Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	CVE-2026-49412	Use-after-free bug in the IPV6_MSFILTER socket option handler_CVE-2026-49412 The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. ...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 27, 2026	CVE
MEDIUM 6.5	CVE-2026-45259	sigqueue(2) missing capability mode restriction_CVE-2026-45259 sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not i...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 27, 2026	CVE
HIGH 7.8	CVE-2026-45258	Multiple vulnerabilities in the sound(4) mmap path_CVE-2026-45258 dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This additio...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 27, 2026	CVE
HIGH 7.8	CVE-2026-49414	ASLR bypass for setuid executables via procctl(2)_CVE-2026-49414 The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather tha...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 27, 2026	CVE
CRITICAL 9.8	CVE-2026-49048	Joomla Extension – joomcoder.com – Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1_CVE-2026-49048 The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request ...	joomcoder.com	JoomCCK extension for Joomla 1.0-6.4.0	Jun 28, 2026	CVE
MEDIUM 4.3	CVE-2026-9676	f4 Post Tree < 2.0.5 - Subscriber+ Arbitrary Post Parent/Menu Order Modification_CVE-2026-9676 The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing a...	Unknown	F4 Post Tree	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-10083	APCu Manager < 4.5.0 - Unauthenticated Stored XSS via Cache Key Pollution_CVE-2026-10083 The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Sto...	Unknown	APCu Manager	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-41992	Global Buffer Overflow in GNU gzip_CVE-2026-41992 GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between dif...	GNU	gzip	Jun 29, 2026	CVE
LOW 2	CVE-2026-41991	Predictable Temporary File in GNU gzip_CVE-2026-41991 GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the...	GNU	gzip	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-13564	Edimax EW-7478APC POST Request formPPPoESetup stack-based overflow_CVE-2026-13564 A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component PO...	Edimax	EW-7478APC 1.04	Jun 29, 2026	CVE