HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.9	CVE-2026-42487	x86 HVM I/O port list traversal_CVE-2026-42487 HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_...	Xen	Xen consult Xen advisory XSA-491	Jun 18, 2026	CVE
HIGH 8.4	CVE-2026-46580	CVE-2026-46580_CVE-2026-46580 In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could ...	Eclipse Foundation	Eclipse Theia	Jun 18, 2026	CVE
HIGH 8.4	CVE-2026-44691	CVE-2026-44691_CVE-2026-44691 In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be execute...	Eclipse Foundation	Eclipse Theia	Jun 18, 2026	CVE
HIGH 8.4	CVE-2026-44688	CVE-2026-44688_CVE-2026-44688 In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without dis...	Eclipse Foundation	Eclipse Theia	Jun 18, 2026	CVE
HIGH 7.2	CVE-2025-52465	GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page_CVE-2025-52465 GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists...	geoserver	org.geoserver.web:gs-web-app < 2.26.4	Jun 18, 2026	CVE
HIGH 7.2	CVE-2025-27511	GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection_CVE-2025-27511 GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Exte...	geoserver	org.geoserver.extension:gs-db2 < 2.27.0	Jun 18, 2026	CVE
HIGH 8.1	CVE-2026-56020	Webmin HTTP header authentication bypass_CVE-2026-56020 The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a...	Webmin	Webmin	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-55237	AutoGPT SignUp Page has DOM-Based XSS and Open Redirect_CVE-2026-55237 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62...	Significant-Gravitas	AutoGPT < 0.6.62	Jun 18, 2026	CVE
HIGH 7.8	CVE-2026-12505	Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall_CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user informati...	Red Hat	Red Hat Enterprise Linux 10	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-12407	E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter_CVE-2026-12407 The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. Th...	oleksandrz	E2Pdf – Export Pdf Tool for WordPress	Jun 18, 2026	CVE