HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.3	MS:CVE-2026-12437	Chromium: CVE-2026-12437 Use after free in WebShare_MS:CVE-2026-12437 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 7.7	CVE-2026-41156	GPU DDK – kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference_CVE-2026-41156 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use ...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 19, 2026	CVE
HIGH 7.7	CVE-2026-34192	GPU DDK – _MMU_AllocLevel error recovery paths leave dangling page table entries_CVE-2026-34192 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables....	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 19, 2026	CVE
HIGH 7.5	CVE-2026-54299	Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)_CVE-2026-54299 Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages (/404 or /500 using export const prerender = true) fetch thos...	withastro	astro < 6.4.6	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-54293	NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read_CVE-2026-54293 NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural L...	nltk	nltk < 3.10.0-rc1	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-53779	WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows_CVE-2026-53779 WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the co...	webp-sh	webp_server_go	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-50146	Astro: Reflected XSS via unescaped slot name_CVE-2026-50146 Astro is a web framework. Prior to 6.3.3, when a component uses a client:* directive, Astro inserts named slot content into a data-astro-template a...	withastro	astro < 6.3.3	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-11834	Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers_CVE-2026-11834 A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient va...	TP-Link Systems Inc.	Archer MR200 v07	Jun 22, 2026	CVE
HIGH 7.8	CVE-2026-44274	CVE-2026-44274_CVE-2026-44274 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privilege...	Dell	Wyse Management Suite (WMS)	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-44272	CVE-2026-44272_CVE-2026-44272 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL I...	Dell	Wyse Management Suite (WMS)	Jun 22, 2026	CVE