HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-47777	Mastodon has a consent-check bypass in its remote Collections_CVE-2026-47777 Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote account...	mastodon	mastodon >= nightly.2026-03-10, < 4.6.0-beta.1	Jun 15, 2026	CVE
HIGH 8.8	THN:DED9C232B49...	LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers_THN:DED9C232B49BBF1CB0977760C793F104 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiH9LcMRhk5Li59rG05yXoOOofNzGpeG1MMSKQqhFCGW_28n0SjLKd9D4MC68N7jPP6dF2h2l8gW1OE7Y7ak...	N/A	N/A	Jun 15, 2026	THN
HIGH 7.5	CVE-2026-9863	Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability_CVE-2026-9863 Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installation...	Fortra	Core Privileged Access Manager (BoKS) boks-server 8.1.0.0	Jun 15, 2026	CVE
HIGH 7.5	THN:0C053FA1B9E...	One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files_THN:0C053FA1B9E28CFF8B119BFB93E9A94A ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH3B8zgsVZmHEyLi8McE-eOrGvwf6Uh3zyqWrttvaEddXJCot7sybI1o-Ly5Q1TtuEJx9BzXol3oaXSFdzFi...	N/A	N/A	Jun 15, 2026	THN
HIGH 8.8	THN:856A8FFBDB6...	⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More_THN:856A8FFBDB69929C783A53A3AC085A13 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOtdohah5P1Lv9egIZCwwxpEdcV4phYigmhvgzB3ulDhSeeffe4qDsVoowrzaTD6WsgwyjKIdJ_vzvnsUJ78...	N/A	N/A	Jun 15, 2026	THN
HIGH 8.8	CVE-2026-5242	Code Injection in Mia Technologies’ Pizzy Library_CVE-2026-5242 Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue aff...	MIA Technology Inc.	Pizzy Library 1.0.0.26250	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-5233	Missing Rate Limiting in Mia Technologies’ Pizzy Library_CVE-2026-5233 Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: fr...	MIA Technology Inc.	Pizzy Library 1.0.0.26250	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-5230	Improper Access Control in Mia Technologies’ Pizzy Library_CVE-2026-5230 Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access C...	MIA Technology Inc.	Pizzy Library 1.0.0.26250	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-5079	multer vulnerable to Denial of Service via deeply nested field names_CVE-2026-5079 Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form...	multer	multer 1.0.0	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-49111	WordPress Masteriyo – LMS plugin <= 2.2.0 - Privilege Escalation vulnerability_CVE-2026-49111 Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n...	ThemeGrill	Masteriyo - LMS n/a	Jun 15, 2026	CVE