Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	9FE6A20B-74FB-	Exploit for Unrestricted Upload of File with Dangerous Type in Eclipse Business_Intelligence_And_Reporting_Tools_9FE6A20B-74FB-5120-9B1F-6A63ED38C6E3 CVE-2021-34427 Windows POC for CVE-2021-34427 affecting Birt Viewer Tested on Birt 4.8.0 Built with Claude Based on research here: https://bugs.ecl...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
NONE	MSSECURE:D54D5B...	Crypto Clipper uses Tor and worm-like propagation for persistence and control_MSSECURE:D54D5BE0EDA21A0BA0238706877C8E42 In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligen...	N/A	N/A	Jun 17, 2026	MSSECURE
NONE	MALWAREBYTES:3B...	Roblox developers are losing entire games to malware attacks_MALWAREBYTES:3B2D0E131B2A9A8F5DD26DF6F363AD38 Account theft usually ends with someone losing a password. This one ends with hackers walking off with the entire game. Developers behind some of ...	N/A	N/A	Jun 17, 2026	MALWAREBYTES
MEDIUM 5.1	CVE-2026-54386	marimo < 0.23.9 XSS via file Query Parameter in assets.py_CVE-2026-54386 marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject a...	marimo-team	marimo	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-50200	Steeltoe’s env sanitizer misses connection strings — leaks embedded DB passwords_CVE-2026-50200 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-50196	Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch_CVE-2026-50196 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery....	SteeltoeOSS	Steeltoe.Discovery.Eureka >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-50194	Steeltoe vulnerable to management-port isolation bypass via spoofed Host header_CVE-2026-50194 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe manageme...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-48997	e107: Command Injection via shell expansion in ImageMagick resize destination path_CVE-2026-48997 e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destinat...	e107inc	e107 < 2.3.6	Jun 17, 2026	CVE
MEDIUM 5.5	CVE-2026-48991	XianYuLauncher: Legacy Microsoft account OAuth sign-in flow lacks PKCE and state validation_CVE-2026-48991 XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts could be exposed during a user-...	XianYuLauncher	XianYuLauncher < 1.5.5	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48990	joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization_CVE-2026-48990 joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 throu...	authlib	joserfc < 1.6.7	Jun 17, 2026	CVE