tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	THN:080A0E674D1...	Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag_THN:080A0E674D16A0E41BA6F5E8E1F2D4E0 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_pEYWDRVadGL0WYM3iSY6jqFgBez8snXgoyeyAzcXNmxiytv-FgiKoBJX3aPivuYhSJjXp4o_zO1dQSIPUf...	N/A	N/A	Jun 3, 2026	THN
NONE	FEF41599-6B58-	1click-gh-token-stealing-via-vscode-POC_FEF41599-6B58-5BDB-BB48-0E38230B7291 1-Click GitHub Token Stealing via VSCode Proof-of-Concept exploit for a critical VS Code zero-day vulnerability that allows attackers to steal GitH...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
MEDIUM 6.3	CVE-2026-35716	CVE-2026-35716_CVE-2026-35716 A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers t...	n/a	n/a n/a	Jun 2, 2026	CVE
HIGH 7.3	CVE-2026-30649	CVE-2026-30649_CVE-2026-30649 Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component	n/a	n/a n/a	Jun 2, 2026	CVE
LOW 3.1	CVE-2026-8404	Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware_CVE-2026-8404 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match ...	djangoproject	Django 6.0	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-7666	Potential unencrypted email transmission via STARTTLS in the SMTP backend_CVE-2026-7666 An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent ...	djangoproject	Django 6.0	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-6873	Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie_CVE-2026-6873 An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Django uses a non-injectiv...	djangoproject	Django 6.0	Jun 3, 2026	CVE
HIGH 8	CVE-2026-5241	Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers_CVE-2026-5241 A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to exe...	huggingface	huggingface/transformers unspecified	Jun 3, 2026	CVE
LOW 3.1	CVE-2026-48587	Potential exposure of private data via whitespace padding in Vary header_CVE-2026-48587 An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading o...	djangoproject	Django 6.0	Jun 3, 2026	CVE
MEDIUM 6.9	CVE-2026-47325	Weak password policy in ProjectsAndPrograms school-management-system_CVE-2026-47325 ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s da...	ProjectsAndPrograms	school-management-system 6b6fae5	Jun 3, 2026	CVE