HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-8829	HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities_CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities c...	OALDERS	HTML::Entities	Jun 4, 2026	CVE
HIGH 8.7	CVE-2026-45433	Hardcoded Cryptographic Key Vulnerability in GX Earth ONT Models_CVE-2026-45433 This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacke...	GX INDIA	GX Earth 2022 version E2022 - 3.1.2A	Jun 4, 2026	CVE
HIGH 8.1	CVE-2025-59874	HCL Hive Telco Observability is affected by a Required directives missing from the CSP ._CVE-2025-59874 HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web applicat...	HCL	Hive 1.0	Jun 4, 2026	CVE
HIGH 7.5	CVE-2025-46638	CVE-2025-46638_CVE-2025-46638 Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potential...	Dell	BSAFE SSL-J	Jun 4, 2026	CVE
HIGH 8.9	CVE-2026-41065	Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory_CVE-2026-41065 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via...	Tautulli	Tautulli < 2.17.1	Jun 4, 2026	CVE
HIGH 7.5	CVE-2026-28318	SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability_CVE-2026-28318 SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: de...	SolarWinds	Serv-U 15.5.4 and previous versions	Jun 4, 2026	CVE
HIGH 7.9	CVE-2026-10860	MISP CRUDComponent delete validation bypass via operator precedence error_CVE-2026-10860 A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due t...	misp	misp	Jun 4, 2026	CVE
HIGH 8.6	THN:A837AA526C5...	ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories_THN:A837AA526C50A8C5953FC687D92743AC ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOsPH2SzhBWTxhXi2KCJw0YY29azn2hLkDQwQhyrjmwaRIXQfCAPNIjej3_TBd6VJm1JqWSs2EoI2jiWyVHE...	N/A	N/A	Jun 4, 2026	THN
HIGH 8.7	CVE-2026-45432	Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models_CVE-2026-45432 This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface...	GX INDIA	GX Earth 2022 version E2022 - 3.1.2A	Jun 4, 2026	CVE
HIGH 8.7	CVE-2026-45431	Command Injection Vulnerability in GX Earth ONT Models_CVE-2026-45431 This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web manage...	GX INDIA	GX Earth 2022 version E2022 - 3.1.2A	Jun 4, 2026	CVE