HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	CVE-2026-50194	Steeltoe vulnerable to management-port isolation bypass via spoofed Host header_CVE-2026-50194 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe manageme...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-48997	e107: Command Injection via shell expansion in ImageMagick resize destination path_CVE-2026-48997 e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destinat...	e107inc	e107 < 2.3.6	Jun 17, 2026	CVE
HIGH 8.9	CVE-2026-48989	Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS_CVE-2026-48989 Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP contro...	CursorTouch	Windows-MCP < 0.7.5	Jun 17, 2026	CVE
HIGH 8.4	CVE-2026-12530	Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()_CVE-2026-12530 Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 m...	AWS	bedrock-agentcore 1.1.3	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-48759	TypeBot: Cross-Workspace Theme Template IDOR (Modification and Deletion)_CVE-2026-48759 TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme T...	baptisteArno	typebot.io < 3.16.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-45617	LiquidJS: ReDoS via Quadratic Backtracking in `strip_html` Filter Regex_CVE-2026-45617 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in strip_html fi...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
HIGH 7.2	CVE-2026-53676	CVE-2026-53676_CVE-2026-53676 ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can lo...	ThingsBoard	ThingsBoard prior to v4.3.1.2	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-45357	LiquidJS: Memory and render limit bypass via unbounded width padding in `date` filter (strftime)_CVE-2026-45357 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-55202	Tinyproxy – Stathost Detection Bypass via Host Header Manipulation_CVE-2026-55202 Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated a...	tinyproxy	tinyproxy	Jun 17, 2026	CVE
HIGH 7.4	CVE-2026-55201	Evil-WinRM – Path Traversal in download_dir() Function_CVE-2026-55201 Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or comp...	Hackplayers	evil-winrm	Jun 17, 2026	CVE