HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-53871	Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie_CVE-2026-53871 Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profi...	nesquena	hermes-webui	Jun 17, 2026	CVE
HIGH 8.7	CVE-2026-53869	Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints_CVE-2026-53869 Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin val...	NousResearch	hermes-agent	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-48818	Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows_CVE-2026-48818 Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...	Kludex	starlette < 1.1.0	Jun 17, 2026	CVE
HIGH 9.3	PACKETSTORM:223724	📄 EternalBlue MS17-010 SMB Remote Code Execution_PACKETSTORM:223724 This Metasploit module exploits the SMBv1 vulnerability in Microsoft Windows MS17-010 known as EternalBlue...	N/A	N/A	Jun 17, 2026	PACKETSTORM
HIGH 7.8	THN:6C6F54F5540...	Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development_THN:6C6F54F5540003560342230BF1B21800 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy3ayOlDb3vsL747G9hStxxjTd3N5i2u8hegcT_hTs4RlNqylS_HyYH4mGLQEavD-QwH3G4l-p2tE5xrXoeK...	N/A	N/A	Jun 17, 2026	THN
HIGH 7.5	7899990D-54A0-	Exploit for Out-of-bounds Read in Tcpdump_7899990D-54A0-59D2-943B-C68DC3E8E714 ENV-CVE-2020-8036 — tcpdump Vulnerability Reproduction Environment This repository contains a snapshot of the reproducible vulnerability environmen...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-32966	Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure_CVE-2026-32966 DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apach...	Apache Software Foundation	Apache DolphinScheduler	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-9675	undici WebSocket client vulnerable to denial of service via cumulative fragment bypass_CVE-2026-9675 Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages....	undici	undici 8.0.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-53875	picklescan – Scanning Bypass via Dynamic Eval in scan_pytorch_CVE-2026-53875 picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic number...	picklescan	picklescan	Jun 17, 2026	CVE
HIGH 8.7	CVE-2026-53872	picklescan – Arbitrary File Read via Unsafe Pickle Deserialization_CVE-2026-53872 picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files ...	picklescan	picklescan	Jun 17, 2026	CVE