CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	CVE-2026-6873	Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie_CVE-2026-6873 An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Django uses a non-injectiv...	djangoproject	Django 6.0	Jun 3, 2026	CVE
HIGH 8	CVE-2026-5241	Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers_CVE-2026-5241 A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to exe...	huggingface	huggingface/transformers unspecified	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-48587	Potential exposure of private data via whitespace padding in Vary header_CVE-2026-48587 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading o...	djangoproject	Django 6.0	Jun 3, 2026	CVE
MEDIUM 6.9	CVE-2026-47325	Weak password policy in ProjectsAndPrograms school-management-system_CVE-2026-47325 ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s da...	ProjectsAndPrograms	school-management-system 6b6fae5	Jun 3, 2026	CVE
MEDIUM 5.1	CVE-2026-47324	Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system_CVE-2026-47324 ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers obj...	ProjectsAndPrograms	school-management-system 6b6fae5	Jun 3, 2026	CVE
LOW 3.7	CVE-2026-44546	Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing_CVE-2026-44546 daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twis...	djangoproject	daphne 4.2.0	Jun 3, 2026	CVE
MEDIUM 5.3	CVE-2026-44545	Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service_CVE-2026-44545 daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both ...	djangoproject	daphne 4.2.0	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-35193	Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware_CVE-2026-35193 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `A...	djangoproject	Django 6.0	Jun 3, 2026	CVE
LOW 1.2	CVE-2026-10729	HTML injection in the notification email for “Slow Redirect” and “Cloned Website” Canarytokens_CVE-2026-10729 An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research ...	Thinkst Applied Research	Canarytokens sha-c42435e	Jun 3, 2026	CVE
HIGH 10	2D33D81A-E898-	Exploit for Improper Access Control in Proftpd_2D33D81A-E898-5537-AD2E-9F2BC986C1A4 OpenVAS-Vulnerability-Analysis-Incident-Response-Report Real-World Simulation: FTP Service Exploitation ProFTPD CVE-2015-3306 Real-World Simulation...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT