category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-10647	Deadlock denial of service in USB CDC-NCM device class on TX enqueue failure_CVE-2026-10647 The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in its ethernet transmit c...	zephyrproject	zephyr 4.1.0	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-8023	Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read_CVE-2026-8023 Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYS...	zephyrproject	zephyr 4.0.0	Jun 29, 2026	CVE
HIGH 8.1	CVE-2026-7656	Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zephyr net stack_CVE-2026-7656 The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expr...	zephyrproject	zephyr 1.14.0	Jun 29, 2026	CVE
HIGH 7.8	CVE-2026-49416	Integer overflow in vt(4) CONS_HISTORY ioctl_CVE-2026-49416 The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 27, 2026	CVE
HIGH 7.5	CVE-2026-36848	CVE-2026-36848_CVE-2026-36848 Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.	n/a	n/a n/a	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-58000	luci-proto-openvpn – Command Injection via cl_meta Parameter in generateKey_CVE-2026-58000 luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the cl_...	openwrt	luci 0.11.1	Jun 29, 2026	CVE
HIGH 7.7	CVE-2026-57999	luci-app-tailscale-community – Command Injection via tailscale.do_login RPC_CVE-2026-57999 luci-app-tailscale-community contains a command injection vulnerability in the tailscale.do_login RPC method that allows authenticated users to exe...	openwrt	luci	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-53428	Unbounded memory allocation in highlight_lines range expansion in mdex_CVE-2026-53428 Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through...	leandrocp	mdex 0.11.0	Jun 29, 2026	CVE
LOW 2.3	CVE-2026-53427	Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute_CVE-2026-53427 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leandrocp MDEx allows stored or reflected cro...	leandrocp	mdex 0.11.3	Jun 29, 2026	CVE
MEDIUM 6.2	CVE-2026-13757	P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing_CVE-2026-13757 A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_va...	Red Hat	Red Hat Enterprise Linux 10	Jun 29, 2026	CVE