CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2025-24268	CVE-2025-24268_CVE-2025-24268 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app m...	Apple	macOS	Jun 11, 2026	CVE
MEDIUM 6.3	CVE-2026-53782	Summarize < 0.17.0 SSRF via podcast:transcript URL fetch_CVE-2026-53782 Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the hos...	steipete	summarize	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-53781	Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download_CVE-2026-53781 Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media respons...	steipete	summarize	Jun 11, 2026	CVE
CRITICAL 9.2	CVE-2026-49973	Hermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settings_CVE-2026-49973 Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initi...	nesquena	hermes-webui	Jun 11, 2026	CVE
MEDIUM 6	CVE-2026-49949	CodexBar < 0.33.0 Credential Leakage via HTTP Redirect_CVE-2026-49949 CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by ...	steipete	CodexBar	Jun 11, 2026	CVE
HIGH 8.1	CVE-2026-46622	SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach_CVE-2026-46622 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as pla...	SolidInvoice	SolidInvoice < 2.3.17	Jun 11, 2026	CVE
HIGH 8.1	CVE-2026-46489	SolidInvoice: Unrestricted file upload with no MIME validation allows stored XSS via malicious SVG logo_CVE-2026-46489 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validatio...	SolidInvoice	SolidInvoice < 2.3.17	Jun 11, 2026	CVE
MEDIUM 6	CVE-2026-45802	FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service_CVE-2026-45802 FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version...	Setasign	FPDI < 2.6.7	Jun 11, 2026	CVE
HIGH 8.5	CVE-2026-45175	Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes_CVE-2026-45175 Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local a...	CyberArk Software, a Palo Alto Networks Company	Idira Endpoint Privilege Manager 26.0	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-53819	OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override_CVE-2026-53819 OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Hom...	OpenClaw	OpenClaw	Jun 11, 2026	CVE