HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-55697	pnpm: Repository-controlled configDependencies can select a pacquet native install engine_CVE-2026-55697 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-55487	pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle_CVE-2026-55487 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball,...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
HIGH 8.8	CVE-2026-50016	pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement_CVE-2026-50016 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path tr...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
HIGH 7.3	CVE-2026-50015	pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)_CVE-2026-50015 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file...	pnpm	pnpm < 10.33.4	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-49839	jq –rawfile invalid-state reuse after String too long causes heap-buffer-overflow_CVE-2026-49839 jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-string error into invalid-state reuse and a real h...	jqlang	jq < 1.8.2	Jun 25, 2026	CVE
HIGH 8.2	CVE-2026-11999	X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()_CVE-2026-11999 X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only ...	wolfSSL	wolfSSL 5.7.4	Jun 25, 2026	CVE
HIGH 7	CVE-2026-56790	CANBoat – Off-by-One Global Buffer Overflow in searchForPgn()_CVE-2026-56790 CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that ...	canboat	canboat	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-56789	RTKLIB 2.4.3 – Heap Buffer Overflow and Stack Read via Oversized RINEX Epoch Satellite Count_CVE-2026-56789 RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memo...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-56770	libais 0.15 – Out-of-bounds Vector Access in VdmStream::AddLine via Invalid Sequential Message ID_CVE-2026-56770 libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range ...	schwehr	libais	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-56768	Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method_CVE-2026-56768 Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass au...	haiwen	seahub	Jun 25, 2026	CVE