Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-12398	Galaxy_ng: shell injection in legacy role import via unsanitized git ref names_CVE-2026-12398 A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitize...	Red Hat	Red Hat Ansible Automation Platform 2	Jun 16, 2026	CVE
HIGH 8.7	CVE-2026-11317	Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP_CVE-2026-11317 A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is se...	Rockwell Automation	CompactLogix, ControlLogix Versions prior to 34.016, 35.015, 36.012	Jun 16, 2026	CVE
MEDIUM 6.9	CVE-2026-10831	Improper Authorization of Break Signal Commands in Devices_CVE-2026-10831 A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not pr...	Moxa	NPort 6000 Series 1.0	Jun 16, 2026	CVE
MEDIUM 4.2	CVE-2026-10640	Use-after-free reading `net_pkt` `iface` after send in IPv6 Neighbor Discovery (`ipv6_nbr.c`)_CVE-2026-10640 Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-inte...	zephyrproject	zephyr 3.3.0	Jun 16, 2026	CVE
MEDIUM 4.8	CVE-2026-10639	Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`_CVE-2026-10639 In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send...	zephyrproject	zephyr 1.14.0	Jun 16, 2026	CVE
MEDIUM 5.9	CVE-2026-10638	Use-after-free in Zephyr ICMPv6 RX path when updating statistics after sending an echo reply or error_CVE-2026-10638 subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_r...	zephyrproject	zephyr 4.2.0	Jun 16, 2026	CVE
MEDIUM 5.9	CVE-2026-10637	Use-after-free of net_pkt in IPv6 MLD send path triggerable by a link-local MLD Query_CVE-2026-10637 subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully. Per the networ...	zephyrproject	zephyr 1.12.0	Jun 16, 2026	CVE
LOW 3.7	CVE-2026-10636	Use-after-free in Zephyr IPv4 IGMP send path (igmp_send)_CVE-2026-10636 In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) ...	zephyrproject	zephyr 2.6.0	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-0647	Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities_CVE-2026-0647 An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated a...	Rockwell Automation	FLEX I/O EtherNet/IP Adapters 2.012	Jun 16, 2026	CVE
HIGH 8.7	CVE-2026-0646	Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities_CVE-2026-0646 A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerabilit...	Rockwell Automation	FLEX I/O EtherNet/IP Adapters 2.012	Jun 16, 2026	CVE