CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-47846	CVE-2026-47846_CVE-2026-47846 Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured vi...	Bitnami	bitnami/cassandra 4.0.0	Jun 18, 2026	CVE
MEDIUM 5.4	CVE-2026-43915	Coturn: Stored Cross-Site Scripting (XSS) in web-admin interface via TURN username_CVE-2026-43915 Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerabi...	coturn	coturn < 4.11.0	Jun 18, 2026	CVE
HIGH 8.5	CVE-2026-25865	Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec_CVE-2026-25865 Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by ex...	Yandex	Punto Switcher	Jun 18, 2026	CVE
CRITICAL 9.9	CVE-2026-49252	deepstream is vulnerable to prototype pollution_CVE-2026-49252 deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are v...	deepstreamIO	deepstream.io < 10.0.5	Jun 18, 2026	CVE
HIGH 8.3	CVE-2026-49248	OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar_CVE-2026-49248 OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim from TAR en...	theonedev	onedev < 15.0.7	Jun 18, 2026	CVE
MEDIUM 6.1	CVE-2026-44663	OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow_CVE-2026-44663 OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 t...	AcademySoftwareFoundation	openexr >= 3.4.0, < 3.4.11	Jun 18, 2026	CVE
HIGH 8.1	CVE-2026-43994	Coturn: Stack buffer overflow in decode_oauth_token_gcm()_CVE-2026-43994 Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token...	coturn	coturn < 4.10.0	Jun 18, 2026	CVE
HIGH 8.3	CVE-2025-15661	libssh2 – Heap Buffer Over-read via sftp_symlink() in sftp.c_CVE-2025-15661 libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c tha...	libssh2	libssh2	Jun 18, 2026	CVE
CRITICAL 9.1	CVE-2026-49454	Relyra SAML SignatureValue not cryptographically verified -> authentication bypass_CVE-2026-49454 Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures beca...	szTheory	relyra >= 1.0.0, < 1.2.0	Jun 18, 2026	CVE
CRITICAL 10	CVE-2026-49257	mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind_CVE-2026-49257 mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults ...	startreedata	mcp-pinot < 3.1.0	Jun 18, 2026	CVE