HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.6	98D7FC0C-3955-	Exploit for Improper Authentication in Pocketbase_98D7FC0C-3955-56D1-8337-74FE94A341E4 CVE-2026-44166 — PocketBase OAuth2 Account Pre-Hijacking Self-contained lab + writeup for CVE-2026-44166: an attacker with any account on a configu...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-53461	ImageMagick: Out-of-bounds write in ICON decoder due to incorrect loop_CVE-2026-53461 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorre...	ImageMagick	ImageMagick < 6.9.13-50	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-53460	ImageMagick: Policy Bypass can trigger out-of-Memory condition_CVE-2026-53460 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing ...	ImageMagick	ImageMagick < 6.9.13-50	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-52726	Dulwich’s submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload_CVE-2026-52726 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porc...	jelmer	dulwich >= 0.23.2, < 1.2.5	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-49218	ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions_CVE-2026-49218 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing ...	ImageMagick	ImageMagick < 6.9.13-48	Jun 10, 2026	CVE
HIGH 8.8	CVE-2026-44693	Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer_CVE-2026-44693 Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race ...	pi-hole	FTL < 6.6.1	Jun 10, 2026	CVE
HIGH 7.7	CVE-2026-42563	Dulwich Vulnerable to Command Injection via Merge Driver Path_CVE-2026-42563 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `Pr...	jelmer	dulwich >= 0.24.0, < 1.2.5	Jun 10, 2026	CVE
HIGH 7.6	CVE-2026-42558	Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet_CVE-2026-42558 Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnera...	xibosignage	xibo-cms < 4.4.2	Jun 10, 2026	CVE
HIGH 8.8	CVE-2026-42305	Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows_CVE-2026-42305 Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary f...	jelmer	dulwich >= 0.10.0, < 1.2.5	Jun 10, 2026	CVE
HIGH 8.8	9A64EBDE-5EAB-	Exploit for Out-of-bounds Read in Google Chrome_9A64EBDE-5EAB-52B9-B835-619F7EEF8550 CVE-2026-11645 - V8 in Google Chrome prior to Remote Code Execution Quick Usage bash python3 exploit.py -t "C:\\Path\\To\\Target" -o demo.zip --dat...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT