HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	CVE-2025-9032	Avira antivirus engine heap buffer OOB read when scanning a malformed PE file_CVE-2025-9032 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code ...	Gen Digital	Avira Antivirus	Jun 12, 2026	CVE
HIGH 7.8	CVE-2025-14098	Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file_CVE-2025-14098 Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file ma...	Gen Digital	Avira Antivirus	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-54361	MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records_CVE-2026-54361 MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. ...	misp	misp	Jun 12, 2026	CVE
HIGH 8.4	CVE-2026-54360	MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups_CVE-2026-54360 A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove ...	misp	misp	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-54359	MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default_CVE-2026-54359 MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disable...	misp	misp	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-54358	MISP organization administrators can target site administrator accounts for password reset_CVE-2026-54358 An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same o...	misp	misp	Jun 12, 2026	CVE
HIGH 7.8	CVE-2026-42851	@kitty-edit DCS + –color=geninclude vulnerable to Unauthenticated in-process RCE_CVE-2026-42851 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a...	kovidgoyal	kitty < 0.47.0	Jun 12, 2026	CVE
HIGH 7.4	CVE-2026-42850	Kitty has a shell command injection_CVE-2026-42850 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty erro...	kovidgoyal	kitty < 0.47.0	Jun 12, 2026	CVE
HIGH 7.3	CVE-2026-54057	Kitty vulnerable to command injection via unsanitized OSC 21 query reply_CVE-2026-54057 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled ...	kovidgoyal	kitty < 0.47.3	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-54056	Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging_CVE-2026-54056 Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to over...	kovidgoyal	kitty >= 0.47.0, < 0.47.2	Jun 12, 2026	CVE