category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.9	CVE-2026-48090	Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)_CVE-2026-48090 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter ...	envoyproxy	envoy >= 1.38.0, < 1.38.3	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-47220	Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format_CVE-2026-47220 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SER...	envoyproxy	envoy >= 1.38.0, < 1.38.3	Jun 26, 2026	CVE
MEDIUM 5.9	CVE-2026-47205	Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides_CVE-2026-47205 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Fr...	envoyproxy	envoy >= 1.38.0, < 1.38.3	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-46602	Lack of limit on tile sizes in x/image/tiff in golang.org/x/image_CVE-2026-46602 The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to...	golang.org/x/image	golang.org/x/image/tiff	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-46601	Panic on VP8 alpha channel size mismatch in x/image/webp in golang.org/x/image_CVE-2026-46601 The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.	golang.org/x/image	golang.org/x/image/webp	Jun 25, 2026	CVE
HIGH 7.7	CVE-2026-37149	CVE-2026-37149_CVE-2026-37149 GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter ...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-37454	CVE-2026-37454_CVE-2026-37454 Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DE...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-37453	CVE-2026-37453_CVE-2026-37453 Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-38637	CVE-2026-38637_CVE-2026-38637 An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted ...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-37452	CVE-2026-37452_CVE-2026-37452 Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI...	n/a	n/a n/a	Jun 25, 2026	CVE