HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-56424	Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models_CVE-2026-56424 MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/edi...	misp	misp	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-54100	Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft_CVE-2026-54100 A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Window...	Red Hat	Red Hat OpenShift Container Platform 4	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-54099	Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters_CVE-2026-54099 A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that ...	Red Hat	Red Hat OpenShift Container Platform 4	Jun 22, 2026	CVE
HIGH 7.7	CVE-2026-42129	Path Traversal in Loki Datasource leads to Internal Information Disclosure_CVE-2026-42129 The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin'...	Grafana	Grafana OSS	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-12602	Incorrect permissions in ArubaSign by Aruba_CVE-2026-12602 Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate perm...	Aruba	ArubaSign	Jun 22, 2026	CVE
HIGH 7.8	762AC12D-EAE0-	Exploit for Out-of-bounds Write in Linux Linux_Kernel_762AC12D-EAE0-5CAD-AE9B-86D5B412786A No description provided...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
HIGH 7.7	CVE-2026-12581	Digiwin｜EasyFlow .NET – Session Fixation_CVE-2026-12581 EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a us...	Digiwin	EasyFlow .NET	Jun 22, 2026	CVE
HIGH 8.7	CVE-2025-4994	Authentication Bypass for SafeLine SL6 and SL6+_CVE-2025-4994 The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerabilit...	SafeLine	SafeLine SL6/SL6+ 4.82	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-44914	Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents_CVE-2026-44914 Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required P...	Apache Software Foundation	Apache NiFi 1.12.0	Jun 22, 2026	CVE
HIGH 8.1	976F9104-D05C-	Exploit for Use After Free in Google Android_976F9104-D05C-54A5-8EAF-248D039A5569 CVE-2023-20938 — Android binder UAF privilege escalation A local privilege escalation proof-of-concept for CVE-2023-20938, a use-after-free in the ...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT