HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.3	CVE-2026-54328	Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts_CVE-2026-54328 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictabl...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-53622	Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts_CVE-2026-53622 Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration ...	traefik	traefik < 3.7.3	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-48491	Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass_CVE-2026-48491 Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting pro...	traefik	traefik >= 3.7.0, < 3.7.3	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-48020	Traefik StripPrefix Route-Level Auth Bypass via Path Normalization_CVE-2026-48020 Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripP...	traefik	traefik >= 3.7.0-ea.1, < 3.7.3	Jun 23, 2026	CVE
HIGH 8.4	CVE-2026-47387	NocoDB: Stored Cross-Site Scripting via Form View Redirect URL_CVE-2026-47387 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler (packages/nc-gui/composables/use...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
HIGH 7.4	CVE-2026-47383	NocoDB: Stored Cross-Site Scripting via Row Comments_CVE-2026-47383 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that exe...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-23513	FOSSBilling: Broken Authorization in Client Transaction and Order Listings_CVE-2026-23513 FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endp...	FOSSBilling	FOSSBilling < 0.8.0	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-12112	Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse_CVE-2026-12112 A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active ...	Red Hat	Red Hat Satellite 6	Jun 23, 2026	CVE
HIGH 10	01330BA9-9AFB-	vulnerability-assessment-metasploitable2_01330BA9-9AFB-5AA8-A3E2-3AB2FE216993 Vulnerability Assessment — Metasploitable 2 A end-to-end vulnerability assessment conducted against a controlled lab environment, documented in con...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
HIGH 8.1	C0FC9086-8648-	Exploit for CVE-2026-45156_C0FC9086-8648-5BF4-BFEE-F541B2675907 CVE-2026-45156: Nextcloud useroidc ID4me JWT Signature Bypass This repository contains the Proof of Concept PoC exploit script for CVE-2026-45156, ...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT