CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-2675	Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data._CVE-2026-2675 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-2674	Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers._CVE-2026-2674 Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistenc...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
CRITICAL 9.2	CVE-2026-2467	Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags._CVE-2026-2467 Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
CRITICAL 9.1	CVE-2026-20266	OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit_CVE-2026-20266 In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Spl...	Splunk	Splunk AI Toolkit 5.7	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2026-20265	Insecure Default Domain Allowlist in Splunk AI Toolkit_CVE-2026-20265 In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI T...	Splunk	Splunk AI Toolkit 5.7	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2026-20178	CVE-2026-20178_CVE-2026-20178 A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malic...	Cisco	Cisco Webex App N/A	Jun 17, 2026	CVE
LOW 3.7	CVE-2026-11525	undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching_CVE-2026-11525 Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather t...	undici	undici	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-55198	Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint_CVE-2026-55198 Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to acces...	nesquena	hermes-webui	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-55197	Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint_CVE-2026-55197 Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclos...	nesquena	hermes-webui	Jun 17, 2026	CVE
CRITICAL 9.1	CVE-2026-55196	Hermes WebUI < 0.51.409 - Unauthenticated Passkey Registration via Authentication Bypass_CVE-2026-55196 Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote a...	hermes-webui	hermes-webui	Jun 17, 2026	CVE