HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-12043	Heap double-free in AWS Common Runtime aws-c-http_CVE-2026-12043 Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a se...	AWS	aws-c-http 0.4.22	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-50287	Missing Authentication for Critical Function in @agenticmail/mcp_CVE-2026-50287 AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport w...	agenticmail	agenticmail < 0.9.27	Jun 12, 2026	CVE
HIGH 7.7	CVE-2026-47260	Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs_CVE-2026-47260 Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolut...	koel	koel < 9.3.5	Jun 12, 2026	CVE
HIGH 7.8	58E729A1-1305-	Exploit for Use After Free in Linux Linux_Kernel_58E729A1-1305-508A-A366-27ECA7ADF232 CVE-2026-23111 Auto-Root VM Testing Local privilege escalation exploit for CVE-2026-23111 — Linux kernel nftables use-after-free via inverted ! in ...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
HIGH 8.8	428AF504-46AA-	aetherion_428AF504-46AA-5342-B996-9B28AD7932B2 /\ \| \| \| \| \| \| / \ \| \|\| \| \| \| / /\ \ \| \| \ / \ \| \\| \| / \ \| \ / \ \| \|\| \| \| \| / \| \| \| \| \|\| \|\| \| \| \| // \\ \\|\| \|\|\\| \|\| \|\|\| \/ \|\| \|\| Aetherion Android...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-7387	Mattermost group syncable endpoints allow privilege escalation via scheme_admin_CVE-2026-7387 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-6961	CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync_CVE-2026-6961 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-53982	Capgo Console < 12.28.2 Account Deletion DoS via Device Identifier Association_CVE-2026-53982 Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authenticat...	Cap-go	console.capgo.app	Jun 12, 2026	CVE
HIGH 7.2	CVE-2026-53981	Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism_CVE-2026-53981 Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authentica...	Cap-go	Cap-go	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-3840	Path Traversal in kedro-org/kedro_CVE-2026-3840 A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path...	kedro-org	kedro-org/kedro unspecified	Jun 12, 2026	CVE