HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-50168	Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist Bypass_CVE-2026-50168 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...	angular	angular >= 22.0.0-next.0, < 22.0.0-rc.2	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-48712	protobufjs: Denial of service through unbounded Any expansion during JSON conversion_CVE-2026-48712 protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit w...	protobufjs	protobuf.js < 7.6.1	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-46417	Angular: SSRF via Hostname Hijacking in @angular/platform-server_CVE-2026-46417 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...	angular	angular >= 22.0.0-next.0, < 22.0.0-next.12	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-42127	Grafana pre-auth DoS through arbitrarily large input to public dashboard query handler_CVE-2026-42127 The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive mem...	Grafana	Grafana Enterprise	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-12249	Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment_CVE-2026-12249 An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto...	N/A	N/A 0.13.0	Jun 22, 2026	CVE
HIGH 7.5	MS:CVE-2026-12445	Chromium: CVE-2026-12445 Use after free in Extensions_MS:CVE-2026-12445 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.3	MS:CVE-2026-12467	Chromium: CVE-2026-12467 Use after free in Extensions_MS:CVE-2026-12467 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.1	CVE-2026-9072	IBM i is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]_CVE-2026-9072 IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty - when using Intelligent Management wi...	IBM	i 7.6.0	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-9071	IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by Uncontrolled Resource Consumption_CVE-2026-9071 IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial o...	IBM	WebSphere Application Server 9.0.0	Jun 22, 2026	CVE
HIGH 7.4	CVE-2026-9006	IBM WebSphere Application Server is affected by server-side request forgery_CVE-2026-9006 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an...	IBM	WebSphere Application Server 9.0	Jun 22, 2026	CVE