CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	THN:61A3E81EE06...	Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites_THN:61A3E81EE060D294ED20FB1D0B47CAB5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1-D7cu6ZQpoZXfPa_eYHuQijjkt6mJRjmoIS9eSnCGPPgyXNz-AChti_zkCGmlefTdBm5bvbyxXbrJVbpVJ...	N/A	N/A	Jun 19, 2026	THN
HIGH 8.7	CVE-2026-48716	nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write_CVE-2026-48716 nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path u...	HKUDS	nanobot <= 0.1.5.post3	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-47847	CVE-2026-47847_CVE-2026-47847 Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication healt...	Bitnami	bitnami/mariadb-galera 10.6.0	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-47846	CVE-2026-47846_CVE-2026-47846 Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured vi...	Bitnami	bitnami/cassandra 4.0.0	Jun 18, 2026	CVE
MEDIUM 5.4	CVE-2026-43915	Coturn: Stored Cross-Site Scripting (XSS) in web-admin interface via TURN username_CVE-2026-43915 Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerabi...	coturn	coturn < 4.11.0	Jun 18, 2026	CVE
HIGH 8.5	CVE-2026-25865	Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec_CVE-2026-25865 Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by ex...	Yandex	Punto Switcher	Jun 18, 2026	CVE
CRITICAL 9.9	CVE-2026-49252	deepstream is vulnerable to prototype pollution_CVE-2026-49252 deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are v...	deepstreamIO	deepstream.io < 10.0.5	Jun 18, 2026	CVE
HIGH 8.3	CVE-2026-49248	OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar_CVE-2026-49248 OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim from TAR en...	theonedev	onedev < 15.0.7	Jun 18, 2026	CVE
MEDIUM 6.1	CVE-2026-44663	OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow_CVE-2026-44663 OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 t...	AcademySoftwareFoundation	openexr >= 3.4.0, < 3.4.11	Jun 18, 2026	CVE
HIGH 8.1	CVE-2026-43994	Coturn: Stack buffer overflow in decode_oauth_token_gcm()_CVE-2026-43994 Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token...	coturn	coturn < 4.10.0	Jun 18, 2026	CVE