tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-46739	Net::Statsd versions before 0.13 for Perl allow metric injections_CVE-2026-46739 Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generat...	COSIMO	Net::Statsd	Jun 4, 2026	CVE
MEDIUM 6.9	CVE-2026-41207	netty-incubator-codec-ohttp’s HPKEContext operations may produce empty byte[] on failures_CVE-2026-41207 The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The ...	netty	netty-incubator-codec-ohttp < 0.0.21.Final	Jun 4, 2026	CVE
HIGH 8.5	CVE-2026-25551	Seagull Software BarTender Deserialization Privilege Escalation via .NET Remoting Service_CVE-2026-25551 Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to esca...	Seagull Software, LLC.	BarTender 2021 R1	Jun 4, 2026	CVE
CRITICAL 9.3	CVE-2026-25550	Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service_CVE-2026-25550 Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed...	Seagull Software, LLC.	BarTender 2010	Jun 4, 2026	CVE
CRITICAL 9.8	CVE-2026-10880	Unauthenticated SQL Injection in Osnexus Quantastor_CVE-2026-10880 OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being inco...	Osnexus	QuantaStor 5.9	Jun 4, 2026	CVE
HIGH 7.5	CVE-2026-10796	nvm executes commands from a malicious Node.js mirror’s version strings_CVE-2026-10796 nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Command...	nvm-sh	nvm	Jun 4, 2026	CVE
HIGH 7.1	CVE-2026-41522	Iris has an Improper Authorization issue_CVE-2026-41522 Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IR...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
HIGH 7.6	CVE-2026-41518	Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)_CVE-2026-41518 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 th...	chartbrew	chartbrew >= 4.9.0, < 5.0.1	Jun 4, 2026	CVE
HIGH 8.2	CVE-2026-41249	CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration_CVE-2026-41249 CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static....	coreshop	CoreShop >= 5.0.1, <= 5.1.0-beta.1	Jun 4, 2026	CVE
MEDIUM 5.8	CVE-2026-21404	NAVTOR NavBox Use of Hard-coded Credentials_CVE-2026-21404 NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the S...	NAVTOR	NavBox	Jun 4, 2026	CVE