HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	CVE-2026-12490	Bypass of client certificate verification with transfer over TLS_CVE-2026-12490 When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no...	NLnet Labs	NSD 4.10.1	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-12246	Out of bounds stack write with crafted APL RR_CVE-2026-12246 NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite...	NLnet Labs	NSD 4.14.0	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-12245	Denial of DNS over TLS service by any DoT client_CVE-2026-12245 NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be tri...	NLnet Labs	NSD 4.13.0	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-12244	Heap overflow and crash with crafted SVCB RR_CVE-2026-12244 If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted S...	NLnet Labs	NSD 4.14.0	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-12937	Tourfic <= 2.22.7 - Unauthenticated SQL Injection via 'post_id' Parameter_CVE-2026-12937 The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection vi...	themefic	Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin	Jun 25, 2026	CVE
HIGH 8.1	F078596F-EF09-	Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple_F078596F-EF09-5AD1-A7D9-223B4CA40A59 CVE-2019-9053 — CMS Made Simple SQLi Exploit Python 3 Disclaimer: This tool is intended for authorized penetration testing and educational purposes...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT
HIGH 7.8	THN:AD3AD8530F9...	Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access_THN:AD3AD8530F92B6335CE622AD7B31FDE5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3UeGaI_Ej8KFu7-vQHTOuoohYdx04xIdI3W2B6JjCdaTSR6m-y1PAZ-aes-tH9nxtPGO2sFUiu1NwYkwT5s...	N/A	N/A	Jun 25, 2026	THN
HIGH 8.7	CVE-2026-13311	shell-quote parse() is quadratic in token count, enabling denial of service_CVE-2026-13311 shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies th...	ljharb	shell-quote	Jun 25, 2026	CVE
HIGH 8.6	CVE-2026-12053	Insertion of Sensitive Information into Log File in GitLab_CVE-2026-12053 GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user ...	GitLab	GitLab 19.1	Jun 25, 2026	CVE
HIGH 8	CVE-2026-10712	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab_CVE-2026-10712 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that un...	GitLab	GitLab 18.10	Jun 25, 2026	CVE