CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-50639	Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections_CVE-2026-50639 Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such...	PEVANS	Metrics::Any::Adapter::SignalFx	Jun 10, 2026	CVE
HIGH 8.8	CVE-2026-6893	Dracut: dracut: root code execution via dhcp options command injection_CVE-2026-6893 A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic H...	Red Hat	Red Hat Enterprise Linux 10	Jun 10, 2026	CVE
MEDIUM 5.9	CVE-2026-50127	Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)_CVE-2026-50127 Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not properly account for s...	WeblateOrg	weblate >= 5.15, < 2026.6	Jun 10, 2026	CVE
MEDIUM 6.9	CVE-2026-46683	Snappy: SSRF and local file read via the xsl-style-sheet option_CVE-2026-46683 Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local...	KnpLabs	snappy < 1.7.0	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46643	Snappy: Binary path is never shell-escaped due to an inverted is_executable check_CVE-2026-46643 Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(...	KnpLabs	snappy < 1.7.1	Jun 10, 2026	CVE
HIGH 8.4	CVE-2026-46529	PDF /GoToR action argv injection enables single-click RCE via –gtk-module dlopen_CVE-2026-46529 Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability ...	mate-desktop	atril < 1.26.3	Jun 10, 2026	CVE
MEDIUM 4.6	CVE-2026-45106	Weblate: Stored HTML injection in editor search preview_CVE-2026-45106 Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without es...	WeblateOrg	weblate < 2026.5	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-1220	CVE-2026-1220_CVE-2026-1220 Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromi...	Google	Chrome 144.0.7559.99	Jun 10, 2026	CVE
MEDIUM 5.1	CVE-2026-53742	Simple Link Directory through 9.0.4 Stored XSS via Embed Shortcode Attributes_CVE-2026-53742 Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attacker...	quantumcloud	Simple Link Directory	Jun 10, 2026	CVE
MEDIUM 5.1	CVE-2026-53741	Simple Link Directory through 9.0.4 Stored XSS via sld_no_results_found Option_CVE-2026-53741 Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitiz...	quantumcloud	Simple Link Directory	Jun 10, 2026	CVE