Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-58167	Nightingale < 9.0.0-beta.2 - Datasource Credential Disclosure to Low-Privilege Users_CVE-2026-58167 Nightingale (n9e) before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basi...	ccfos	nightingale	Jun 30, 2026	CVE
CRITICAL 9.1	CVE-2026-58166	OpenBMB ChatDev – Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete_CVE-2026-58166 OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to wri...	OpenBMB	ChatDev	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-58165	OpenZiti – Privilege Escalation to Admin via Unauthorized Enrollment Creation_CVE-2026-58165 OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with ...	openziti	ziti	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-49451	Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing_CVE-2026-49451 The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML...	microsoft	OpenAPI.NET >= 2.0.0-preview11, < 2.7.5	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-10655	Use-after-free race in SNTP async client when closing the socket while the socket service is still polling it_CVE-2026-10655 The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor directly from the calli...	zephyrproject	zephyr 4.2.0	Jun 30, 2026	CVE
LOW 3.1	CVE-2026-10654	RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth Classic_CVE-2026-10654 A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional...	zephyrproject	zephyr 1.6.0	Jun 30, 2026	CVE
MEDIUM 6.4	CVE-2026-10653	Non-atomic `net_buf` reference counts cause double-free / free-list corruption under concurrent unref_CVE-2026-10653 The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its reference counts -- the per-header buf->ref and the per-data-block ref_count...	zephyrproject	zephyr 2.7.0	Jun 30, 2026	CVE
MEDIUM 4.8	CVE-2026-10652	Out-of-bounds read in Zephyr DNS resolver TXT/SRV record parsing (unvalidated `rdlength`)_CVE-2026-10652 Zephyr's DNS resolver (subsys/net/lib/dns) parses resource records from DNS responses in dns_unpack_answer(), which validated only the fixed RR hea...	zephyrproject	zephyr 4.3.0	Jun 30, 2026	CVE
NONE	HACKREAD:2E8596...	Reflectiz to Host Webinar, Joined by Taboola, on Securing Third-Party Marketing in the AI Era_HACKREAD:2E859658988934BC644C9FFFAFC65D81 Boston, Massachusetts, 30th June 2026, CyberNewswire	N/A	N/A	Jun 30, 2026	HACKREAD
NONE	MALWAREBYTES:55...	Update time: Apple releases security patches for iOS, MacOS Tahoe, Safari_MALWAREBYTES:552F53C2A5C5D4124301419736747734 Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac. The updates for iOS/iPadOS, Mac...	N/A	N/A	Jun 30, 2026	MALWAREBYTES