CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	MSF:EXPLOIT-MULTI-	VS Code Extension Persistence_MSF:EXPLOIT-MULTI-PERSISTENCE-VSCODE_EXTENSION- This module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS ...	N/A	N/A	Jun 11, 2026	METASPLOIT
CRITICAL 10	CVE-2026-49261	MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`_CVE-2026-49261 MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11...	MariaDB	server >= 10.6.1, < 10.6.27	Jun 11, 2026	CVE
HIGH 8.5	CVE-2026-48546	KanaDojo < 0.1.18 Sandbox Escape RCE via messages.cjs_CVE-2026-48546 KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing...	lingdojo	kana-dojo	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-47157	aiograpi: Unsafe signup challenge path handling_CVE-2026-47157 aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them...	subzeroid	aiograpi < 0.9.10	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-46698	Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action_CVE-2026-46698 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_...	stefanbohacek	fediverse-embeds-wordpress-plugin < 1.5.9	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-46697	Fediverse Embeds: Unauthenticated SSRF / open proxy via REST media-proxy endpoint_CVE-2026-46697 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/m...	stefanbohacek	fediverse-embeds-wordpress-plugin < 1.5.8	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-3329	Nexus Repository Manager – Improper Restriction of Excessive Authentication Attempts_CVE-2026-3329 A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authent...	Sonatype	Nexus Repository Manager 3.0.0	Jun 11, 2026	CVE
MEDIUM 4.9	CVE-2026-11986	Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak_CVE-2026-11986 A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs be...	Red Hat	Red Hat Build of Keycloak	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-53702	Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser_CVE-2026-53702 A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, ...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-53701	Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser_CVE-2026-53701 An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE