CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-53981	Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism_CVE-2026-53981 Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authentica...	Cap-go	Cap-go	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47224	NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check_CVE-2026-47224 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-ove...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-47222	NanaZip: Heap out-of-bounds read in NanaZip AVB property descriptor parser via unsigned integer underflow_CVE-2026-47222 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bou...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-3840	Path Traversal in kedro-org/kedro_CVE-2026-3840 A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path...	kedro-org	kedro-org/kedro unspecified	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-3433	Mattermost fails to scope role_updated websocket events to authorized team and channel members_CVE-2026-3433 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
NONE	PACKETSTORM:223338	📄 Gogs 0.14.2 Argument Injection_PACKETSTORM:223338 Proof of concept exploit for an argument injection vulnerability in Gogs versions 0.14.2 and below and versions 0.15.0+dev and below...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 9.1	PACKETSTORM:223334	📄 Palo Alto GlobalProtect Authentication Bypass_PACKETSTORM:223334 This Metasploit module exploits an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components. Th...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:223318	📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection_PACKETSTORM:223318 This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by levera...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 9.3	PACKETSTORM:223316	📄 Check Point VPN IKE Logic Flaw_PACKETSTORM:223316 This is a Python script attempting to exploit a vulnerability in Check Point VPN by sending a malformed IKESAINIT packet to UDP port 500, detecting...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 9.6	PACKETSTORM:223339	📄 WordPress Gravity Forms 2.10.0.1 File Deletion / Path Traversal_PACKETSTORM:223339 This Metasploit module exploits a vulnerability in the Gravity Forms WordPress plugin versions 2.10.0.1 and below where file URLs stored in form en...	N/A	N/A	Jun 12, 2026	PACKETSTORM