HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-36797	CVE-2026-36797_CVE-2026-36797 Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMac...	n/a	n/a n/a	Jun 9, 2026	CVE
HIGH 7.5	CVE-2026-36796	CVE-2026-36796_CVE-2026-36796 Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSe...	n/a	n/a n/a	Jun 9, 2026	CVE
HIGH 7.5	CVE-2026-36783	CVE-2026-36783_CVE-2026-36783 Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of th...	n/a	n/a n/a	Jun 9, 2026	CVE
HIGH 8.8	CVE-2026-6893	Dracut: dracut: root code execution via dhcp options command injection_CVE-2026-6893 A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic H...	Red Hat	Red Hat Enterprise Linux 10	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46643	Snappy: Binary path is never shell-escaped due to an inverted is_executable check_CVE-2026-46643 Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(...	KnpLabs	snappy < 1.7.1	Jun 10, 2026	CVE
HIGH 8.4	CVE-2026-46529	PDF /GoToR action argv injection enables single-click RCE via –gtk-module dlopen_CVE-2026-46529 Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability ...	mate-desktop	atril < 1.26.3	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-1220	CVE-2026-1220_CVE-2026-1220 Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromi...	Google	Chrome 144.0.7559.99	Jun 10, 2026	CVE
HIGH 7.2	CVE-2026-53738	Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler_CVE-2026-53738 Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers ...	Inisev	Copy & Delete Posts	Jun 10, 2026	CVE
HIGH 8.6	CVE-2026-50131	Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges_CVE-2026-50131 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access ...	fedify-dev	fedify >= 0.11.2, < 1.9.12	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-48110	Russh: SSH message fields were decoded through allocation-first parsers before field-specific bounds_CVE-2026-48110 Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded...	Eugeny	russh >= 0.34.0, < 0.61.0	Jun 10, 2026	CVE