HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	MS:CVE-2026-12449	Chromium: CVE-2026-12449 Use after free in Chromoting_MS:CVE-2026-12449 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.3	MS:CVE-2026-12465	Chromium: CVE-2026-12465 Insufficient validation of untrusted input in Metrics_MS:CVE-2026-12465 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.8	CVE-2026-54232	vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile_CVE-2026-54232 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confus...	vllm-project	vllm < 0.22.1	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-41523	vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution_CVE-2026-41523 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation func...	vllm-project	vllm < 0.22.0	Jun 22, 2026	CVE
HIGH 8.8	MS:CVE-2026-12439	Chromium: CVE-2026-12439 Use after free in Digital Credentials_MS:CVE-2026-12439 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 7.5	CVE-2026-55603	http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`_CVE-2026-55603 http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody() is the library's documented helper for r...	chimurai	http-proxy-middleware >= 3.0.4, < 3.0.7	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-39904	Gophish 0.12.1 Denial of Service via Office Document Upload_CVE-2026-39904 Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by up...	gophish	gophish	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-56324	Capgo – Rate Limit Bypass via User-Controlled device_id Parameter_CVE-2026-56324 Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by ...	Capgo	Capgo	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-56323	Capgo – Unauthenticated Channel Enumeration and App Oracle via GET /channel_self_CVE-2026-56323 Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attac...	Capgo	Capgo	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-56314	Capgo – Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint_CVE-2026-56314 Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain se...	Capgo	Capgo	Jun 22, 2026	CVE