HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-49291	mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call_CVE-2026-49291 mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only...	doobidoo	mcp-memory-service < 10.65.3	Jun 19, 2026	CVE
HIGH 7.5	CVE-2026-9375	Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3_CVE-2026-9375 urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when using Brotli support. The is...	urllib3	urllib3/urllib3 unspecified	Jun 19, 2026	CVE
HIGH 8.1	CVE-2026-49340	gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host_CVE-2026-49340 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in `ServeCreateOrUpdat...	sentriz	gonic < 0.21.0	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49338	Subsonic API: any authenticated user can delete or read any other user’s playlist (IDOR)_CVE-2026-49338 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints `/rest/de...	sentriz	gonic < 0.21.0	Jun 19, 2026	CVE
HIGH 8.1	CVE-2026-56211	Libaom: libaom: remote code execution via svc layer context handling with attacker-controlled frames_CVE-2026-56211 A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encode...	Red Hat	Red Hat Enterprise Linux 10	Jun 19, 2026	CVE
HIGH 8.2	CVE-2026-56210	Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id_CVE-2026-56210 A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable ...	Red Hat	Red Hat Enterprise Linux 10	Jun 19, 2026	CVE
HIGH 8.6	CVE-2026-56208	Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode_CVE-2026-56208 A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing...	Red Hat	Red Hat Enterprise Linux 10	Jun 19, 2026	CVE
HIGH 8.2	CVE-2026-49260	PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)_CVE-2026-49260 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, `pontedilana/php-weasyprint` builds the ...	pontedilana	php-weasyprint < 2.5.1	Jun 19, 2026	CVE
HIGH 7.4	CVE-2026-3195	Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)_CVE-2026-3195 A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check wheth...	N/A	N/A 8.2.0	Jun 19, 2026	CVE
HIGH 8.7	CVE-2026-55204	HAProxy – NULL Pointer Dereference in hpack_dht_insert Function_CVE-2026-55204 HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c tha...	haproxy	haproxy	Jun 18, 2026	CVE