HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.4	CVE-2026-7888	Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction._CVE-2026-7888 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that la...	Concrete CMS	Concrete CMS 5.0	Jun 3, 2026	CVE
HIGH 8.8	472EEC26-F9C7-	coruna_472EEC26-F9C7-50CA-A4D6-2E1879CAC2F3 iOS Orchestrator — Coruna Web server, C2 listener, and interactive shell for the Coruna exploit chain CVE-2024-23222. Targets Safari on iOS 13–17.2...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-30650	CVE-2026-30650_CVE-2026-30650 A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD...	Vivotek	Vivotek FD8136 FD8136-VVTK-0300a	Jun 2, 2026	CVE
HIGH 7.5	CVE-2026-42504	Quadratic complexity in WordDecoder.DecodeHeader in mime_CVE-2026-42504 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.	Go standard library	mime	Jun 2, 2026	CVE
HIGH 7	CVE-2026-44281	GLPI vulnerable to unauthorized reading of a specific asset object_CVE-2026-44281 GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user w...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 3, 2026	CVE
HIGH 8.4	CVE-2026-42321	GLPI has stored XSS in asset locks_CVE-2026-42321 GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS pay...	glpi-project	glpi >= 10.0.4, < 10.0.25	Jun 3, 2026	CVE
HIGH 7	CVE-2026-42318	GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint_CVE-2026-42318 GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users wi...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 3, 2026	CVE
HIGH 7	CVE-2026-42317	GLPI vulnerable to arbitrary files deletion by technician_CVE-2026-42317 GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 3, 2026	CVE
HIGH 7.7	THN:080A0E674D1...	Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag_THN:080A0E674D16A0E41BA6F5E8E1F2D4E0 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_pEYWDRVadGL0WYM3iSY6jqFgBez8snXgoyeyAzcXNmxiytv-FgiKoBJX3aPivuYhSJjXp4o_zO1dQSIPUf...	N/A	N/A	Jun 3, 2026	THN
HIGH 7.3	CVE-2026-30649	CVE-2026-30649_CVE-2026-30649 Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component	n/a	n/a n/a	Jun 2, 2026	CVE