CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-12515	Katello: missing repository authorization in content_uploads exposes cross-product content existence_CVE-2026-12515 A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsCon...	Red Hat	Red Hat Hardened Images	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-12151	undici WebSocket client vulnerable to denial of service via fragment count bypass_CVE-2026-12151 Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on ...	undici	undici	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2025-71325	picklescan – Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw_CVE-2025-71325 picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track argument...	picklescan	picklescan	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2025-71323	picklescan – Remote Code Execution via Unblocked ctypes Module_CVE-2025-71323 picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and acce...	picklescan	picklescan	Jun 17, 2026	CVE
HIGH 8.7	CVE-2025-71322	PickleScan – Unsafe Globals Check Bypass via pty.spawn Function_CVE-2025-71322 PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Maliciou...	PickleScan	PickleScan	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2025-71321	picklescan – Arbitrary File Writing via distutils Module Bypass_CVE-2025-71321 picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutil...	picklescan	picklescan	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2025-71320	picklescan – Remote Code Execution via Incomplete Disallowed Inputs_CVE-2025-71320 picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers ...	picklescan	picklescan	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2025-32748	CVE-2025-32748_CVE-2025-32748 Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could...	Dell	PowerFlex rack	Jun 17, 2026	CVE
NONE	AKAMAIBLOG:7F37...	Keep Your Tech FLAME Alive: Trailblazer Katrina Cole_AKAMAIBLOG:7F37F79E3ADFF4F4324213ADDDFF2017 Meet Katrina Cole, an Information Security Consultant who entered tech at age 40. Read her advice for women in tech and her proactive approach to s...	N/A	N/A	Jun 17, 2026	AKAMAIBLOG
NONE	THN:599D838669E...	Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline_THN:599D838669E846120BE835EDC125F058 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhN4ptzzF7u-dzNyOc4F1HsCUbEszvkkeD1ZVl7MHQNXXcUtgqb40Wgodu3aj61QDzaNsX0eJjRDGK1eNJLCb...	N/A	N/A	Jun 17, 2026	THN