HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.6	CVE-2026-53855	OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks_CVE-2026-53855 OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell ...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7.6	CVE-2026-53853	OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS_CVE-2026-53853 OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed argument...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 8.6	CVE-2026-53849	OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom_CVE-2026-53849 OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity us...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7	CVE-2026-53846	OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath_CVE-2026-53846 OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpa...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 8.7	CVE-2026-53843	OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session_CVE-2026-53843 OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node toke...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7	CVE-2026-53842	OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment Variable_CVE-2026-53842 OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selecti...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
HIGH 7.8	CVE-2026-50656	Microsoft Defender Elevation of Privilege Vulnerability_CVE-2026-50656 {“lastseen”:””,”description”:””,”published”:”2026-06-16T18:01:33.601Z”,&#82...	Microsoft	Microsoft Malware Protection Engine -	Jun 16, 2026	CVE
HIGH 7.8	CVE-2026-47964	DNG SDK \| Heap-based Buffer Overflow (CWE-122)_CVE-2026-47964 DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in...	Adobe	DNG SDK	Jun 16, 2026	CVE
HIGH 7.8	CVE-2026-47749	stable-diffusion.cpp: Heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files_CVE-2026-47749 stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Ve...	leejet	stable-diffusion.cpp < master-584-0a7ae07	Jun 16, 2026	CVE
HIGH 8.6	CVE-2026-10748	Nexus Repository 3 – Remote Code Execution via License Deserialization_CVE-2026-10748 An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system comm...	Sonatype	Nexus Repository 3.0.0	Jun 16, 2026	CVE