category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.6	CVE-2025-71341	picklescan – Remote Code Execution via Undetected profile.Profile.runctx_CVE-2025-71341 picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected ma...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 8.7	CVE-2025-71337	Flowise – Unverified Email Change via Account Profile Endpoint_CVE-2025-71337 Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the...	Flowise	Flowise	Jun 23, 2026	CVE
MEDIUM 4.1	CVE-2026-4983	CVE-2026-4983_CVE-2026-4983 Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml withou...	Eclipse Foundation	Eclipse Open VSX 0.1.0	Jun 23, 2026	CVE
CRITICAL 9	CVE-2026-11374	Account Takeover via Predictable SSO Ticket Generation_CVE-2026-11374 In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that sessi...	zohocorp	manageengine_adselfservice_plus	Jun 23, 2026	CVE
HIGH 8.6	CVE-2026-10521	Authenticated unintended access to critical program parameters_CVE-2026-10521 An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program ...	MB connect line	mbCONNECT24 0.0.0, 2.20.1	Jun 23, 2026	CVE
CRITICAL 9.8	CVE-2026-12866	CVE-2026-12866_CVE-2026-12866 All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by ...	silentmatt	expr-eval	Jun 23, 2026	CVE
MEDIUM 5	CVE-2026-55655	Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions_CVE-2026-55655 A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possib...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
LOW 3.7	CVE-2026-55654	Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination_CVE-2026-55654 A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Applicati...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-55653	Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service_CVE-2026-55653 A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client pa...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-10658	Bluetooth Host ISO RX Missing SDU Header Length Validation in bt_iso_recv() Leads to DoS_CVE-2026-10658 A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt_iso_recv() (subsys/blue...	zephyrproject-rtos	Zephyr *	Jun 22, 2026	CVE