category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-55677	Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677 Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches rout...	labstack	echo < 4.15.3	Jun 26, 2026	CVE
CRITICAL 9	CVE-2026-54636	Dokku: OS Command Injection via app.json managed Cron_CVE-2026-54636 Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku ...	dokku	dokku < 0.38.7	Jun 26, 2026	CVE
MEDIUM 6	CVE-2026-48529	GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion_CVE-2026-48529 GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessC...	github	github-mcp-server >= 0.22.0, < 1.1.2	Jun 26, 2026	CVE
CRITICAL 9	CVE-2026-45408	Dokku: OS Command Injection via App Name in Git Pre-Receive Hook_CVE-2026-45408 Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authent...	dokku	dokku < 0.38.2	Jun 26, 2026	CVE
MEDIUM 5	CVE-2026-45407	Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch_CVE-2026-45407 Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the defa...	dokku	dokku < 0.38.2	Jun 26, 2026	CVE
CRITICAL 9	CVE-2026-45406	Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval_CVE-2026-45406 Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository dir...	dokku	dokku < 0.38.2	Jun 26, 2026	CVE
CRITICAL 9	CVE-2026-45405	Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add_CVE-2026-45405 Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary ...	dokku	dokku < 0.38.2	Jun 26, 2026	CVE
MEDIUM 5	CVE-2026-28385	SSRF via image import from URL allows internal network probing by authenticated users_CVE-2026-28385 In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticat...	Canonical	lxd 6.0	Jun 26, 2026	CVE
MEDIUM 4.9	CVE-2026-13434	Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled_CVE-2026-13434 A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, th...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-11779	PayloadCMS 3.84.1 – Authenticated account lockout bypass through default unlock access_CVE-2026-11779 An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.	PayloadCMS	PayloadCMS 3.84.1	Jun 26, 2026	CVE