HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-57346	WordPress Embed Privacy plugin <= 1.12.3 - Arbitrary File Deletion vulnerability_CVE-2026-57346 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This ...	Epiphyt	Embed Privacy n/a	Jun 29, 2026	CVE
HIGH 8.8	CVE-2026-25707	Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp_CVE-2026-25707 A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying re...	SUSE	libzypp	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-13601	Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications_CVE-2026-13601 A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak applica...	Red Hat	Red Hat Enterprise Linux 10	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-13539	Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow_CVE-2026-13539 A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless...	Wavlink	WL-NU516U1-A M16U1_V240425	Jun 29, 2026	CVE
HIGH 8.3	CVE-2025-2902	Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform_CVE-2025-2902 Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platfo...	Hitachi	Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H	Jun 29, 2026	CVE
HIGH 7.3	CVE-2026-22078	O+ Connect’s lack of authentication for IPC channels led to a local privilege escalation vulnerability._CVE-2026-22078 Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through...	OPPO	O+ Connect 16.0.33	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-13545	D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection_CVE-2026-13545 A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Param...	D-Link	DCS-935L 1.10.01	Jun 29, 2026	CVE
HIGH 7.5	MS:CVE-2026-52929	sctp: stream: fully roll back denied add-stream state_MS:CVE-2026-52929 {“lastseen”:”2026-06-29T07:46:13″,”description”:””,”published”:”2026-06-27T08:12:...	N/A	N/A	Jun 27, 2026	MSCVE
HIGH 7	MS:CVE-2026-53168	fuse: reject fuse_notify() pagecache ops on directories_MS:CVE-2026-53168 {“lastseen”:”2026-06-29T07:46:13″,”description”:””,”published”:”2026-06-27T08:13:...	N/A	N/A	Jun 27, 2026	MSCVE
HIGH 7.8	MS:CVE-2026-52935	xfrm: espintcp: do not reuse an in-progress partial send_MS:CVE-2026-52935 {“lastseen”:”2026-06-29T07:46:12″,”description”:””,”published”:”2026-06-27T08:17:...	N/A	N/A	Jun 27, 2026	MSCVE