HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-58169	Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution_CVE-2026-58169 Vibe-Trading before 0.1.10's local API server trusts the TCP peer address to bypass the API_AUTH_KEY bearer-token check for loopback clients and pe...	HKUDS	Vibe-Trading	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-58168	DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Users_CVE-2026-58168 DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due...	HKUDS	DeepTutor	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-58165	OpenZiti – Privilege Escalation to Admin via Unauthorized Enrollment Creation_CVE-2026-58165 OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with ...	openziti	ziti	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-49451	Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing_CVE-2026-49451 The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML...	microsoft	OpenAPI.NET >= 2.0.0-preview11, < 2.7.5	Jun 30, 2026	CVE
HIGH 7.8	289C51DB-789E-	Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft_289C51DB-789E-5BBC-869B-291AC527B641 CVE-2026-21509 — Microsoft Office OLE Security-Feature Bypass Research writeup by Sentinel AI Defense. Defensive analysis only — no working exploit...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
HIGH 8.1	CVE-2026-43735	CVE-2026-43735_CVE-2026-43735 The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious w...	Apple	Safari	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-43721	CVE-2026-43721_CVE-2026-43721 This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2....	Apple	Safari	Jun 29, 2026	CVE
HIGH 8.3	CVE-2026-43701	CVE-2026-43701_CVE-2026-43701 The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious w...	Apple	Safari	Jun 29, 2026	CVE
HIGH 7.3	CVE-2026-55957	Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind_CVE-2026-55957 Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed...	Apache Software Foundation	Apache Tomcat 11.0.0-M1	Jun 29, 2026	CVE
HIGH 7.3	CVE-2026-53404	Apache Tomcat: Bad ornext processing in RewriteValve_CVE-2026-53404 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matche...	Apache Software Foundation	Apache Tomcat 11.0.0-M1	Jun 29, 2026	CVE