HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-54293	NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read_CVE-2026-54293 NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural L...	nltk	nltk < 3.10.0-rc1	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-53779	WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows_CVE-2026-53779 WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the co...	webp-sh	webp_server_go	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-50146	Astro: Reflected XSS via unescaped slot name_CVE-2026-50146 Astro is a web framework. Prior to 6.3.3, when a component uses a client:* directive, Astro inserts named slot content into a data-astro-template a...	withastro	astro < 6.3.3	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-11834	Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers_CVE-2026-11834 A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient va...	TP-Link Systems Inc.	Archer MR200 v07	Jun 22, 2026	CVE
HIGH 7.8	CVE-2026-44274	CVE-2026-44274_CVE-2026-44274 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privilege...	Dell	Wyse Management Suite (WMS)	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-44272	CVE-2026-44272_CVE-2026-44272 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL I...	Dell	Wyse Management Suite (WMS)	Jun 22, 2026	CVE
HIGH 8.1	CVE-2026-44271	CVE-2026-44271_CVE-2026-44271 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL I...	Dell	Wyse Management Suite (WMS)	Jun 22, 2026	CVE
HIGH 7.5	MS:CVE-2026-12462	Chromium: CVE-2026-12462 Use after free in Media_MS:CVE-2026-12462 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.3	MS:CVE-2026-12454	Chromium: CVE-2026-12454 Race in Safe Browsing_MS:CVE-2026-12454 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.1	CVE-2025-66336	Apache Doris MCP Server: SQL injection leading the authentication bypass_CVE-2025-66336 Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated i...	Apache Software Foundation	Apache Doris MCP Server 0.1.0	Jun 22, 2026	CVE