HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-50107	NGINX Gateway Fabric vulnerability_CVE-2026-50107 When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX confi...	F5	NGINX Gateway Fabric 2.3.0	Jun 17, 2026	CVE
HIGH 8.6	CVE-2026-11407	Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed_CVE-2026-11407 Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary meth...	Pimcore GmbH	Pimcore CMS/DXP	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-49133	Typemill < 2.24.0 Path Traversal via ControllerApiImage::getPagemedia()_CVE-2026-49133 Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary f...	typemill	typemill	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-48979	PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling_CVE-2026-48979 PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 an...	php-standard-library	php-standard-library >= 6.1.0, < 6.1.2	Jun 17, 2026	CVE
HIGH 8.4	CVE-2025-26240	CVE-2025-26240_CVE-2025-26240 In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and t...	n/a	n/a n/a	Jun 17, 2026	CVE
HIGH 7.4	CVE-2026-9697	undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent_CVE-2026-9697 Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS ...	undici	undici 7.23.0	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-7300	Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow._CVE-2026-7300 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows F...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-6734	undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse_CVE-2026-6734 Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin match...	undici	undici 7.23.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-47774	Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification_CVE-2026-47774 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vul...	envoyproxy	envoy < 1.35.11	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-30803	Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers._CVE-2026-30803 Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro...	RTI	Connext Micro 4.0.0	Jun 17, 2026	CVE