category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2025-66389	CVE-2025-66389_CVE-2025-66389 GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_web...	n/a	n/a n/a	Jun 22, 2026	CVE
HIGH 7.3	CVE-2026-10845	IBM WebSphere Application Server is affected by an authentication bypass vulnerability_CVE-2026-10845 IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applicat...	IBM	WebSphere Application Server 8.5.0	Jun 22, 2026	CVE
HIGH 7	CVE-2026-56109	ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c_CVE-2026-56109 The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows ...	alsa-project	alsa-lib	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-55602	http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass_CVE-2026-55602 http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-ta...	chimurai	http-proxy-middleware >= 4.0.0, < 4.1.0	Jun 22, 2026	CVE
HIGH 8.1	CVE-2026-55388	piscina: Prototype Pollution Gadget → RCE via inherited options.filename_CVE-2026-55388 piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename opt...	piscinajs	piscina < 4.9.3	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-54290	Hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard_CVE-2026-54290 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, with credentials: true and no explicit orig...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 4.8	CVE-2026-54289	Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest_CVE-2026-54289 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a r...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54287	Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice_CVE-2026-54287 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header respon...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 5.9	CVE-2026-54286	Hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)_CVE-2026-54286 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash (%5C...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54285	opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation_CVE-2026-54285 opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract() in @opentelemetry/core does not enforce siz...	open-telemetry	opentelemetry-js < 2.8.0	Jun 22, 2026	CVE