CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	THN:3045B0C60DC...	Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public_THN:3045B0C60DCD251B7744C460F8FD4A2C ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6_xkmI_c8KreZ4cr2oC9gHJERU9xWsLGDrCNCaB11IQVGmJ-r0MYUjqGllvOFc0IVwGYBqnzLJl96WBTSVX...	N/A	N/A	Jun 4, 2026	THN
HIGH 7.1	CVE-2026-8874	CVE-2026-8874_CVE-2026-8874 Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via t...	Securly	Securly Chrome Extension	Jun 3, 2026	CVE
MEDIUM 4.6	CVE-2026-36178	CVE-2026-36178_CVE-2026-36178 The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly ...	n/a	n/a n/a	Jun 4, 2026	CVE
HIGH 7.1	CVE-2026-36176	CVE-2026-36176_CVE-2026-36176 GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physica...	n/a	n/a n/a	Jun 4, 2026	CVE
MEDIUM 6.8	CVE-2026-36175	CVE-2026-36175_CVE-2026-36175 An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interr...	n/a	n/a n/a	Jun 4, 2026	CVE
CRITICAL 9.6	CVE-2026-35906	CVE-2026-35906_CVE-2026-35906 An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrar...	T3 Technology	T625Pro, T6825G v1.0.07, v1.0.03	Jun 4, 2026	CVE
MEDIUM 6.9	CVE-2026-7774	tarfile.data_filter path traversal bypass allows writing outside the extraction directory_CVE-2026-7774 tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive ...	Python Software Foundation	CPython	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-5228	Improper Access Control in Kurt Software Studio’s WriteUp Mobile App_CVE-2026-5228 Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly...	Kurt Software Studio	WriteUp Mobile App 1.3.0	Jun 4, 2026	CVE
LOW 2.1	CVE-2026-45287	OpenTelemetry-Go’s Schema ParseFile leaks file descriptors on each parse_CVE-2026-45287 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.i...	open-telemetry	go.opentelemetry.io/otel/schema/v1.1 < 0.0.17	Jun 4, 2026	CVE
CRITICAL 9.9	CVE-2026-43986	Tautulli vulnerable to unauthenticated SSRF in /image/ via attacker-seeded image hash replay_CVE-2026-43986 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/` route that resolv...	Tautulli	Tautulli < 2.17.1	Jun 4, 2026	CVE