CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-57451	Vim: Out-of-bounds Read in Text Property Count_CVE-2026-57451 Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline ...	vim	vim < 9.2.0670	Jun 25, 2026	CVE
LOW 2.2	CVE-2026-57438	Nokogiri: Possible Use-After-Free in XInclude Processing_CVE-2026-57438 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XM...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
MEDIUM 5.7	CVE-2026-55895	Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename_CVE-2026-55895 Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the ...	vim	vim < 9.2.0663	Jun 25, 2026	CVE
MEDIUM 5.5	CVE-2026-55892	Vim: Out-of-bounds Write in Spell File Prefix Dump_CVE-2026-55892 Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iter...	vim	vim < 9.2.0662	Jun 25, 2026	CVE
MEDIUM 5.7	CVE-2026-55693	Vim: Out-of-bounds Write in Spell File Word Count_CVE-2026-55693 Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fiel...	vim	vim < 9.2.0653	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-55477	Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation_CVE-2026-55477 3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functiona...	MHSanaei	3x-ui < 3.3.1	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-54036	LibreChat: 2FA Re-enrollment Allows Full Account 2FA Takeover Without OTP Verification_CVE-2026-54036 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.7	CVE-2026-4522	CVE-2026-4522_CVE-2026-4522 Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYP...	HYPR	Passwordless	Jun 25, 2026	CVE
HIGH 7.5	616C2155-98D5-	Exploit for Classic Buffer Overflow in Qualcomm Apq8097_Firmware_616C2155-98D5-5316-BB35-BF924B098C71 Katana A BootROM exploit for Qualcomm devices released within 2016 til 2019. Brief Explanation of the Exploit With the MSM8998 Nazgul SoC, the comm...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT
NONE	HACKREAD:30D641...	Suspected Cyberattack Sends Fake Emergency Alert to Phones Across Brazil_HACKREAD:30D64137BBAEF523BEACA95B9C593977 Brazil’s alert system was taken offline after a fake emergency alert reached phones, with officials investigating a suspected cyberattack and secur...	N/A	N/A	Jun 25, 2026	HACKREAD