category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.4	CVE-2026-10646	Use-after-return in `zsock_getaddrinfo()` when a timed-out DNS query is retried without cancellation_CVE-2026-10646 Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocated state object (struct...	zephyrproject	zephyr 4.0.0	Jun 28, 2026	CVE
MEDIUM 4.2	CVE-2026-10644	Out-of-bounds write in Microchip SERCOM-G1 (PIC32CM-JH) async UART RX with 1-byte buffer_CVE-2026-10644 The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH SoC family, contains an out-of-bounds write in i...	zephyrproject	zephyr 4.4.0	Jun 28, 2026	CVE
MEDIUM 6.5	CVE-2026-10593	Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling_CVE-2026-10593 The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE state notifications. In unicast_client_ep_qos_s...	zephyrproject	zephyr 4.3.0	Jun 28, 2026	CVE
MEDIUM 6.5	CVE-2026-58058	Nmap – Integer Underflow in IPv6 Extension Header Parsing_CVE-2026-58058 Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so th...	Nmap	Nmap	Jun 28, 2026	CVE
MEDIUM 5	CVE-2026-58057	Flowise – Custom MCP Environment Variable Denylist Bypass via Case Sensitivity_CVE-2026-58057 Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where en...	Flowise	Flowise	Jun 28, 2026	CVE
HIGH 7.6	CVE-2026-58056	RustDesk – FileTransfer Session Authorization Scope Bypass_CVE-2026-58056 RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer sessi...	RustDesk	RustDesk	Jun 28, 2026	CVE
MEDIUM 5.4	CVE-2026-58055	nghttp2 nghttpx – HTTP Request/Response Smuggling via Upgrade Request with Content-Length_CVE-2026-58055 nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-a...	nghttp2	nghttp2	Jun 28, 2026	CVE
HIGH 7.2	CVE-2026-58054	MyBB – Privilege Escalation from Limited ACP User Management to Administrator_CVE-2026-58054 MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers ...	MyBB	MyBB	Jun 28, 2026	CVE
CRITICAL 9.9	CVE-2026-58053	Gitea act_runner – Container Hardening Bypass via Workflow Container Options_CVE-2026-58053 Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfi...	Gitea	act_runner	Jun 28, 2026	CVE
LOW 3.3	CVE-2026-58052	7-Zip – Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision_CVE-2026-58052 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an ...	7-Zip	7-Zip	Jun 28, 2026	CVE