HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-55844	Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data_CVE-2026-55844 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores ...	home-assistant	core < 2025.5.0	Jun 29, 2026	CVE
HIGH 7.7	CVE-2026-55607	Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution_CVE-2026-55607 Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and n...	anthropics	claude-code >= 2.1.38, < 2.1.163	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-36478	CVE-2026-36478_CVE-2026-36478 An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dl...	n/a	n/a n/a	Jun 26, 2026	CVE
HIGH 8.8	D785B7F1-5FCD-	Exploit for Improper Access Control in Graylog_D785B7F1-5FCD-57AF-BA95-D33887F2F1C7 Exploiting Arbitrary Class Loading on the JVM This repository contains the proof-of-concept exploit presented in my talk: Exploiting Arbitrary Clas...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
HIGH 7.5	7CABEA7D-2DC5-	Exploit for Uncontrolled Resource Consumption in Github Cmark-Gfm_7CABEA7D-2DC5-58B7-AF42-1DF51CCE3D29 graylog-cve-2023-24824-exploit Proof-of-concept exploit for CVE-2023-24824 demonstrating how an arbitrary class loading primitive can be transforme...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-46604	Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image_CVE-2026-46604 The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.	golang.org/x/image	golang.org/x/image/tiff	Jun 26, 2026	CVE
HIGH 8.1	CVE-2026-10820	ProfilePress < 4.16.17 - Subscriber+ Subscription Cancellation via IDOR_CVE-2026-10820 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does no...	Unknown	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content	Jun 27, 2026	CVE
HIGH 7	CVE-2026-49417	Multiple vulnerabilities in the sound(4) mmap path_CVE-2026-49417 Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory coul...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 27, 2026	CVE
HIGH 7.1	CVE-2026-49413	Flaw in Linuxulator execution of setugid binaries_CVE-2026-49413 The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is n...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 27, 2026	CVE
HIGH 7.8	CVE-2026-49412	Use-after-free bug in the IPV6_MSFILTER socket option handler_CVE-2026-49412 The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. ...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 27, 2026	CVE