HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2025-32392	AutoGPT has a DoS vulnerability in LoopVideoBlock_CVE-2025-32392 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT...	Significant-Gravitas	AutoGPT < 0.6.63	Jun 18, 2026	CVE
HIGH 7.5	PACKETSTORM:223805	📄 WordPress Contest Gallery 28.1.4 SQL Injection_PACKETSTORM:223805 WordPress Contest Gallery plugin version 28.1.4 unauthenticated blind SQL Injection exploit written in Python3...	N/A	N/A	Jun 18, 2026	PACKETSTORM
HIGH 8.4	CVE-2026-12390	Access of resource using incompatible type (‘type confusion’) in AzeoTech DAQFactory_CVE-2026-12390 In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files w...	AzeoTech	DAQFactory	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-48716	nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write_CVE-2026-48716 nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path u...	HKUDS	nanobot <= 0.1.5.post3	Jun 18, 2026	CVE
HIGH 8.5	CVE-2026-25865	Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec_CVE-2026-25865 Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by ex...	Yandex	Punto Switcher	Jun 18, 2026	CVE
HIGH 8.3	CVE-2026-49248	OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar_CVE-2026-49248 OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim from TAR en...	theonedev	onedev < 15.0.7	Jun 18, 2026	CVE
HIGH 8.1	CVE-2026-43994	Coturn: Stack buffer overflow in decode_oauth_token_gcm()_CVE-2026-43994 Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token...	coturn	coturn < 4.10.0	Jun 18, 2026	CVE
HIGH 8.3	CVE-2025-15661	libssh2 – Heap Buffer Over-read via sftp_symlink() in sftp.c_CVE-2025-15661 libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c tha...	libssh2	libssh2	Jun 18, 2026	CVE
HIGH 7.6	CVE-2026-46699	conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository_CVE-2026-46699 conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to...	conda-forge	conda-smithy < 3.61.0	Jun 18, 2026	CVE
HIGH 8.3	CVE-2026-45696	OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)_CVE-2026-45696 OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 t...	AcademySoftwareFoundation	openexr >= 3.4.0, < 3.4.11	Jun 18, 2026	CVE