CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-6458	AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty_CVE-2026-6458 Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming...	Caliptra	Core Runtime Firmware 2.0.0	Jun 23, 2026	CVE
HIGH 7.2	CVE-2026-5818	MCU Firmware Update Authentication Bypass on Caliptra Core_CVE-2026-5818 Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Cor...	Caliptra	Core Runtime Firmware 2.0.0	Jun 23, 2026	CVE
HIGH 8.8	CVE-2026-54639	Style Dictionary – Prototype Pollution in convertTokenData utility function_CVE-2026-54639 Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to...	style-dictionary	style-dictionary >= 4.3.0, < 5.4.4	Jun 24, 2026	CVE
CRITICAL 9.8	D76E3BC5-2C10-	Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin_D76E3BC5-2C10-52DE-8FE2-24C1C9C72D09 this is my version i found a lot in internet but those are too bad USAGE python3 exploit.py -u http://IP/grav-admin/ --lhost YOUR TUN0 IP --lport 4...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
HIGH 8.1	CVE-2026-39253	CVE-2026-39253_CVE-2026-39253 An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Se...	n/a	n/a n/a	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54517	jackson-databind: @JsonView bypass for setterless creator properties_CVE-2026-54517 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....	FasterXML	jackson-databind >= 2.21.0, < 2.21.4	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54516	jackson-databind: Renamed @JsonIgnore’d setters can deserialize via private fields_CVE-2026-54516 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....	FasterXML	jackson-databind >= 2.21.0, < 2.21.4	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54515	jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties_CVE-2026-54515 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5...	FasterXML	jackson-databind >= 2.8.0, < 2.18.9	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54514	jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)_CVE-2026-54514 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4...	FasterXML	jackson-databind >= 2.0.0, < 2.18.8	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-54513	jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)_CVE-2026-54513 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21....	FasterXML	jackson-databind >= 2.10.0, < 2.18.8	Jun 23, 2026	CVE