CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-58054	MyBB – Privilege Escalation from Limited ACP User Management to Administrator_CVE-2026-58054 MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers ...	MyBB	MyBB	Jun 28, 2026	CVE
CRITICAL 9.9	CVE-2026-58053	Gitea act_runner – Container Hardening Bypass via Workflow Container Options_CVE-2026-58053 Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfi...	Gitea	act_runner	Jun 28, 2026	CVE
LOW 3.3	CVE-2026-58052	7-Zip – Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision_CVE-2026-58052 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an ...	7-Zip	7-Zip	Jun 28, 2026	CVE
MEDIUM 6.5	CVE-2026-58051	libssh2 – Free of Uninitialized Pointer in publickey List Cleanup_CVE-2026-58051 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a pars...	libssh2	libssh2	Jun 28, 2026	CVE
HIGH 7	CVE-2026-58050	libssh2 – Integer Overflow in publickey Subsystem Attribute Allocation_CVE-2026-58050 libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_at...	libssh2	libssh2	Jun 28, 2026	CVE
HIGH 8.6	CVE-2026-58049	FFmpeg – Out-of-Bounds Write in RASC Decoder decode_dlta()_CVE-2026-58049 FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary...	FFmpeg	FFmpeg	Jun 28, 2026	CVE
NONE	4DB773AB-3515-	IITR_Capstone_RedScope_Project_4DB773AB-3515-56F0-A117-B6F5C0AA746F RedScope Capstone Project Lab-only red-team assessment for web exploitation, network compromise, post-exploitation, and adversarial-ML testing. Git...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
HIGH 7.2	52E3EC4D-B3B2-	Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager_52E3EC4D-B3B2-5A5A-B602-597C9814297E OpenSTAManager RCE Exploit CVE-2026-38751 Arbitrary File Upload leading to Remote Code Execution Full-featured proof-of-concept for CVE-2026-38751,...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
CRITICAL 9.4	46CC1A3B-E288-	Exploit for OS Command Injection in Devcode Openstamanager_46CC1A3B-E288-5D6F-BB8A-C0B2ECAF3AD9 CVE-2025-69212 — OpenSTAManager P7M Command Injection PoC OpenSTAManager = 2.9.8 — OS Command Injection via malicious .p7m filename in ZIP upload. ...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
HIGH 8.7	CVE-2026-10643	Out-of-bounds heap write in Zephyr `recvmsg()` ancillary-data path (`insert_pktinfo` undersizes the control-buffer capacity check)_CVE-2026-10643 Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_co...	zephyrproject	zephyr 3.6.0	Jun 27, 2026	CVE