category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	CVE-2026-41249	CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration_CVE-2026-41249 CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static....	coreshop	CoreShop >= 5.0.1, <= 5.1.0-beta.1	Jun 4, 2026	CVE
MEDIUM 5.8	CVE-2026-21404	NAVTOR NavBox Use of Hard-coded Credentials_CVE-2026-21404 NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the S...	NAVTOR	NavBox	Jun 4, 2026	CVE
MEDIUM 6.3	CVE-2026-5066	net: sockets: tls: Potential out-of-bounds write/read in socket_op_vtable::connect function_CVE-2026-5066 A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c)....	zephyrproject-rtos	Zephyr *	Jun 4, 2026	CVE
MEDIUM 6.3	CVE-2026-42538	IRIS has an Insecure File Upload_CVE-2026-42538 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not ...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 4.7	CVE-2026-42329	Iris has an Open Redirect issue_CVE-2026-42329 Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-10870	Shibby Tomato Web UI rc start_dhcpc os command injection_CVE-2026-10870 A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipula...	Shibby	Tomato 1.28.0000	Jun 4, 2026	CVE
HIGH 8.2	CVE-2025-69755	CVE-2025-69755_CVE-2025-69755 An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via ...	n/a	n/a n/a	Jun 4, 2026	CVE
HIGH 7.1	CVE-2025-67448	CVE-2025-67448_CVE-2025-67448 The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user inp...	n/a	n/a n/a	Jun 4, 2026	CVE
CRITICAL 9.8	CVE-2025-67447	CVE-2025-67447_CVE-2025-67447 The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does...	Neterbit	Neterbit NW-431F Router 20241014-IR03 and before	Jun 4, 2026	CVE
MEDIUM 6.6	CVE-2026-48480	netty-incubator-codec-ohttp OHttpVersionChunkDraft’s Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation_CVE-2026-48480 The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-...	netty	netty-incubator-codec-ohttp < 0.0.22.Final	Jun 4, 2026	CVE