news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2	CVE-2026-10801	modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash_CVE-2026-10801 A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift...	modelscope	ms-swift 4.0	Jun 4, 2026	CVE
CRITICAL 9.8	CVE-2026-4104	SQLi in Akmer Informatics’ TeknoPass_CVE-2026-4104 Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass al...	Akmer Informatics Automation Industry and Trade Ltd. Co.	TeknoPass 20210501	Jun 4, 2026	CVE
HIGH 8.7	CVE-2026-45432	Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models_CVE-2026-45432 This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface...	GX INDIA	GX Earth 2022 version E2022 - 3.1.2A	Jun 4, 2026	CVE
HIGH 8.7	CVE-2026-45431	Command Injection Vulnerability in GX Earth ONT Models_CVE-2026-45431 This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web manage...	GX INDIA	GX Earth 2022 version E2022 - 3.1.2A	Jun 4, 2026	CVE
HIGH 7.2	CVE-2026-10843	Cloud-credential-operator: cco mint-mode credentialsrequest manifests grant account-wide iam access beyond cluster scope on aws_CVE-2026-10843 A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide ...	Red Hat	Red Hat OpenShift Container Platform 4	Jun 4, 2026	CVE
CRITICAL 9.6	CVE-2026-10840	Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources_CVE-2026-10840 A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group wri...	Red Hat	Builds for Red Hat OpenShift	Jun 4, 2026	CVE
LOW 2	CVE-2026-10804	Streamlit Palette hashing.py weak hash_CVE-2026-10804 A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py o...	n/a	Streamlit 1.0	Jun 4, 2026	CVE
LOW 2	CVE-2026-10803	MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash_CVE-2026-10803 A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of t...	n/a	MLflow 3.0	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-10802	keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption_CVE-2026-10802 A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/co...	keystonejs	keystone 20260319	Jun 4, 2026	CVE
HIGH 7.1	CVE-2025-52612	HCL iControl was affected by Export CSV – CSV Injection vulnerability._CVE-2025-52612 HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was...	HCL	iControl 4.0.0	Jun 4, 2026	CVE