CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2026-46521	ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression_CVE-2026-46521 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using...	ImageMagick	ImageMagick < 6.9.13-48	Jun 10, 2026	CVE
HIGH 8.8	CVE-2026-44693	Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer_CVE-2026-44693 Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race ...	pi-hole	FTL < 6.6.1	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-42568	Yamcs Vulnerable to LDAP Injection in LdapAuthModule_CVE-2026-42568 Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthMo...	yamcs	yamcs < 5.12.7	Jun 10, 2026	CVE
HIGH 7.7	CVE-2026-42563	Dulwich Vulnerable to Command Injection via Merge Driver Path_CVE-2026-42563 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `Pr...	jelmer	dulwich >= 0.24.0, < 1.2.5	Jun 10, 2026	CVE
HIGH 7.6	CVE-2026-42558	Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet_CVE-2026-42558 Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnera...	xibosignage	xibo-cms < 4.4.2	Jun 10, 2026	CVE
HIGH 8.8	CVE-2026-42305	Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows_CVE-2026-42305 Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary f...	jelmer	dulwich >= 0.10.0, < 1.2.5	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-46645	SQLAdmin: Authorization Bypass on `ajax_lookup`_CVE-2026-46645 SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_a...	smithyhq	sqladmin < 0.25.1	Jun 10, 2026	CVE
HIGH 8.8	9A64EBDE-5EAB-	Exploit for Out-of-bounds Read in Google Chrome_9A64EBDE-5EAB-52B9-B835-619F7EEF8550 CVE-2026-11645 - V8 in Google Chrome prior to Remote Code Execution Quick Usage bash python3 exploit.py -t "C:\\Path\\To\\Target" -o demo.zip --dat...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT
CRITICAL 9.8	4116E80D-924A-	Exploit for Heap-based Buffer Overflow in Microsoft_4116E80D-924A-5725-8D0C-07D1C0469E98 CVE-2026-47291 Overview RCE exploit for CVE-2026-47291 targeting Windows HTTP.sys. Triggers a heap-based buffer overflow through integer overflow i...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT
NONE	WIRED:5364D86E6...	Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick_WIRED:5364D86E62704D9A6EA5E786C2B307DA US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's m...	N/A	N/A	Jun 10, 2026	WIRED