category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-49451	Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing_CVE-2026-49451 The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML...	microsoft	OpenAPI.NET >= 2.0.0-preview11, < 2.7.5	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-10655	Use-after-free race in SNTP async client when closing the socket while the socket service is still polling it_CVE-2026-10655 The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor directly from the calli...	zephyrproject	zephyr 4.2.0	Jun 30, 2026	CVE
LOW 3.1	CVE-2026-10654	RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth Classic_CVE-2026-10654 A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional...	zephyrproject	zephyr 1.6.0	Jun 30, 2026	CVE
MEDIUM 6.4	CVE-2026-10653	Non-atomic `net_buf` reference counts cause double-free / free-list corruption under concurrent unref_CVE-2026-10653 The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its reference counts -- the per-header buf->ref and the per-data-block ref_count...	zephyrproject	zephyr 2.7.0	Jun 30, 2026	CVE
MEDIUM 4.8	CVE-2026-10652	Out-of-bounds read in Zephyr DNS resolver TXT/SRV record parsing (unvalidated `rdlength`)_CVE-2026-10652 Zephyr's DNS resolver (subsys/net/lib/dns) parses resource records from DNS responses in dns_unpack_answer(), which validated only the fixed RR hea...	zephyrproject	zephyr 4.3.0	Jun 30, 2026	CVE
CRITICAL 9.8	CVE-2026-43724	CVE-2026-43724_CVE-2026-43724 The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be ab...	Apple	iOS and iPadOS	Jun 29, 2026	CVE
HIGH 8.1	CVE-2026-43735	CVE-2026-43735_CVE-2026-43735 The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious w...	Apple	Safari	Jun 29, 2026	CVE
CRITICAL 9.1	CVE-2026-55276	Apache Tomcat: Logged effective web.xml is incomplete_CVE-2026-55276 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not i...	Apache Software Foundation	Apache Tomcat 11.0.0-M1	Jun 29, 2026	CVE
MEDIUM 5.5	CVE-2026-43722	CVE-2026-43722_CVE-2026-43722 The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be ab...	Apple	iOS and iPadOS	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-43721	CVE-2026-43721_CVE-2026-43721 This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2....	Apple	Safari	Jun 29, 2026	CVE