HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-54892	Plug: quadratic-time decoding of nested query/body parameters enables denial of service_CVE-2026-54892 Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Co...	elixir-plug	plug 1.15.0	Jun 23, 2026	CVE
HIGH 8.8	CVE-2026-10711	RCE in Akınsoft’s CafePlus_CVE-2026-10711 Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessin...	AKIN Software Computer Import Export Industry and Trade Ltd.	CafePlus 12.05.03	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71376	picklescan – Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions_CVE-2025-71376 picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attack...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71370	picklescan – Remote Code Execution via torch.jit.unsupported_tensor_ops.execWrapper_CVE-2025-71370 picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers ...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71365	picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass_CVE-2025-71365 picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Atta...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 7.6	CVE-2025-71341	picklescan – Remote Code Execution via Undetected profile.Profile.runctx_CVE-2025-71341 picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected ma...	picklescan	picklescan	Jun 23, 2026	CVE
HIGH 8.7	CVE-2025-71337	Flowise – Unverified Email Change via Account Profile Endpoint_CVE-2025-71337 Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the...	Flowise	Flowise	Jun 23, 2026	CVE
HIGH 8.6	CVE-2026-10521	Authenticated unintended access to critical program parameters_CVE-2026-10521 An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program ...	MB connect line	mbCONNECT24 0.0.0, 2.20.1	Jun 23, 2026	CVE
HIGH 7.5	MS:CVE-2026-12455	Chromium: CVE-2026-12455 Use after free in Tab Strip_MS:CVE-2026-12455 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 7.4	4FC5FF6D-FE23-	Exploit for Improper Certificate Validation in Openssl_4FC5FF6D-FE23-5F05-A381-3D356456D252 No description provided...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT