category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-5066	net: sockets: tls: Potential out-of-bounds write/read in socket_op_vtable::connect function_CVE-2026-5066 A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c)....	zephyrproject-rtos	Zephyr *	Jun 4, 2026	CVE
MEDIUM 6.3	CVE-2026-42538	IRIS has an Insecure File Upload_CVE-2026-42538 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not ...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 4.7	CVE-2026-42329	Iris has an Open Redirect issue_CVE-2026-42329 Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-10870	Shibby Tomato Web UI rc start_dhcpc os command injection_CVE-2026-10870 A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipula...	Shibby	Tomato 1.28.0000	Jun 4, 2026	CVE
HIGH 8.2	CVE-2025-69755	CVE-2025-69755_CVE-2025-69755 An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via ...	n/a	n/a n/a	Jun 4, 2026	CVE
HIGH 7.1	CVE-2025-67448	CVE-2025-67448_CVE-2025-67448 The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user inp...	n/a	n/a n/a	Jun 4, 2026	CVE
CRITICAL 9.8	CVE-2025-67447	CVE-2025-67447_CVE-2025-67447 The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does...	Neterbit	Neterbit NW-431F Router 20241014-IR03 and before	Jun 4, 2026	CVE
MEDIUM 6.6	CVE-2026-48480	netty-incubator-codec-ohttp OHttpVersionChunkDraft’s Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation_CVE-2026-48480 The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-...	netty	netty-incubator-codec-ohttp < 0.0.22.Final	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-41237	Froxlor has an incomplete fix for CVE-2026-30932_CVE-2026-41237 Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowi...	froxlor	froxlor < 2.3.7	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-41236	Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path_CVE-2026-41236 Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization pa...	froxlor	froxlor = 2.3.6	Jun 4, 2026	CVE