category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	CVE-2026-55199	libssh2 – Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler_CVE-2026-55199 libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in s...	libssh2	libssh2	Jun 17, 2026	CVE
MEDIUM 6.9	CVE-2026-12529	SourceCodester CET Automated Grading System with AI Predictive Analytics Student Self-Registration Endpoint index.php access control_CVE-2026-12529 A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown ...	SourceCodester	CET Automated Grading System with AI Predictive Analytics 1.0	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-10741	Nexus Repository Manager – Incorrect Authorization allows credential disclosure via proxy repository configuration_CVE-2026-10741 Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegat...	Sonatype	Nexus Repository Manager 3.1.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-10696	CVE-2026-10696_CVE-2026-10696 Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community cat...	Devolutions	UniGetUI	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54388	Tinyproxy – HTTP Request Smuggling via Duplicate Content-Length Headers_CVE-2026-54388 Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwa...	tinyproxy	tinyproxy	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54387	Tinyproxy – HTTP Request Smuggling via CL/TE Desynchronization_CVE-2026-54387 Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding...	tinyproxy	tinyproxy	Jun 17, 2026	CVE
HIGH 8.1	CVE-2026-50107	NGINX Gateway Fabric vulnerability_CVE-2026-50107 When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX confi...	F5	NGINX Gateway Fabric 2.3.0	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-48823	Shaarli has Stored Cross-Site Scripting (XSS) via Tags Search_CVE-2026-48823 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the tag filtering...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-48822	Shaarli has Stored Cross-Site Scripting (XSS) via Markdown Reference Links_CVE-2026-48822 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the Markdown-to-H...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48817	Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`_CVE-2026-48817 Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by low...	Kludex	starlette < 1.1.0	Jun 17, 2026	CVE