	WebSphere Application Server 9.0	Jun 30, 2026	CVE