HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.6	CVE-2025-71376	picklescan – Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions_CVE-2025-71376 picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attack...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71370	picklescan – Remote Code Execution via torch.jit.unsupported_tensor_ops.execWrapper_CVE-2025-71370 picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers ...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71365	picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass_CVE-2025-71365 picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Atta...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71341	picklescan – Remote Code Execution via Undetected profile.Profile.runctx_CVE-2025-71341 picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected ma...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 8.7	CVE-2025-71337	Flowise – Unverified Email Change via Account Profile Endpoint_CVE-2025-71337 Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the...	Flowise	Flowise	Jun 23, 2026	CVE
HIGH 8.6	CVE-2026-10521	Authenticated unintended access to critical program parameters_CVE-2026-10521 An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program ...	MB connect line	mbCONNECT24 0.0.0, 2.20.1	Jun 23, 2026	CVE
HIGH 7.5	MS:CVE-2026-12455	Chromium: CVE-2026-12455 Use after free in Tab Strip_MS:CVE-2026-12455 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 7.4	4FC5FF6D-FE23-	Exploit for Improper Certificate Validation in Openssl_4FC5FF6D-FE23-5F05-A381-3D356456D252 No description provided...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
HIGH 8.8	40AD62F4-D694-	Exploit for CVE-2021-37840_40AD62F4-D694-54A9-B440-BB6C6844A2AE aaPanel: Vendors Don't Always Fix Things Properly An incomplete fix for CVE-2021-37840 still exposes 3.6M servers to root RCE, 5 years later Discov...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
HIGH 8.3	MS:CVE-2026-12464	Chromium: CVE-2026-12464 Use after free in Browser_MS:CVE-2026-12464 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE