category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-6242	Authenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520WS_CVE-2026-6242 An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplie...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6241	Authenticated Format String Vulnerability in ONVIF AddScopes Method on TP-Link Tapo C520WS_CVE-2026-6241 An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6240	Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C520WS_CVE-2026-6240 A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when han...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6239	Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520WS_CVE-2026-6239 A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
HIGH 7	CVE-2026-34123	Whitelist Validation Bypass in TP-Link Tapo C520WS_CVE-2026-34123 On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
HIGH 8.3	CVE-2026-11431	Path Traversal in Altium Projects Service Allows Arbitrary File Read_CVE-2026-11431 A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
CRITICAL 9.4	CVE-2026-11429	Path Traversal in Altium Git Service Allows Remote Code Execution_CVE-2026-11429 A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequenc...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
HIGH 8.3	CVE-2026-11424	Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information Disclosure_CVE-2026-11424 A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An auth...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
HIGH 8.1	CVE-2026-11416	MoviePilot Path Traversal via Cloud Storage Download Handlers_CVE-2026-11416 MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path...	jxxghp	MoviePilot	Jun 5, 2026	CVE
MEDIUM 6.9	CVE-2026-45409	Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix_CVE-2026-45409 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Uni...	kjd	idna < 3.15	Jun 5, 2026	CVE