Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-10748	Nexus Repository 3 – Remote Code Execution via License Deserialization_CVE-2026-10748 An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system comm...	Sonatype	Nexus Repository 3.0.0	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-48777	FileBrowser Quantum: Path Traversal in public share PATCH allows file ops outside shared directory_CVE-2026-48777 FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Pat...	gtsteffaniak	filebrowser < 1.3.3-stable	Jun 16, 2026	CVE
HIGH 7.8	CVE-2026-47750	stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files_CVE-2026-47750 stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In...	leejet	stable-diffusion.cpp < master-584-0a7ae07	Jun 16, 2026	CVE
HIGH 7.8	CVE-2026-47747	stable-diffusion.cpp has a Heap-based Buffer Overflow_CVE-2026-47747 stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In...	leejet	stable-diffusion.cpp < master-584-0a7ae07	Jun 16, 2026	CVE
MEDIUM 5.4	CVE-2026-46448	CVE-2026-46448_CVE-2026-46448 In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.	OpenStack	Nova 18.0.0	Jun 16, 2026	CVE
CRITICAL 9.1	CVE-2026-22313	OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector_CVE-2026-22313 The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vuln...	Radiflow	iSAP Smart Collector 3.07-1	Jun 16, 2026	CVE
HIGH 8.6	CVE-2026-22312	Use of Hard-coded Credentials Vulnerability in Radiflow iSAP Smart Collector_CVE-2026-22312 The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get a...	Radiflow	iSAP Smart Collector 3.07-1	Jun 16, 2026	CVE
MEDIUM 5.7	CVE-2026-12425	Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10_CVE-2026-12425 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center all...	PowerSchool	Employee Access Center 23.10	Jun 16, 2026	CVE
HIGH 7.4	CVE-2026-10303	ServerCo getssl ACME shell script path injection_CVE-2026-10303 In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being...	ServerCo	getssl	Jun 16, 2026	CVE
NONE	HACKREAD:EACDD4...	Amos Stealer Targets macOS Keychain Files and Browser Passwords_HACKREAD:EACDD4EF361C13E578E47905212C148C Amos Stealer targets macOS users through fake downloads, stealing Keychain files, browser passwords, cookies, and developer configs for data theft.	N/A	N/A	Jun 16, 2026	HACKREAD