CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.1	CVE-2026-46692	ImageMagick: Heap Buffer Over-Write in distributed pixel cache server_CVE-2026-46692 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacke...	ImageMagick	ImageMagick < 6.9.13-48	Jun 10, 2026	CVE
MEDIUM 4	CVE-2026-46559	ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder_CVE-2026-46559 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorre...	ImageMagick	ImageMagick < 6.9.13-48	Jun 10, 2026	CVE
MEDIUM 6.2	CVE-2026-46557	ImageMagick: Stack overflow in fx operation_CVE-2026-46557 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth ch...	ImageMagick	ImageMagick < 7.1.2-23	Jun 10, 2026	CVE
MEDIUM 5.5	CVE-2026-46521	ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression_CVE-2026-46521 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using...	ImageMagick	ImageMagick < 6.9.13-48	Jun 10, 2026	CVE
HIGH 8.8	CVE-2026-44693	Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer_CVE-2026-44693 Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race ...	pi-hole	FTL < 6.6.1	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-42568	Yamcs Vulnerable to LDAP Injection in LdapAuthModule_CVE-2026-42568 Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthMo...	yamcs	yamcs < 5.12.7	Jun 10, 2026	CVE
HIGH 7.7	CVE-2026-42563	Dulwich Vulnerable to Command Injection via Merge Driver Path_CVE-2026-42563 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `Pr...	jelmer	dulwich >= 0.24.0, < 1.2.5	Jun 10, 2026	CVE
HIGH 7.6	CVE-2026-42558	Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet_CVE-2026-42558 Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnera...	xibosignage	xibo-cms < 4.4.2	Jun 10, 2026	CVE
HIGH 8.8	CVE-2026-42305	Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows_CVE-2026-42305 Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary f...	jelmer	dulwich >= 0.10.0, < 1.2.5	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-46645	SQLAdmin: Authorization Bypass on `ajax_lookup`_CVE-2026-46645 SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_a...	smithyhq	sqladmin < 0.25.1	Jun 10, 2026	CVE