Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-58169	Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution_CVE-2026-58169 Vibe-Trading before 0.1.10's local API server trusts the TCP peer address to bypass the API_AUTH_KEY bearer-token check for loopback clients and pe...	HKUDS	Vibe-Trading	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-58168	DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Users_CVE-2026-58168 DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due...	HKUDS	DeepTutor	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-58167	Nightingale < 9.0.0-beta.2 - Datasource Credential Disclosure to Low-Privilege Users_CVE-2026-58167 Nightingale (n9e) before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basi...	ccfos	nightingale	Jun 30, 2026	CVE
CRITICAL 9.1	CVE-2026-58166	OpenBMB ChatDev – Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete_CVE-2026-58166 OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to wri...	OpenBMB	ChatDev	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-58165	OpenZiti – Privilege Escalation to Admin via Unauthorized Enrollment Creation_CVE-2026-58165 OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with ...	openziti	ziti	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-49451	Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing_CVE-2026-49451 The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML...	microsoft	OpenAPI.NET >= 2.0.0-preview11, < 2.7.5	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-10655	Use-after-free race in SNTP async client when closing the socket while the socket service is still polling it_CVE-2026-10655 The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor directly from the calli...	zephyrproject	zephyr 4.2.0	Jun 30, 2026	CVE
LOW 3.1	CVE-2026-10654	RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth Classic_CVE-2026-10654 A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional...	zephyrproject	zephyr 1.6.0	Jun 30, 2026	CVE
MEDIUM 6.4	CVE-2026-10653	Non-atomic `net_buf` reference counts cause double-free / free-list corruption under concurrent unref_CVE-2026-10653 The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its reference counts -- the per-header buf->ref and the per-data-block ref_count...	zephyrproject	zephyr 2.7.0	Jun 30, 2026	CVE
MEDIUM 4.8	CVE-2026-10652	Out-of-bounds read in Zephyr DNS resolver TXT/SRV record parsing (unvalidated `rdlength`)_CVE-2026-10652 Zephyr's DNS resolver (subsys/net/lib/dns) parses resource records from DNS responses in dns_unpack_answer(), which validated only the fixed RR hea...	zephyrproject	zephyr 4.3.0	Jun 30, 2026	CVE