CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-48011	Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames_CVE-2026-48011 Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator us...	shopware	shopware >= 6.7.0.0, < 6.7.10.1	Jun 10, 2026	CVE
MEDIUM 5.3	CVE-2026-46705	russh server userauth state is not reset when authentication principal changes_CVE-2026-46705 Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps intern...	Eugeny	russh >= 0.34.0-beta.1, < 0.61.0	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46702	Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets_CVE-2026-46702 Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compress...	Eugeny	russh >= 0.34.0, < 0.61.1	Jun 10, 2026	CVE
HIGH 8.7	CVE-2026-46689	Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion_CVE-2026-46689 Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query ...	kanidm	kanidm < 1.9.3	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46673	Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases_CVE-2026-46673 Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and un...	Eugeny	russh < 0.60.3	Jun 10, 2026	CVE
HIGH 8.7	CVE-2026-46669	`openvm-pairing` pairing check missing proper subfield check on scaling factor_CVE-2026-46669 OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest libra...	openvm-org	openvm < 1.6.0	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-46668	SpiceDB: Caveat structures with nested lists can result in improper cache reuse_CVE-2026-46668 SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before versio...	authzed	spicedb >= 1.15.0, < 1.52.0	Jun 10, 2026	CVE
HIGH 8.9	CVE-2026-46654	Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss_CVE-2026-46654 Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft dis...	Plonky3	Plonky3 < 0.4.3	Jun 10, 2026	CVE
MEDIUM 6.1	CVE-2026-45384	bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update_CVE-2026-45384 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrar...	rikyoz	bit7z < 4.0.12	Jun 10, 2026	CVE
LOW 3.6	CVE-2026-45380	bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`_CVE-2026-45380 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-on...	rikyoz	bit7z < 4.0.12	Jun 10, 2026	CVE