category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-54386	marimo < 0.23.9 XSS via file Query Parameter in assets.py_CVE-2026-54386 marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject a...	marimo-team	marimo	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-50200	Steeltoe’s env sanitizer misses connection strings — leaks embedded DB passwords_CVE-2026-50200 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-50196	Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch_CVE-2026-50196 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery....	SteeltoeOSS	Steeltoe.Discovery.Eureka >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-50194	Steeltoe vulnerable to management-port isolation bypass via spoofed Host header_CVE-2026-50194 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe manageme...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-48997	e107: Command Injection via shell expansion in ImageMagick resize destination path_CVE-2026-48997 e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destinat...	e107inc	e107 < 2.3.6	Jun 17, 2026	CVE
MEDIUM 5.5	CVE-2026-48991	XianYuLauncher: Legacy Microsoft account OAuth sign-in flow lacks PKCE and state validation_CVE-2026-48991 XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts could be exposed during a user-...	XianYuLauncher	XianYuLauncher < 1.5.5	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48990	joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization_CVE-2026-48990 joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 throu...	authlib	joserfc < 1.6.7	Jun 17, 2026	CVE
HIGH 8.9	CVE-2026-48989	Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS_CVE-2026-48989 Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP contro...	CursorTouch	Windows-MCP < 0.7.5	Jun 17, 2026	CVE
MEDIUM 6.3	CVE-2026-48820	CakePHP: View::element() is missing a path containment check_CVE-2026-48820 CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, a...	cakephp	cakephp >= 5.3.0, < 5.3.6	Jun 17, 2026	CVE
HIGH 8.4	CVE-2026-12530	Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()_CVE-2026-12530 Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 m...	AWS	bedrock-agentcore 1.1.3	Jun 17, 2026	CVE