HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	CVE-2026-53925	Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration_CVE-2026-53925 Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interpret...	nicolargo	glances >= 4.0.8, < 4.5.5	Jun 25, 2026	CVE
HIGH 7.4	CVE-2026-46608	Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)_CVE-2026-46608 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable ...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
HIGH 7.8	CVE-2026-46607	Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution_CVE-2026-46607 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cac...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
HIGH 7.8	CVE-2026-46606	Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py_CVE-2026-46606 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engine...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
HIGH 8.4	CVE-2026-12921	Use after free in AzeoTech DAQFactory_CVE-2026-12921 In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files w...	AzeoTech	DAQFactory	Jun 25, 2026	CVE
HIGH 8.4	CVE-2026-12897	Out-of-bounds read in Horner Automation Cscape_CVE-2026-12897 Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exp...	Horner Automation	Cscape	Jun 25, 2026	CVE
HIGH 8.5	BD307E81-25CC-	Exploit for OS Command Injection in Tp-Link Tl-Wr802N_Firmware_BD307E81-25CC-59FA-B6D0-3D9C36E25857 CVE-2026-3227: TP-Link Router OS Command Injection For more Information see https://vulners.com/cve/CVE-2026-3227 A persistent, authenticated OS Co...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT
HIGH 8.8	A8E5D800-F075-	Exploit for Path Traversal in Gogs_A8E5D800-F075-509D-A604-E092148C4F7B CVE-2025-8110 Gogs Repository Symlink Remote Code Execution Made by oguiii --- Table of Contents - Overview - Features - Requirements - Installatio...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2025-61028	CVE-2025-61028_CVE-2025-61028 An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL ...	n/a	n/a n/a	Jun 23, 2026	CVE
HIGH 7.5	CVE-2025-60474	CVE-2025-60474_CVE-2025-60474 A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Den...	n/a	n/a n/a	Jun 24, 2026	CVE