Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	CVE-2026-57922	CVE-2026-57922_CVE-2026-57922 In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible	JetBrains	YouTrack	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57921	CVE-2026-57921_CVE-2026-57921 In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint	JetBrains	YouTrack	Jun 26, 2026	CVE
MEDIUM 6.7	CVE-2026-53914	CVE-2026-53914_CVE-2026-53914 In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata	JetBrains	Kotlin	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-13426	Client4 fails to validate path parameters_CVE-2026-13426 The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API r...	Mattermost	github.com/mattermost/mattermost/server/public v0.0.0	Jun 26, 2026	CVE
NONE	AKAMAIBLOG:978E...	The Cloud Giants Are Architecting an Agentic Future They Can’t Run_AKAMAIBLOG:978E7ED61CD644037FCD4A69D3E06906 {“lastseen”:”2026-06-26T13:36:50″,”description”:””,”published”:”2026-06-26T12:00:...	N/A	N/A	Jun 26, 2026	AKAMAIBLOG
NONE	MALWAREBYTES:78...	Malware steals Chrome session cookies to take over your accounts_MALWAREBYTES:788C013A9E21914EAA8C63074A6CEDAB An email attachment leads to the installation of a malicious Chrome extension. Researchers say it is part of a Windows backdoor delivered via a phi...	N/A	N/A	Jun 26, 2026	MALWAREBYTES
NONE	HACKREAD:93DAA7...	macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools_HACKREAD:93DAA706F3622B28554D356980224D24 A macOS XPC flaw let regular users disable CrowdStrike and Kandji tools, exposing security gaps that vendors patched after XM Cyber reported the se...	N/A	N/A	Jun 26, 2026	HACKREAD
HIGH 8.5	THN:E8D8161AFE5...	Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs_THN:E8D8161AFE599365E1D9D2A719B2C65B ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEig3gygt20RdznayWN2yru6wSgNt8CSdr16F8I-naxtPn837cr6v0uV0bXdhz36P1XYrpnjmzDXTAtH0wa43M...	N/A	N/A	Jun 26, 2026	THN
MEDIUM 5.4	0D5ACD84-8796-	Exploit for Cross-site Scripting in Docmost_0D5ACD84-8796-5644-A05C-46FADC4B35D4 CVE-2026-34212 Docmost accepted a javascript: URL inside an attachment node, preserved it through storage and rendering, and turned it back into a ...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
MEDIUM 5.4	0A738D4C-E642-	Exploit for Authorization Bypass Through User-Controlled Key in Docmost_0A738D4C-E642-58D3-988B-4E964946EC66 CVE-2026-34213 A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored ...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT