category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-13021	CVE-2026-13021_CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same ori...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2025-60471	CVE-2025-60471_CVE-2025-60471 A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows at...	n/a	n/a n/a	Jun 24, 2026	CVE
HIGH 7.6	CVE-2026-55583	Twenty: Cross-workspace IDOR in AgentTurnResolver_CVE-2026-55583 Twenty is an open-source CRM (customer relationship management) platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direc...	twentyhq	twenty < 2.9.0	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-48028	Mastodon: Removal of integrity-protected JSON entries from signed activities_CVE-2026-48028 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incomi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
HIGH 8.6	CVE-2026-47389	Mastodon: SSRF protection bypass on older Ruby versions_CVE-2026-47389 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older tha...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-46349	Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring_CVE-2026-46349 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incomi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-46348	Mastodon: SSRF Bypass via IPv6 Unspecified Address (::)_CVE-2026-46348 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-27708	FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access_CVE-2026-27708 FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's __call method ...	FOSSBilling	FOSSBilling < 0.8.0	Jun 24, 2026	CVE
HIGH 8	CVE-2026-23879	py7zr: Arbitrary File Write Vulnerability_CVE-2026-23879 py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below...	miurahr	py7zr < 1.1.3	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-0126	CVE-2026-0126_CVE-2026-0126 In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional exe...	Google	Android Android kernel	Jun 16, 2026	CVE