MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	068C9182-D370-	Exploit for Out-of-bounds Write in Samsung Android_068C9182-D370-5C64-B905-6227B13760CE SveService Buffer Overflow --- Samsung SMR May 2026 SVE-2026-0478CVE-2026-21018 Affected versions: Android 14, 15, 16 Disclosure status: Privately ...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
MEDIUM 5.5	MS:CVE-2026-12444	Chromium: CVE-2026-12444 Out of bounds read in Chromoting_MS:CVE-2026-12444 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 5.3	CVE-2026-54236	vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router_CVE-2026-54236 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a saniti...	vllm-project	vllm < 0.23.1rc0	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-54235	vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels_CVE-2026-54235 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operat...	vllm-project	vllm < 0.23.1rc0	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-54233	vLLM: OOM Denial of Service via Audio Decompression Bomb_CVE-2026-54233 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compr...	vllm-project	vllm < 0.23.1rc0	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-53923	vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow_CVE-2026-53923 vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vL...	vllm-project	vllm >= 0.5.5, < 0.23.1rc0	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-47155	vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors_CVE-2026-47155 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently app...	vllm-project	vllm < 0.22.0	Jun 22, 2026	CVE
MEDIUM 4.2	MS:CVE-2026-12456	Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions_MS:CVE-2026-12456 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 6.5	MS:CVE-2026-12461	Chromium: CVE-2026-12461 Out of bounds read in WebRTC_MS:CVE-2026-12461 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 5.8	CVE-2026-55599	phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access_CVE-2026-55599 phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 cer...	phpseclib	phpseclib >= 0.1.1, < 1.0.30	Jun 22, 2026	CVE