CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-11779	PayloadCMS 3.84.1 – Authenticated account lockout bypass through default unlock access_CVE-2026-11779 An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.	PayloadCMS	PayloadCMS 3.84.1	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2025-32423	AutoGPT: There is a DoS vulnerability in ExtractTextInformationBlock_CVE-2025-32423 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there i...	Significant-Gravitas	AutoGPT < 0.6.32	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2025-32394	AutoGPT: There is a DoS vulnerability in AITextSummarizerBlock_CVE-2025-32394 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there i...	Significant-Gravitas	AutoGPT < 0.6.32	Jun 26, 2026	CVE
NONE	B6A66232-7621-	Sql-injection-scanner_B6A66232-7621-5872-A51D-EDDA3F824073 Sql-injection-scanner Developing a security scanning tool that can quickly, reliably, and automatically detect SQL Injection vulnerabilities in web...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	THN:7A6FC6E72B7...	Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign_THN:7A6FC6E72B7906A66B33E84A6B61E75E ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHsYcZgd4WIkN0k-b4_j7JxBgi0R0dzj0jSwSWVgItyIy88VoZK5z8BAiwjmYnou7YLrNuckCgQvnHXV2KYH...	N/A	N/A	Jun 26, 2026	THN
NONE	H1:3823932	curl: CURLOPT_HAPROXY_CLIENT_IP lacks input validation, enabling HAProxy PROXY protocol injection_H1:3823932 Summary The CURLOPT_HAPROXY_CLIENT_IP option accepts an arbitrary string without validating that it is a valid IP address, and without stripping...	N/A	N/A	Jun 25, 2026	HACKERONE
NONE	H1:3826199	curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0_H1:3826199 ## Summary When an application sets `CURLOPT_SSL_VERIFYPEER=0` while keeping `CURLOPT_SSL_VERIFYHOST=2` (the default), the mbedTLS, wolfSSL, and r...	N/A	N/A	Jun 26, 2026	HACKERONE
MEDIUM 6.1	CVE-2025-60465	CVE-2025-60465_CVE-2025-60465 A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to caus...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 7.8	CVE-2025-60464	CVE-2025-60464_CVE-2025-60464 A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to ca...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-38640	CVE-2026-38640_CVE-2026-38640 A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a...	n/a	n/a n/a	Jun 25, 2026	CVE