HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.4	CVE-2026-45178	Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints_CVE-2026-45178 Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authentica...	CyberArk Software, a Palo Alto Networks Company	Conjur Enterprise 13.0	Jun 11, 2026	CVE
HIGH 8.9	CVE-2026-45176	Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation_CVE-2026-45176 Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low...	CyberArk Software, a Palo Alto Networks Company	Idira Endpoint Privilege Manager 26.0	Jun 11, 2026	CVE
HIGH 7.6	CVE-2026-11774	389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow_CVE-2026-11774 An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) ...	Red Hat	Red Hat Directory Server 11	Jun 11, 2026	CVE
HIGH 10	98BE5734-F77A-	Exploit for Command Injection in Tp-Link Tapo_C200_Firmware_98BE5734-F77A-5A56-9B28-1D46096CE816 🔍 CVE-2021-4045: Vulnerabilidad de Inyección de Comandos en TP-Link Tapo C200 CVE-2021-4045 --- 📌 Resumen CVE-2021-4045 es una vulnerabilidad de ...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-50223	Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution_CVE-2026-50223 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/Dat...	Apache Software Foundation	Apache OFBiz before 24.09.07	Jun 10, 2026	CVE
HIGH 8.8	CVE-2026-7870	IBM i is Affected by Privilege Escalation []_CVE-2026-7870 IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-...	IBM	i 7.6	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-7787	Unauthenticated Session History Access via Public Flow Execution_CVE-2026-7787 IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using in...	IBM	Langflow OSS 1.0.0	Jun 11, 2026	CVE
HIGH 8.6	CVE-2026-53777	Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket_CVE-2026-53777 Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writa...	PerryTS	perry	Jun 11, 2026	CVE
HIGH 8.2	CVE-2026-49982	tmp: Type-confusion bypass of _assertPath in [email protected] allows path traversal via non-string prefix/postfix/template_CVE-2026-49982 tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that con...	raszi	node-tmp 0.2.6	Jun 11, 2026	CVE
HIGH 7.7	CVE-2026-44705	tmp: Path Traversal via unsanitized prefix/postfix enables directory escape_CVE-2026-44705 tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows ...	raszi	node-tmp < 0.2.6	Jun 11, 2026	CVE