CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-48067	Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields_CVE-2026-48067 Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from ...	filamentphp	filament >= 4.0.0, < 4.11.4	Jun 22, 2026	CVE
MEDIUM 6.1	CVE-2026-44889	WebOb: Location header normalization during redirect leads to open redirect_CVE-2026-44889 WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnera...	Pylons	webob < 1.8.10	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-44311	Fabric.js: Improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization_CVE-2026-44311 Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting (XSS) vulnerability exists in Fabric.js due to imp...	fabricjs	fabric.js < 7.4.0	Jun 22, 2026	CVE
HIGH 7.6	CVE-2025-71358	picklescan – Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity_CVE-2025-71358 picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce method...	picklescan	picklescan	Jun 22, 2026	CVE
HIGH 7.6	CVE-2025-71344	picklescan – Arbitrary Code Execution via Undetected ensurepip._run_pip Function_CVE-2025-71344 picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files...	picklescan	picklescan	Jun 22, 2026	CVE
HIGH 7.6	CVE-2025-71339	Picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget_CVE-2025-71339 Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code exec...	Picklescan	Picklescan	Jun 22, 2026	CVE
CRITICAL 9.3	4DC88245-D5D6-	Exploit for CVE-2026-49772_4DC88245-D5D6-582C-AA2B-EE9293E136F3 The Events Calendar SQL Injection CVE-2026-49772 PoC Description CVE-2026-49772 is an unauthenticated blind SQL injection in the WordPress plugin T...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
CRITICAL 9.3	PACKETSTORM:224001	📄 Worksnaps.net Worksnaps Hardcoded Root Cloud Credentials_PACKETSTORM:224001 Silver Leaf Technologies - Worksnaps.net Worksnaps suffers from a hardcoded credential vulnerability. Several application binaries contained hardco...	N/A	N/A	Jun 22, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:223999	📄 Sprecher Automation SPRECON-E-C/-E-P/-E-T3 Missing Secure-Boot / Static Passwords_PACKETSTORM:223999 Sprecher Automation SPRECON-E-C/-E-P/-E-T3 leaks the firmware signing private key, is missing a secure-boot mechanism, has unencrypted flash memory...	N/A	N/A	Jun 22, 2026	PACKETSTORM
HIGH 8.8	MS:CVE-2026-12443	Chromium: CVE-2026-12443 Use after free in Web Authentication_MS:CVE-2026-12443 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE