HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-54266	Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning_CVE-2026-54266 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-54264	Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker_CVE-2026-54264 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-50178	Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension_CVE-2026-50178 The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service V...	angular	angular < 21.2.4	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-49241	Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Code Extension_CVE-2026-49241 The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular L...	angular	angular < 21.2.4	Jun 22, 2026	CVE
HIGH 8.4	CVE-2026-41049	Caching of Authentication allows Authentication Bypass between users in qSnapper_CVE-2026-41049 Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use db...	presire	qSnapper 1.2.1	Jun 22, 2026	CVE
HIGH 8.4	CVE-2026-41048	Caching of Authentication allows Authentication Bypass in qSnapper_CVE-2026-41048 Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions lik...	presire	qSnapper 1.2.1	Jun 22, 2026	CVE
HIGH 7.3	CVE-2026-41046	path traversal via `config` parameter in qSnapper_CVE-2026-41046 A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files...	presire	qSnapper	Jun 22, 2026	CVE
HIGH 8.1	CVE-2026-41045	Weak polkit authentication check in qSnapper_CVE-2026-41045 A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication m...	presire	qSnapper	Jun 22, 2026	CVE
HIGH 8.1	CVE-2026-12628	Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system_CVE-2026-12628 IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attack...	IBM	Storage Protect Client 8.1.0.0	Jun 22, 2026	CVE
HIGH 8.3	MS:CVE-2026-12468	Chromium: CVE-2026-12468 Inappropriate implementation in Updater_MS:CVE-2026-12468 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE