HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-58370	Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name_CVE-2026-58370 Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is popu...	woodpecker-ci	woodpecker	Jun 30, 2026	CVE
HIGH 8.3	CVE-2026-58170	Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading Mandates_CVE-2026-58170 Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory witho...	HKUDS	Vibe-Trading	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-58169	Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution_CVE-2026-58169 Vibe-Trading before 0.1.10's local API server trusts the TCP peer address to bypass the API_AUTH_KEY bearer-token check for loopback clients and pe...	HKUDS	Vibe-Trading	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-58168	DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Users_CVE-2026-58168 DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due...	HKUDS	DeepTutor	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-58165	OpenZiti – Privilege Escalation to Admin via Unauthorized Enrollment Creation_CVE-2026-58165 OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with ...	openziti	ziti	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-49451	Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing_CVE-2026-49451 The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML...	microsoft	OpenAPI.NET >= 2.0.0-preview11, < 2.7.5	Jun 30, 2026	CVE
HIGH 7.8	289C51DB-789E-	Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft_289C51DB-789E-5BBC-869B-291AC527B641 CVE-2026-21509 — Microsoft Office OLE Security-Feature Bypass Research writeup by Sentinel AI Defense. Defensive analysis only — no working exploit...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
HIGH 8.1	CVE-2026-43735	CVE-2026-43735_CVE-2026-43735 The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious w...	Apple	Safari	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-43721	CVE-2026-43721_CVE-2026-43721 This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2....	Apple	Safari	Jun 29, 2026	CVE
HIGH 8.3	CVE-2026-43701	CVE-2026-43701_CVE-2026-43701 The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious w...	Apple	Safari	Jun 29, 2026	CVE