category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-50016	pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement_CVE-2026-50016 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path tr...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
HIGH 7.3	CVE-2026-50015	pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)_CVE-2026-50015 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
MEDIUM 6.4	CVE-2026-50014	pnpm: Git Fetch Argument Injection via Lockfile resolution.commit_CVE-2026-50014 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- s...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-49839	jq –rawfile invalid-state reuse after String too long causes heap-buffer-overflow_CVE-2026-49839 jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-string error into invalid-state reuse and a real h...	jqlang	jq < 1.8.2	Jun 25, 2026	CVE
MEDIUM 4.8	CVE-2026-48995	pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile_CVE-2026-48995 pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will in...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-47770	jq: stack overflow in deep structural equality_CVE-2026-47770 jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on j...	jqlang	jq < 1.8.2	Jun 25, 2026	CVE
HIGH 8.2	CVE-2026-11999	X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()_CVE-2026-11999 X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only ...	wolfSSL	wolfSSL 5.7.4	Jun 25, 2026	CVE
CRITICAL 10	CVE-2026-57700	WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability_CVE-2026-57700 Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from...	Daan.dev	OMGF Pro n/a	Jun 25, 2026	CVE
HIGH 7	CVE-2026-56790	CANBoat – Off-by-One Global Buffer Overflow in searchForPgn()_CVE-2026-56790 CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that ...	canboat	canboat	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-56789	RTKLIB 2.4.3 – Heap Buffer Overflow and Stack Read via Oversized RINEX Epoch Satellite Count_CVE-2026-56789 RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memo...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE