category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-54761	Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services_CVE-2026-54761 Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gatew...	traefik	traefik < 3.6.21	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-54555	rtk: Permission-gate bypass in rtk rewrite auto-allow via unsplit shell separators_CVE-2026-54555 rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively spli...	rtk-ai	rtk < 0.42.2	Jun 23, 2026	CVE
HIGH 7.3	CVE-2026-54328	Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts_CVE-2026-54328 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictabl...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE
LOW 2.2	CVE-2026-54327	Pi: Race condition in auth.json writes could expose stored credentials_CVE-2026-54327 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the f...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE
LOW 2.5	CVE-2026-54326	Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass_CVE-2026-54326 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not cons...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE
MEDIUM 4.4	CVE-2026-54325	Pi loads project-local extensions without approval_CVE-2026-54325 Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory withou...	earendil-works	pi < 0.79.0	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-53622	Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts_CVE-2026-53622 Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration ...	traefik	traefik < 3.7.3	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-48491	Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass_CVE-2026-48491 Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting pro...	traefik	traefik >= 3.7.0, < 3.7.3	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-48020	Traefik StripPrefix Route-Level Auth Bypass via Path Normalization_CVE-2026-48020 Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripP...	traefik	traefik >= 3.7.0-ea.1, < 3.7.3	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-45792	RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM_CVE-2026-45792 rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK (Rust Token Killer) improperly trusts project-l...	rtk-ai	rtk < 0.32.0	Jun 23, 2026	CVE