Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-10880	Unauthenticated SQL Injection in Osnexus Quantastor_CVE-2026-10880 OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being inco...	Osnexus	QuantaStor 5.9	Jun 4, 2026	CVE
HIGH 7.5	CVE-2026-10796	nvm executes commands from a malicious Node.js mirror’s version strings_CVE-2026-10796 nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Command...	nvm-sh	nvm	Jun 4, 2026	CVE
HIGH 7.1	CVE-2026-41522	Iris has an Improper Authorization issue_CVE-2026-41522 Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IR...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
HIGH 7.6	CVE-2026-41518	Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)_CVE-2026-41518 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 th...	chartbrew	chartbrew >= 4.9.0, < 5.0.1	Jun 4, 2026	CVE
HIGH 8.2	CVE-2026-41249	CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration_CVE-2026-41249 CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static....	coreshop	CoreShop >= 5.0.1, <= 5.1.0-beta.1	Jun 4, 2026	CVE
MEDIUM 5.8	CVE-2026-21404	NAVTOR NavBox Use of Hard-coded Credentials_CVE-2026-21404 NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the S...	NAVTOR	NavBox	Jun 4, 2026	CVE
MEDIUM 6.3	CVE-2026-5066	net: sockets: tls: Potential out-of-bounds write/read in socket_op_vtable::connect function_CVE-2026-5066 A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c)....	zephyrproject-rtos	Zephyr *	Jun 4, 2026	CVE
MEDIUM 6.3	CVE-2026-42538	IRIS has an Insecure File Upload_CVE-2026-42538 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not ...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 4.7	CVE-2026-42329	Iris has an Open Redirect issue_CVE-2026-42329 Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-10870	Shibby Tomato Web UI rc start_dhcpc os command injection_CVE-2026-10870 A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipula...	Shibby	Tomato 1.28.0000	Jun 4, 2026	CVE