HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	CVE-2026-47749	stable-diffusion.cpp: Heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files_CVE-2026-47749 stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Ve...	leejet	stable-diffusion.cpp < master-584-0a7ae07	Jun 16, 2026	CVE
HIGH 8.6	CVE-2026-10748	Nexus Repository 3 – Remote Code Execution via License Deserialization_CVE-2026-10748 An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system comm...	Sonatype	Nexus Repository 3.0.0	Jun 16, 2026	CVE
HIGH 7.8	CVE-2026-47750	stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files_CVE-2026-47750 stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In...	leejet	stable-diffusion.cpp < master-584-0a7ae07	Jun 16, 2026	CVE
HIGH 7.8	CVE-2026-47747	stable-diffusion.cpp has a Heap-based Buffer Overflow_CVE-2026-47747 stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In...	leejet	stable-diffusion.cpp < master-584-0a7ae07	Jun 16, 2026	CVE
HIGH 8.6	CVE-2026-22312	Use of Hard-coded Credentials Vulnerability in Radiflow iSAP Smart Collector_CVE-2026-22312 The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get a...	Radiflow	iSAP Smart Collector 3.07-1	Jun 16, 2026	CVE
HIGH 7.4	CVE-2026-10303	ServerCo getssl ACME shell script path injection_CVE-2026-10303 In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being...	ServerCo	getssl	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-50889	CVE-2026-50889_CVE-2026-50889 An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending a crafted ...	n/a	n/a n/a	Jun 15, 2026	CVE
HIGH 8.1	CVE-2026-50888	CVE-2026-50888_CVE-2026-50888 An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attacker...	n/a	n/a n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-50884	CVE-2026-50884_CVE-2026-50884 Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.	statping	statping-ng 0.93.0	Jun 15, 2026	CVE
HIGH 7.3	CVE-2026-12327	Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152_CVE-2026-12327 Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of me...	Mozilla	Firefox 140.12	Jun 16, 2026	CVE