category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.4	CVE-2026-28496	FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE_CVE-2026-28496 FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulne...	FOSSBilling	FOSSBilling < 0.8.0	Jun 23, 2026	CVE
CRITICAL 10	CVE-2026-27604	FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions_CVE-2026-27604 FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization byp...	FOSSBilling	FOSSBilling >= 0.5.4, < 0.8.0	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-56696	OpenHarness – Prompt Injection via /issue and /pr_comments Slash Commands_CVE-2026-56696 OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-contro...	HKUDS	OpenHarness	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56695	OpenHarness – Cross-Session Disclosure via /resume and /summary Commands_CVE-2026-56695 OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and lo...	HKUDS	OpenHarness	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-56694	NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback_CVE-2026-56694 NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse f...	nanocoai	nanoclaw	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-56693	NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action_CVE-2026-56693 NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-d...	nanocoai	nanoclaw	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-56692	NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles_CVE-2026-56692 NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate hos...	nanocoai	nanoclaw	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56402	NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler_CVE-2026-56402 NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role au...	nanocoai	nanoclaw	Jun 23, 2026	CVE
MEDIUM 5.8	CVE-2026-55767	Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle_CVE-2026-55767 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-pad...	guzzle	guzzle < 7.12.1	Jun 23, 2026	CVE
MEDIUM 4.8	CVE-2026-55766	guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization_CVE-2026-55766 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain ...	guzzle	psr7 < 2.12.1	Jun 23, 2026	CVE