HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	CVE-2026-45195	GPU DDK – rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted_CVE-2026-45195 Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-21734	GPU DDK – libusc OOB write at TreeRemove during WebGPU shader compilation_CVE-2026-21734 A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the G...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 26, 2026	CVE
HIGH 7.2	CVE-2026-13372	CVE-2026-13372_CVE-2026-13372 Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allo...	Devolutions	Remote Desktop Manager 2026.2.5	Jun 26, 2026	CVE
HIGH 8.8	CVE-2026-52784	OpenProject: CSRF on TARGET through /users/:id via POST parameter “user[admin]”_CVE-2026-52784 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POS...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
HIGH 8.2	CVE-2026-52783	OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others “storage..httpx_access_token” leads to Sensitive Data Exposure_CVE-2026-52783 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/Sh...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-47193	OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks_CVE-2026-47193 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historica...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-55189	RustFS: FTP frontend skips IAM authorization on object reads_CVE-2026-55189 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read ...	rustfs	rustfs >= 1.0.0-alpha.1, <= 1.0.0-beta.8	Jun 26, 2026	CVE
HIGH 8.2	CVE-2026-55188	RustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentials_CVE-2026-55188 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the ...	rustfs	rustfs >= 1.0.0-alpha.1, <= 1.0.0-beta.8	Jun 26, 2026	CVE
HIGH 8.6	CVE-2026-49991	RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection_CVE-2026-49991 RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucke...	rustfs	rustfs 1.0.0-beta.4	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-32833	Cudy LT300 3.0 OS Command Injection via NTP Configuration_CVE-2026-32833 Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execu...	Shenzhen Cudy Technology Co., Ltd.	LT300 3.0	Jun 26, 2026	CVE