HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-13601	Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications_CVE-2026-13601 A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak applica...	Red Hat	Red Hat Enterprise Linux 10	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-13539	Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow_CVE-2026-13539 A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless...	Wavlink	WL-NU516U1-A M16U1_V240425	Jun 29, 2026	CVE
HIGH 8.3	CVE-2025-2902	Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform_CVE-2025-2902 Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platfo...	Hitachi	Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H	Jun 29, 2026	CVE
HIGH 7.3	CVE-2026-22078	O+ Connect’s lack of authentication for IPC channels led to a local privilege escalation vulnerability._CVE-2026-22078 Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through...	OPPO	O+ Connect 16.0.33	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-13545	D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection_CVE-2026-13545 A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of the component POST Param...	D-Link	DCS-935L 1.10.01	Jun 29, 2026	CVE
HIGH 7.5	MS:CVE-2026-52929	sctp: stream: fully roll back denied add-stream state_MS:CVE-2026-52929 {“lastseen”:”2026-06-29T07:46:13″,”description”:””,”published”:”2026-06-27T08:12:...	N/A	N/A	Jun 27, 2026	MSCVE
HIGH 7	MS:CVE-2026-53168	fuse: reject fuse_notify() pagecache ops on directories_MS:CVE-2026-53168 {“lastseen”:”2026-06-29T07:46:13″,”description”:””,”published”:”2026-06-27T08:13:...	N/A	N/A	Jun 27, 2026	MSCVE
HIGH 7.8	MS:CVE-2026-52935	xfrm: espintcp: do not reuse an in-progress partial send_MS:CVE-2026-52935 {“lastseen”:”2026-06-29T07:46:12″,”description”:””,”published”:”2026-06-27T08:17:...	N/A	N/A	Jun 27, 2026	MSCVE
HIGH 8.8	08B3547F-EB17-	Exploit for CVE-2026-43503_08B3547F-EB17-5EB6-A6F5-A9DF637A08A1 DirtyClone CVE-2026-43503 - Python PoC Non-official Python port of DirtyClone — a Linux kernel local privilege escalation vulnerability. This repos...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
HIGH 8.7	CVE-2026-13516	Tenda JD12L WifiGuestSet fromSetWifiGusetBasic stack-based overflow_CVE-2026-13516 A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSe...	Tenda	JD12L 16.03.53.23	Jun 28, 2026	CVE