HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	CVE-2026-48109	MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input_CVE-2026-48109 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path us...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
HIGH 7.6	CVE-2025-71358	picklescan – Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity_CVE-2025-71358 picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce method...	picklescan	picklescan	Jun 22, 2026	CVE
HIGH 7.6	CVE-2025-71344	picklescan – Arbitrary Code Execution via Undetected ensurepip._run_pip Function_CVE-2025-71344 picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files...	picklescan	picklescan	Jun 22, 2026	CVE
HIGH 7.6	CVE-2025-71339	Picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget_CVE-2025-71339 Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code exec...	Picklescan	Picklescan	Jun 22, 2026	CVE
HIGH 8.8	MS:CVE-2026-12443	Chromium: CVE-2026-12443 Use after free in Web Authentication_MS:CVE-2026-12443 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.8	MS:CVE-2026-12452	Chromium: CVE-2026-12452 Use after free in Downloads_MS:CVE-2026-12452 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.3	MS:CVE-2026-12437	Chromium: CVE-2026-12437 Use after free in WebShare_MS:CVE-2026-12437 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 7.7	CVE-2026-41156	GPU DDK – kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference_CVE-2026-41156 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use ...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 19, 2026	CVE
HIGH 7.7	CVE-2026-34192	GPU DDK – _MMU_AllocLevel error recovery paths leave dangling page table entries_CVE-2026-34192 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables....	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 19, 2026	CVE
HIGH 7.5	CVE-2026-54299	Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)_CVE-2026-54299 Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages (/404 or /500 using export const prerender = true) fetch thos...	withastro	astro < 6.4.6	Jun 22, 2026	CVE