CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	CVE-2026-42563	Dulwich Vulnerable to Command Injection via Merge Driver Path_CVE-2026-42563 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `Pr...	jelmer	dulwich >= 0.24.0, < 1.2.5	Jun 10, 2026	CVE
HIGH 7.6	CVE-2026-42558	Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet_CVE-2026-42558 Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnera...	xibosignage	xibo-cms < 4.4.2	Jun 10, 2026	CVE
HIGH 8.8	CVE-2026-42305	Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows_CVE-2026-42305 Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary f...	jelmer	dulwich >= 0.10.0, < 1.2.5	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-46645	SQLAdmin: Authorization Bypass on `ajax_lookup`_CVE-2026-46645 SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_a...	smithyhq	sqladmin < 0.25.1	Jun 10, 2026	CVE
HIGH 8.8	9A64EBDE-5EAB-	Exploit for Out-of-bounds Read in Google Chrome_9A64EBDE-5EAB-52B9-B835-619F7EEF8550 CVE-2026-11645 - V8 in Google Chrome prior to Remote Code Execution Quick Usage bash python3 exploit.py -t "C:\\Path\\To\\Target" -o demo.zip --dat...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT
CRITICAL 9.8	4116E80D-924A-	Exploit for Heap-based Buffer Overflow in Microsoft_4116E80D-924A-5725-8D0C-07D1C0469E98 CVE-2026-47291 Overview RCE exploit for CVE-2026-47291 targeting Windows HTTP.sys. Triggers a heap-based buffer overflow through integer overflow i...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT
NONE	WIRED:5364D86E6...	Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick_WIRED:5364D86E62704D9A6EA5E786C2B307DA US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's m...	N/A	N/A	Jun 10, 2026	WIRED
NONE	HACKREAD:5AEE30...	FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders_HACKREAD:5AEE3084114A3FBAA203BD8C81B5B59F The Justice Department and FBI seized 13 fake consulting websites that officials say targeted US clearance holders with paid research work designed...	N/A	N/A	Jun 10, 2026	HACKREAD
NONE	WIRED:A461002B7...	CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats_WIRED:A461002B7B59B78E5B98710BA6B2EAFB “Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday.	N/A	N/A	Jun 10, 2026	WIRED
MEDIUM 5	CVE-2026-35188	Double-free When Checking OCSP Stapled Response_CVE-2026-35188 Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a...	OpenSSL	OpenSSL 4.0.0	Jun 9, 2026	CVE