CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7	CVE-2026-42462	Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring_CVE-2026-42462 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2....	fedify-dev	fedify >= 2.2.0, < 2.2.3	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-10143	kafka-python prior to 2.3.2 DoS via SCRAM Iteration Count in scram.py_CVE-2026-10143 kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-m...	Dana Powers	kafka-python	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-10142	kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length_CVE-2026-10142 kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-midd...	Dana Powers	kafka-python	Jun 10, 2026	CVE
MEDIUM 4.4	CVE-2026-0268	Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux_CVE-2026-0268 A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. ...	Palo Alto Networks	Prisma Access Agent	Jun 10, 2026	CVE
MEDIUM 4.4	CVE-2026-0267	GlobalProtect App: Information Exposure Vulnerability on macOS_CVE-2026-0267 An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes f...	Palo Alto Networks	GlobalProtect App 6.3.0	Jun 10, 2026	CVE
LOW 1.1	CVE-2026-0266	PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface_CVE-2026-0266 A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaSc...	Palo Alto Networks	Cloud NGFW All	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46679	libp2p: Memory DoS via subscription flood of unique topics_CVE-2026-46679 libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow ...	libp2p	js-libp2p < 15.0.23	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46625	JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection_CVE-2026-46625 JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies proper...	js-cookie	js-cookie < 3.0.7	Jun 10, 2026	CVE
MEDIUM 6.2	CVE-2026-46523	ImageMagick: Use-After-Free in MSL decoder._CVE-2026-46523 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted ...	ImageMagick	ImageMagick < 7.1.2-23	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46522	ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion_CVE-2026-46522 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a m...	ImageMagick	ImageMagick < 7.1.2-23	Jun 10, 2026	CVE