category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-11407	Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed_CVE-2026-11407 Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary meth...	Pimcore GmbH	Pimcore CMS/DXP	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-49133	Typemill < 2.24.0 Path Traversal via ControllerApiImage::getPagemedia()_CVE-2026-49133 Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary f...	typemill	typemill	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48988	markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations_CVE-2026-48988 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to qua...	markdown-it	markdown-it < 14.2.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-48979	PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling_CVE-2026-48979 PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 an...	php-standard-library	php-standard-library >= 6.1.0, < 6.1.2	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-48821	Shaarli: DOM-based Cross-Site Scripting (XSS) in Thumbnail Synchronizer_CVE-2026-48821 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vulnerability in the Thumbnail ...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
CRITICAL 9.1	CVE-2026-36418	CVE-2026-36418_CVE-2026-36418 JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeS...	n/a	n/a n/a	Jun 17, 2026	CVE
HIGH 8.4	CVE-2025-26240	CVE-2025-26240_CVE-2025-26240 In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and t...	n/a	n/a n/a	Jun 17, 2026	CVE
HIGH 7.4	CVE-2026-9697	undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent_CVE-2026-9697 Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS ...	undici	undici 7.23.0	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-9679	undici vulnerable to HTTP header injection via Set-Cookie percent-decoding_CVE-2026-9679 Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and...	undici	undici	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-9678	undici vulnerable to cross-user information disclosure via shared cache whitespace bypass_CVE-2026-9678 Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded...	undici	undici 7.0.0	Jun 17, 2026	CVE