HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.6	CVE-2025-71344	picklescan – Arbitrary Code Execution via Undetected ensurepip._run_pip Function_CVE-2025-71344 picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files...	picklescan	picklescan	Jun 22, 2026	CVE
HIGH 7.6	CVE-2025-71339	Picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget_CVE-2025-71339 Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code exec...	Picklescan	Picklescan	Jun 22, 2026	CVE
HIGH 8.8	MS:CVE-2026-12443	Chromium: CVE-2026-12443 Use after free in Web Authentication_MS:CVE-2026-12443 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.8	MS:CVE-2026-12452	Chromium: CVE-2026-12452 Use after free in Downloads_MS:CVE-2026-12452 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.3	MS:CVE-2026-12437	Chromium: CVE-2026-12437 Use after free in WebShare_MS:CVE-2026-12437 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 7.7	CVE-2026-41156	GPU DDK – kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference_CVE-2026-41156 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use ...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 19, 2026	CVE
HIGH 7.7	CVE-2026-34192	GPU DDK – _MMU_AllocLevel error recovery paths leave dangling page table entries_CVE-2026-34192 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables....	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 19, 2026	CVE
HIGH 7.5	CVE-2026-54299	Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)_CVE-2026-54299 Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages (/404 or /500 using export const prerender = true) fetch thos...	withastro	astro < 6.4.6	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-54293	NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read_CVE-2026-54293 NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural L...	nltk	nltk < 3.10.0-rc1	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-53779	WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows_CVE-2026-53779 WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the co...	webp-sh	webp_server_go	Jun 22, 2026	CVE