HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.4	CVE-2025-26240	CVE-2025-26240_CVE-2025-26240 In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and t...	n/a	n/a n/a	Jun 17, 2026	CVE
HIGH 7.4	CVE-2026-9697	undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent_CVE-2026-9697 Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS ...	undici	undici 7.23.0	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-7300	Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow._CVE-2026-7300 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows F...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-6734	undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse_CVE-2026-6734 Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin match...	undici	undici 7.23.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-47774	Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification_CVE-2026-47774 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vul...	envoyproxy	envoy < 1.35.11	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-30803	Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers._CVE-2026-30803 Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro...	RTI	Connext Micro 4.0.0	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-30802	Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers._CVE-2026-30802 Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before ...	RTI	Connext Micro 4.0.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-55198	Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint_CVE-2026-55198 Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to acces...	nesquena	hermes-webui	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-55197	Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint_CVE-2026-55197 Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclos...	nesquena	hermes-webui	Jun 17, 2026	CVE
HIGH 8.6	CVE-2026-53871	Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie_CVE-2026-53871 Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profi...	nesquena	hermes-webui	Jun 17, 2026	CVE