category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-48979	PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling_CVE-2026-48979 PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 an...	php-standard-library	php-standard-library >= 6.1.0, < 6.1.2	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-48821	Shaarli: DOM-based Cross-Site Scripting (XSS) in Thumbnail Synchronizer_CVE-2026-48821 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vulnerability in the Thumbnail ...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
CRITICAL 9.1	CVE-2026-36418	CVE-2026-36418_CVE-2026-36418 JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeS...	n/a	n/a n/a	Jun 17, 2026	CVE
HIGH 8.4	CVE-2025-26240	CVE-2025-26240_CVE-2025-26240 In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and t...	n/a	n/a n/a	Jun 17, 2026	CVE
HIGH 7.4	CVE-2026-9697	undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent_CVE-2026-9697 Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS ...	undici	undici 7.23.0	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-9679	undici vulnerable to HTTP header injection via Set-Cookie percent-decoding_CVE-2026-9679 Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and...	undici	undici	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-9678	undici vulnerable to cross-user information disclosure via shared cache whitespace bypass_CVE-2026-9678 Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded...	undici	undici 7.0.0	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-7300	Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow._CVE-2026-7300 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows F...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-6734	undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse_CVE-2026-6734 Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin match...	undici	undici 7.23.0	Jun 17, 2026	CVE
LOW 3.7	CVE-2026-6733	undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse_CVE-2026-6733 Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can...	undici	undici	Jun 17, 2026	CVE