category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.6	CVE-2025-71376	picklescan – Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions_CVE-2025-71376 picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attack...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71370	picklescan – Remote Code Execution via torch.jit.unsupported_tensor_ops.execWrapper_CVE-2025-71370 picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers ...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71365	picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass_CVE-2025-71365 picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Atta...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71341	picklescan – Remote Code Execution via Undetected profile.Profile.runctx_CVE-2025-71341 picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected ma...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 8.7	CVE-2025-71337	Flowise – Unverified Email Change via Account Profile Endpoint_CVE-2025-71337 Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the...	Flowise	Flowise	Jun 23, 2026	CVE
MEDIUM 4.1	CVE-2026-4983	CVE-2026-4983_CVE-2026-4983 Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml withou...	Eclipse Foundation	Eclipse Open VSX 0.1.0	Jun 23, 2026	CVE
CRITICAL 9	CVE-2026-11374	Account Takeover via Predictable SSO Ticket Generation_CVE-2026-11374 In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that sessi...	zohocorp	manageengine_adselfservice_plus	Jun 23, 2026	CVE
HIGH 8.6	CVE-2026-10521	Authenticated unintended access to critical program parameters_CVE-2026-10521 An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program ...	MB connect line	mbCONNECT24 0.0.0, 2.20.1	Jun 23, 2026	CVE
CRITICAL 9.8	CVE-2026-12866	CVE-2026-12866_CVE-2026-12866 All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by ...	silentmatt	expr-eval	Jun 23, 2026	CVE
MEDIUM 5	CVE-2026-55655	Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions_CVE-2026-55655 A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possib...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE