exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-58053	Gitea act_runner – Container Hardening Bypass via Workflow Container Options_CVE-2026-58053 Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfi...	Gitea	act_runner	Jun 28, 2026	CVE
LOW 3.3	CVE-2026-58052	7-Zip – Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision_CVE-2026-58052 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an ...	7-Zip	7-Zip	Jun 28, 2026	CVE
MEDIUM 6.5	CVE-2026-58051	libssh2 – Free of Uninitialized Pointer in publickey List Cleanup_CVE-2026-58051 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a pars...	libssh2	libssh2	Jun 28, 2026	CVE
HIGH 7	CVE-2026-58050	libssh2 – Integer Overflow in publickey Subsystem Attribute Allocation_CVE-2026-58050 libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_at...	libssh2	libssh2	Jun 28, 2026	CVE
HIGH 8.6	CVE-2026-58049	FFmpeg – Out-of-Bounds Write in RASC Decoder decode_dlta()_CVE-2026-58049 FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary...	FFmpeg	FFmpeg	Jun 28, 2026	CVE
NONE	4DB773AB-3515-	IITR_Capstone_RedScope_Project_4DB773AB-3515-56F0-A117-B6F5C0AA746F RedScope Capstone Project Lab-only red-team assessment for web exploitation, network compromise, post-exploitation, and adversarial-ML testing. Git...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
HIGH 7.2	52E3EC4D-B3B2-	Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager_52E3EC4D-B3B2-5A5A-B602-597C9814297E OpenSTAManager RCE Exploit CVE-2026-38751 Arbitrary File Upload leading to Remote Code Execution Full-featured proof-of-concept for CVE-2026-38751,...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
CRITICAL 9.4	46CC1A3B-E288-	Exploit for OS Command Injection in Devcode Openstamanager_46CC1A3B-E288-5D6F-BB8A-C0B2ECAF3AD9 CVE-2025-69212 — OpenSTAManager P7M Command Injection PoC OpenSTAManager = 2.9.8 — OS Command Injection via malicious .p7m filename in ZIP upload. ...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
HIGH 8.7	CVE-2026-10643	Out-of-bounds heap write in Zephyr `recvmsg()` ancillary-data path (`insert_pktinfo` undersizes the control-buffer capacity check)_CVE-2026-10643 Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_co...	zephyrproject	zephyr 3.6.0	Jun 27, 2026	CVE
HIGH 8.1	CVE-2026-8095	Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion_CVE-2026-8095 The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. ...	nmedia	Frontend File Manager Plugin	Jun 27, 2026	CVE