category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2026-3196	Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation_CVE-2026-3196 An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bou...	N/A	N/A 8.2.0	Jun 19, 2026	CVE
HIGH 7.4	CVE-2026-3195	Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)_CVE-2026-3195 A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check wheth...	N/A	N/A 8.2.0	Jun 19, 2026	CVE
MEDIUM 6.9	CVE-2026-55205	Hermes WebUI < 0.51.468 - Resource Exhaustion via Unauthenticated OAuth Flow Endpoint_CVE-2026-55205 Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that all...	nesquena	hermes-webui	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-55204	HAProxy – NULL Pointer Dereference in hpack_dht_insert Function_CVE-2026-55204 HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c tha...	haproxy	haproxy	Jun 18, 2026	CVE
CRITICAL 9	CVE-2026-55203	HAProxy – Integer Overflow in FCGI Demux Record Length Field_CVE-2026-55203 HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffe...	haproxy	haproxy	Jun 18, 2026	CVE
MEDIUM 4.7	CVE-2026-54106	U.S. GAO EPDS and CBCA EDS network access control bypass_CVE-2026-54106 The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic...	Government Accountability Office	Electronic Protest Docketing System (EPDS)	Jun 18, 2026	CVE
MEDIUM 6.9	CVE-2026-54105	U.S. GAO EPDS and CBCA EDS user information disclosure_CVE-2026-54105 The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic...	Government Accountability Office	Electronic Protest Docketing System (EPDS)	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-54104	U.S. GAO EPDS and CBCA EDS client-based privilege escalation_CVE-2026-54104 The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic...	Government Accountability Office	Electronic Protest Docketing System (EPDS)	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-54103	U.S. GAO EPDS and CBCA EDS unauthenticated password change_CVE-2026-54103 The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic...	Government Accountability Office	Electronic Protest Docketing System (EPDS)	Jun 18, 2026	CVE
LOW 1.8	CVE-2026-48617	CVE-2026-48617_CVE-2026-48617 A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentialit...	nodejs	node 22.22.3	Jun 18, 2026	CVE