news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.8	CVE-2026-48995	pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile_CVE-2026-48995 pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will in...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-47770	jq: stack overflow in deep structural equality_CVE-2026-47770 jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on j...	jqlang	jq < 1.8.2	Jun 25, 2026	CVE
HIGH 8.2	CVE-2026-11999	X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()_CVE-2026-11999 X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only ...	wolfSSL	wolfSSL 5.7.4	Jun 25, 2026	CVE
CRITICAL 10	CVE-2026-57700	WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability_CVE-2026-57700 Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from...	Daan.dev	OMGF Pro n/a	Jun 25, 2026	CVE
HIGH 7	CVE-2026-56790	CANBoat – Off-by-One Global Buffer Overflow in searchForPgn()_CVE-2026-56790 CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that ...	canboat	canboat	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-56789	RTKLIB 2.4.3 – Heap Buffer Overflow and Stack Read via Oversized RINEX Epoch Satellite Count_CVE-2026-56789 RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memo...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
MEDIUM 4.8	CVE-2026-56788	RTKLIB 2.4.3 – Out-of-bounds Read via Negative Array Index in getcodepri_CVE-2026-56788 RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allo...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-56787	RTKLIB 2.4.3 – Off-by-One Out-of-Bounds Read in decode_ssr3 via RTCM3 SSR Message_CVE-2026-56787 RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote att...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2026-56786	RTKLIB 2.4.3 – Out-of-bounds Write in decode_type1033 via Crafted RTCM3 Message_CVE-2026-56786 RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination b...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-56779	MaxKB < 2.10.0 - Server-Side Request Forgery via downloadCallbackUrl and download_url Parameters_CVE-2026-56779 MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to m...	1Panel-dev	MaxKB	Jun 25, 2026	CVE