MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	MS:CVE-2026-53263	6lowpan: fix off-by-one in multicast context address compression_MS:CVE-2026-53263 {“lastseen”:”2026-06-28T07:48:08″,”description”:””,”published”:”2026-06-27T08:19:...	N/A	N/A	Jun 27, 2026	MSCVE
MEDIUM 5.5	MS:CVE-2026-53252	Bluetooth: fix memory leak in error path of hci_alloc_dev()_MS:CVE-2026-53252 {“lastseen”:”2026-06-28T07:48:08″,”description”:””,”published”:”2026-06-27T08:19:...	N/A	N/A	Jun 27, 2026	MSCVE
MEDIUM 4.3	7CCF82DA-9ED8-	Exploit for Generation of Predictable IV with CBC Mode in Redhat Enterprise_Linux_7CCF82DA-9ED8-5712-B61D-DF768142FF9C CVE-2014-3566...	N/A	N/A	Jun 28, 2026	GITHUBEXPLOIT
MEDIUM 6.3	CVE-2026-13482	skypilot-org skypilot User ID server.py username.encode weak hash_CVE-2026-13482 A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the...	skypilot-org	skypilot 0.1	Jun 28, 2026	CVE
MEDIUM 4.2	CVE-2026-10644	Out-of-bounds write in Microchip SERCOM-G1 (PIC32CM-JH) async UART RX with 1-byte buffer_CVE-2026-10644 The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH SoC family, contains an out-of-bounds write in i...	zephyrproject	zephyr 4.4.0	Jun 28, 2026	CVE
MEDIUM 6.5	CVE-2026-10593	Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling_CVE-2026-10593 The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE state notifications. In unicast_client_ep_qos_s...	zephyrproject	zephyr 4.3.0	Jun 28, 2026	CVE
MEDIUM 6.5	CVE-2026-58058	Nmap – Integer Underflow in IPv6 Extension Header Parsing_CVE-2026-58058 Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so th...	Nmap	Nmap	Jun 28, 2026	CVE
MEDIUM 5	CVE-2026-58057	Flowise – Custom MCP Environment Variable Denylist Bypass via Case Sensitivity_CVE-2026-58057 Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where en...	Flowise	Flowise	Jun 28, 2026	CVE
MEDIUM 5.4	CVE-2026-58055	nghttp2 nghttpx – HTTP Request/Response Smuggling via Upgrade Request with Content-Length_CVE-2026-58055 nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-a...	nghttp2	nghttp2	Jun 28, 2026	CVE
MEDIUM 6.5	CVE-2026-58051	libssh2 – Free of Uninitialized Pointer in publickey List Cleanup_CVE-2026-58051 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a pars...	libssh2	libssh2	Jun 28, 2026	CVE