HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-47774	Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification_CVE-2026-47774 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vul...	envoyproxy	envoy < 1.35.11	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-30803	Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers._CVE-2026-30803 Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro...	RTI	Connext Micro 4.0.0	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-30802	Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers._CVE-2026-30802 Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before ...	RTI	Connext Micro 4.0.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-55198	Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint_CVE-2026-55198 Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to acces...	nesquena	hermes-webui	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-55197	Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint_CVE-2026-55197 Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclos...	nesquena	hermes-webui	Jun 17, 2026	CVE
HIGH 8.6	CVE-2026-53871	Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie_CVE-2026-53871 Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profi...	nesquena	hermes-webui	Jun 17, 2026	CVE
HIGH 8.7	CVE-2026-53869	Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints_CVE-2026-53869 Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin val...	NousResearch	hermes-agent	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-48818	Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows_CVE-2026-48818 Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...	Kludex	starlette < 1.1.0	Jun 17, 2026	CVE
HIGH 9.3	PACKETSTORM:223724	📄 EternalBlue MS17-010 SMB Remote Code Execution_PACKETSTORM:223724 This Metasploit module exploits the SMBv1 vulnerability in Microsoft Windows MS17-010 known as EternalBlue...	N/A	N/A	Jun 17, 2026	PACKETSTORM
HIGH 7.8	THN:6C6F54F5540...	Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development_THN:6C6F54F5540003560342230BF1B21800 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy3ayOlDb3vsL747G9hStxxjTd3N5i2u8hegcT_hTs4RlNqylS_HyYH4mGLQEavD-QwH3G4l-p2tE5xrXoeK...	N/A	N/A	Jun 17, 2026	THN