tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-9260	CVE-2026-9260_CVE-2026-9260 Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier	Canon Inc.	EOS Network Setting Tool for Windows 1.5.0 or earlier	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-9259	CVE-2026-9259_CVE-2026-9259 Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier	Canon Inc.	EOS Network Setting Tool for Windows 1.5.0 or earlier	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-9258	CVE-2026-9258_CVE-2026-9258 Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier	Canon Inc.	EOS Network Setting Tool for Windows 1.5.0 or earlier	Jun 15, 2026	CVE
NONE	5ADF4FB7-C36C-	Exploit for CVE-2026-54597_5ADF4FB7-C36C-5BD4-B308-4478A6465507 CVE-2026-54597 — ITFlow Time-Based Blind SQL Injection Severity: High Advisory: GHSA-m63v-j7fw-hq2h Affected: ITFlow agent/ajax.php — expires param...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
NONE	BA5C381E-882D-	Exploit for CVE-2026-54596_BA5C381E-882D-5133-A105-3067A00C84CE CVE-2026-54596 - Authenticated SQL Injection via recurringinvoicefrequency Parameter Enables Full Database Exfiltration Severity: High Advisory: GH...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2026-50628	Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control_CVE-2026-50628 A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any oth...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-50627	Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator_CVE-2026-50627 The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issu...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-49875	Apache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils_CVE-2026-49875 Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurati...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
HIGH 7.8	CVE-2026-41158	GPU DDK – Backed sparse PMRs are not handled by deferred free mechanism after shrink_CVE-2026-41158 Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory all...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 12, 2026	CVE
MEDIUM 5.5	CVE-2026-41155	GPU DDK – SharedSecMem mapped into all GPU virtual address spaces_CVE-2026-41155 An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 12, 2026	CVE