HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-25551	Seagull Software BarTender Deserialization Privilege Escalation via .NET Remoting Service_CVE-2026-25551 Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to esca...	Seagull Software, LLC.	BarTender 2021 R1	Jun 4, 2026	CVE
HIGH 7.5	CVE-2026-10796	nvm executes commands from a malicious Node.js mirror’s version strings_CVE-2026-10796 nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Command...	nvm-sh	nvm	Jun 4, 2026	CVE
HIGH 7.1	CVE-2026-41522	Iris has an Improper Authorization issue_CVE-2026-41522 Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IR...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
HIGH 7.6	CVE-2026-41518	Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)_CVE-2026-41518 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 th...	chartbrew	chartbrew >= 4.9.0, < 5.0.1	Jun 4, 2026	CVE
HIGH 8.2	CVE-2026-41249	CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration_CVE-2026-41249 CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static....	coreshop	CoreShop >= 5.0.1, <= 5.1.0-beta.1	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-10870	Shibby Tomato Web UI rc start_dhcpc os command injection_CVE-2026-10870 A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipula...	Shibby	Tomato 1.28.0000	Jun 4, 2026	CVE
HIGH 8.2	CVE-2025-69755	CVE-2025-69755_CVE-2025-69755 An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via ...	n/a	n/a n/a	Jun 4, 2026	CVE
HIGH 7.1	CVE-2025-67448	CVE-2025-67448_CVE-2025-67448 The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user inp...	n/a	n/a n/a	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-41237	Froxlor has an incomplete fix for CVE-2026-30932_CVE-2026-41237 Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowi...	froxlor	froxlor < 2.3.7	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-41236	Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path_CVE-2026-41236 Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization pa...	froxlor	froxlor = 2.3.6	Jun 4, 2026	CVE