Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-49451	Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing_CVE-2026-49451 The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML...	microsoft	OpenAPI.NET >= 2.0.0-preview11, < 2.7.5	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-10655	Use-after-free race in SNTP async client when closing the socket while the socket service is still polling it_CVE-2026-10655 The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor directly from the calli...	zephyrproject	zephyr 4.2.0	Jun 30, 2026	CVE
LOW 3.1	CVE-2026-10654	RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth Classic_CVE-2026-10654 A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional...	zephyrproject	zephyr 1.6.0	Jun 30, 2026	CVE
MEDIUM 6.4	CVE-2026-10653	Non-atomic `net_buf` reference counts cause double-free / free-list corruption under concurrent unref_CVE-2026-10653 The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its reference counts -- the per-header buf->ref and the per-data-block ref_count...	zephyrproject	zephyr 2.7.0	Jun 30, 2026	CVE
MEDIUM 4.8	CVE-2026-10652	Out-of-bounds read in Zephyr DNS resolver TXT/SRV record parsing (unvalidated `rdlength`)_CVE-2026-10652 Zephyr's DNS resolver (subsys/net/lib/dns) parses resource records from DNS responses in dns_unpack_answer(), which validated only the fixed RR hea...	zephyrproject	zephyr 4.3.0	Jun 30, 2026	CVE
NONE	HACKREAD:2E8596...	Reflectiz to Host Webinar, Joined by Taboola, on Securing Third-Party Marketing in the AI Era_HACKREAD:2E859658988934BC644C9FFFAFC65D81 Boston, Massachusetts, 30th June 2026, CyberNewswire	N/A	N/A	Jun 30, 2026	HACKREAD
NONE	MALWAREBYTES:55...	Update time: Apple releases security patches for iOS, MacOS Tahoe, Safari_MALWAREBYTES:552F53C2A5C5D4124301419736747734 Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac. The updates for iOS/iPadOS, Mac...	N/A	N/A	Jun 30, 2026	MALWAREBYTES
NONE	HACKREAD:63F08F...	NDSS Symposium Heads to Seoul in 2027 to Expand Global Cybersecurity Collaboration_HACKREAD:63F08F11AF4999B54D4C576D772A9198 DC, United States, 30th June 2026, CyberNewswire	N/A	N/A	Jun 30, 2026	HACKREAD
NONE	HACKREAD:C88ABD...	Hackers Use Fake FIFA World Cup 2026 T-Shirt Offers to Spread Voidrift Malware_HACKREAD:C88ABDC30C1E80F03703CD1ACBFC49F0 A fake FIFA World Cup 2026 T-shirt giveaway scam is spreading Voidrift malware through personalized emails using company logos and trusted websites...	N/A	N/A	Jun 30, 2026	HACKREAD
NONE	THN:5DAB0877EE6...	Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses_THN:5DAB0877EE6A2238A848D066E5E917B7 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfz8WYO9wONzogh2V8g9VorZ8Ab_nAUZMD7rOM9xrVUhg3cbKGA5zc73PGQiAkbsNgY-qbm2AFAUjBdeMcpe...	N/A	N/A	Jun 30, 2026	THN