category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5	CVE-2026-55655	Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions_CVE-2026-55655 A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possib...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
LOW 3.7	CVE-2026-55654	Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination_CVE-2026-55654 A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Applicati...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-55653	Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service_CVE-2026-55653 A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client pa...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-10658	Bluetooth Host ISO RX Missing SDU Header Length Validation in bt_iso_recv() Leads to DoS_CVE-2026-10658 A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt_iso_recv() (subsys/blue...	zephyrproject-rtos	Zephyr *	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-10651	Bluetooth Classic SDP parser truncation bug in bt_sdp_parse_attribute() leads to reachable assertion and possible out-of-bounds read_CVE-2026-10651 A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, bt_sd...	zephyrproject-rtos	Zephyr *	Jun 22, 2026	CVE
MEDIUM 4.9	CVE-2026-10645	fs: ext2: Missing structural validation of directory entries can cause out-of-bounds read and zero-progress directory traversal_CVE-2026-10645 Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversa...	zephyrproject-rtos	Zephyr *	Jun 22, 2026	CVE
HIGH 8.2	CVE-2026-11833	CVE-2026-11833_CVE-2026-11833 Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting inform...	Yokogawa Electric Corporation	FAST/TOOLS R9.01	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54236	vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router_CVE-2026-54236 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a saniti...	vllm-project	vllm < 0.23.1rc0	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-54235	vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels_CVE-2026-54235 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operat...	vllm-project	vllm < 0.23.1rc0	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-54233	vLLM: OOM Denial of Service via Audio Decompression Bomb_CVE-2026-54233 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compr...	vllm-project	vllm < 0.23.1rc0	Jun 22, 2026	CVE