Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	26E3C9F4-BB6B-	sbom-risk-analyzer_26E3C9F4-BB6B-5FF9-AAB9-9A2A07DAD98A SBOM-Risk-Analyzer Exploitability-weighted vulnerability prioritization for software bills of materials. --- Abstract Severity scores CVSS describe...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
NONE	24C26077-B16A-	katex-xss-test_24C26077-B16A-5313-96B8-E08C7903EAD5 KaTeX render test Inline href: $\hrefjavascript:alertdocument.domainCLICK-XSS$ htmlData: $\htmlDatafoo=barx$ htmlId: $\htmlIdpwny$ htmlClass: $\htm...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-7387	Mattermost group syncable endpoints allow privilege escalation via scheme_admin_CVE-2026-7387 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-7184	Mattermost Remote Cluster PATCH API Leaks Authentication Tokens_CVE-2026-7184 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-6961	CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync_CVE-2026-6961 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 6.7	CVE-2026-6739	Mattermost: Delegated admins could patch protected default system roles_CVE-2026-6739 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-6689	Missing {{invite_user}} permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings_CVE-2026-6689 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-6046	Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server_CVE-2026-6046 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-53982	Capgo Console < 12.28.2 Account Deletion DoS via Device Identifier Association_CVE-2026-53982 Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authenticat...	Cap-go	console.capgo.app	Jun 12, 2026	CVE
HIGH 7.2	CVE-2026-53981	Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism_CVE-2026-53981 Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authentica...	Cap-go	Cap-go	Jun 12, 2026	CVE