HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-44271	CVE-2026-44271_CVE-2026-44271 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL I...	Dell	Wyse Management Suite (WMS)	Jun 22, 2026	CVE
HIGH 7.5	MS:CVE-2026-12462	Chromium: CVE-2026-12462 Use after free in Media_MS:CVE-2026-12462 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.3	MS:CVE-2026-12454	Chromium: CVE-2026-12454 Race in Safe Browsing_MS:CVE-2026-12454 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.1	CVE-2025-66336	Apache Doris MCP Server: SQL injection leading the authentication bypass_CVE-2025-66336 Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated i...	Apache Software Foundation	Apache Doris MCP Server 0.1.0	Jun 22, 2026	CVE
HIGH 7.5	CVE-2025-66389	CVE-2025-66389_CVE-2025-66389 GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_web...	n/a	n/a n/a	Jun 22, 2026	CVE
HIGH 7.3	CVE-2026-10845	IBM WebSphere Application Server is affected by an authentication bypass vulnerability_CVE-2026-10845 IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applicat...	IBM	WebSphere Application Server 8.5.0	Jun 22, 2026	CVE
HIGH 7	CVE-2026-56109	ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c_CVE-2026-56109 The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows ...	alsa-project	alsa-lib	Jun 22, 2026	CVE
HIGH 8.1	CVE-2026-55388	piscina: Prototype Pollution Gadget → RCE via inherited options.filename_CVE-2026-55388 piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename opt...	piscinajs	piscina < 4.9.3	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-54290	Hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard_CVE-2026-54290 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, with credentials: true and no explicit orig...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-54283	Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS_CVE-2026-54283 Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts max_fields and max_part_size to bound resource co...	Kludex	starlette >= 0.4.1, < 1.3.1	Jun 22, 2026	CVE