HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7	CVE-2026-54230	Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites_CVE-2026-54230 A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shel...	Red Hat	Red Hat Enterprise Linux 6	Jun 13, 2026	CVE
HIGH 7	CVE-2026-54229	Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking_CVE-2026-54229 A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY ...	Red Hat	Red Hat Enterprise Linux 6	Jun 13, 2026	CVE
HIGH 7.8	CVE-2026-54228	Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories_CVE-2026-54228 A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation a...	Red Hat	Red Hat Enterprise Linux 6	Jun 13, 2026	CVE
HIGH 8.7	CVE-2026-53868	Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion_CVE-2026-53868 Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without ve...	Capgo	Capgo	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-53836	OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases_CVE-2026-53836 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encode...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 8.2	CVE-2026-53834	OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands_CVE-2026-53834 OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to ...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 7.4	CVE-2026-53833	OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command_CVE-2026-53833 OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate...	QQBot	QQBot	Jun 12, 2026	CVE
HIGH 7.4	CVE-2026-53832	OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration_CVE-2026-53832 OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity hea...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-53831	OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist_CVE-2026-53831 OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to mo...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
HIGH 8.5	CVE-2026-53829	OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display_CVE-2026-53829 OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approver...	OpenClaw	OpenClaw	Jun 12, 2026	CVE