CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-46702	Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets_CVE-2026-46702 Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compress...	Eugeny	russh >= 0.34.0, < 0.61.1	Jun 10, 2026	CVE
HIGH 8.7	CVE-2026-46689	Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion_CVE-2026-46689 Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query ...	kanidm	kanidm < 1.9.3	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46673	Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases_CVE-2026-46673 Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and un...	Eugeny	russh < 0.60.3	Jun 10, 2026	CVE
HIGH 8.7	CVE-2026-46669	`openvm-pairing` pairing check missing proper subfield check on scaling factor_CVE-2026-46669 OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest libra...	openvm-org	openvm < 1.6.0	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-46668	SpiceDB: Caveat structures with nested lists can result in improper cache reuse_CVE-2026-46668 SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before versio...	authzed	spicedb >= 1.15.0, < 1.52.0	Jun 10, 2026	CVE
HIGH 8.9	CVE-2026-46654	Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss_CVE-2026-46654 Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft dis...	Plonky3	Plonky3 < 0.4.3	Jun 10, 2026	CVE
MEDIUM 6.1	CVE-2026-45384	bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update_CVE-2026-45384 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrar...	rikyoz	bit7z < 4.0.12	Jun 10, 2026	CVE
LOW 3.6	CVE-2026-45380	bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`_CVE-2026-45380 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-on...	rikyoz	bit7z < 4.0.12	Jun 10, 2026	CVE
HIGH 7.7	CVE-2026-44692	Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint_CVE-2026-44692 Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that aut...	code16	sharp < 9.22.0	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-42542	TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)_CVE-2026-42542 TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated ...	taosdata	TDengine >= 3.4.0.0, < 3.4.1.6	Jun 10, 2026	CVE