category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.1	CVE-2026-44889	WebOb: Location header normalization during redirect leads to open redirect_CVE-2026-44889 WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnera...	Pylons	webob < 1.8.10	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-44311	Fabric.js: Improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization_CVE-2026-44311 Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting (XSS) vulnerability exists in Fabric.js due to imp...	fabricjs	fabric.js < 7.4.0	Jun 22, 2026	CVE
HIGH 7.6	CVE-2025-71358	picklescan – Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity_CVE-2025-71358 picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce method...	picklescan	picklescan	Jun 22, 2026	CVE
HIGH 7.6	CVE-2025-71344	picklescan – Arbitrary Code Execution via Undetected ensurepip._run_pip Function_CVE-2025-71344 picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files...	picklescan	picklescan	Jun 22, 2026	CVE
HIGH 7.6	CVE-2025-71339	Picklescan – Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget_CVE-2025-71339 Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code exec...	Picklescan	Picklescan	Jun 22, 2026	CVE
HIGH 7.7	CVE-2026-41156	GPU DDK – kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference_CVE-2026-41156 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use ...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 19, 2026	CVE
HIGH 7.7	CVE-2026-34192	GPU DDK – _MMU_AllocLevel error recovery paths leave dangling page table entries_CVE-2026-34192 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables....	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 19, 2026	CVE
MEDIUM 5.1	CVE-2026-55443	LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders_CVE-2026-55443 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem pat...	langchain-ai	langchain < 1.3.9	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54300	@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config_CVE-2026-54300 @astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify conver...	withastro	astro < 7.0.13	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-54299	Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)_CVE-2026-54299 Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages (/404 or /500 using export const prerender = true) fetch thos...	withastro	astro < 6.4.6	Jun 22, 2026	CVE