CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-7774	tarfile.data_filter path traversal bypass allows writing outside the extraction directory_CVE-2026-7774 tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive ...	Python Software Foundation	CPython	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-5228	Improper Access Control in Kurt Software Studio’s WriteUp Mobile App_CVE-2026-5228 Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly...	Kurt Software Studio	WriteUp Mobile App 1.3.0	Jun 4, 2026	CVE
LOW 2.1	CVE-2026-45287	OpenTelemetry-Go’s Schema ParseFile leaks file descriptors on each parse_CVE-2026-45287 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.i...	open-telemetry	go.opentelemetry.io/otel/schema/v1.1 < 0.0.17	Jun 4, 2026	CVE
CRITICAL 9.9	CVE-2026-43986	Tautulli vulnerable to unauthenticated SSRF in /image/ via attacker-seeded image hash replay_CVE-2026-43986 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/` route that resolv...	Tautulli	Tautulli < 2.17.1	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-41178	OpenTelemetry-Go’s baggage parsing no longer caps raw header length_CVE-2026-41178 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to proces...	open-telemetry	go.opentelemetry.io/otel/baggage = 1.41.0	Jun 4, 2026	CVE
MEDIUM 5.4	CVE-2026-40930	LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body_CVE-2026-40930 LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inte...	pnggroup	libpng = 1.8.0	Jun 4, 2026	CVE
CRITICAL 9	CVE-2026-10868	MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification_CVE-2026-10868 A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController...	misp	misp	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-10815	LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization_CVE-2026-10815 A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknow...	LakshayD02	Hostel-Management-System-PHP f87e67c283bab6f718faf2fec6ae39a13bd7036b	Jun 4, 2026	CVE
LOW 2	CVE-2026-10814	milvus-io milvus Grantee ID Hash kv_catalog.go weak hash_CVE-2026-10814 A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoor...	milvus-io	milvus 2.6.0	Jun 4, 2026	CVE
LOW 2	CVE-2026-10813	LMCache KV Cache utils.py hex_hash_to_int16 weak hash_CVE-2026-10813 A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the comp...	n/a	LMCache 0.4.0	Jun 4, 2026	CVE