CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-48980	pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic_CVE-2026-48980 pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION,...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE
NONE	THN:61A3E81EE06...	Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites_THN:61A3E81EE060D294ED20FB1D0B47CAB5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1-D7cu6ZQpoZXfPa_eYHuQijjkt6mJRjmoIS9eSnCGPPgyXNz-AChti_zkCGmlefTdBm5bvbyxXbrJVbpVJ...	N/A	N/A	Jun 19, 2026	THN
HIGH 8.7	CVE-2026-48716	nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write_CVE-2026-48716 nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path u...	HKUDS	nanobot <= 0.1.5.post3	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-47847	CVE-2026-47847_CVE-2026-47847 Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication healt...	Bitnami	bitnami/mariadb-galera 10.6.0	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-47846	CVE-2026-47846_CVE-2026-47846 Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured vi...	Bitnami	bitnami/cassandra 4.0.0	Jun 18, 2026	CVE
MEDIUM 5.4	CVE-2026-43915	Coturn: Stored Cross-Site Scripting (XSS) in web-admin interface via TURN username_CVE-2026-43915 Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerabi...	coturn	coturn < 4.11.0	Jun 18, 2026	CVE
HIGH 8.5	CVE-2026-25865	Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec_CVE-2026-25865 Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by ex...	Yandex	Punto Switcher	Jun 18, 2026	CVE
CRITICAL 9.9	CVE-2026-49252	deepstream is vulnerable to prototype pollution_CVE-2026-49252 deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are v...	deepstreamIO	deepstream.io < 10.0.5	Jun 18, 2026	CVE
HIGH 8.3	CVE-2026-49248	OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar_CVE-2026-49248 OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim from TAR en...	theonedev	onedev < 15.0.7	Jun 18, 2026	CVE
MEDIUM 6.1	CVE-2026-44663	OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow_CVE-2026-44663 OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 t...	AcademySoftwareFoundation	openexr >= 3.4.0, < 3.4.11	Jun 18, 2026	CVE