HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	CVE-2026-54017	Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal_CVE-2026-54017 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse prox...	open-webui	open-webui < 0.9.6	Jun 18, 2026	CVE
HIGH 7.5	CVE-2026-47633	Microsoft Cost Management Information Disclosure Vulnerability_CVE-2026-47633 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:37:36.850Z”,&#82...	Microsoft	Microsoft Cost Management -	Jun 18, 2026	CVE
HIGH 7.7	CVE-2026-32174	Azure Bot Service Elevation of Privilege Vulnerability_CVE-2026-32174 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:39:17.817Z”,&#82...	Microsoft	Azure AI Bot Service -	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-56078	PraisonAI – Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor_CVE-2026-56078 PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. At...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
HIGH 7.1	CVE-2026-56077	PraisonAI – Information Disclosure via Shared MultiAgentLedger State_CVE-2026-56077 PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensiti...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-56076	PraisonAI – Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint_CVE-2026-56076 PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitra...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-56075	PraisonAI – Arbitrary Shell Command Execution via Hardcoded Approval Mode Override_CVE-2026-56075 PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overridin...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-12044	pgAdmin 4: SQL injection in COMMENT ON … IS ‘‘ rendering across dialog templates_CVE-2026-12044 SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT ON ... IS ''`` for a user-supplied description field. The Jinja temp...	pgadmin.org	pgAdmin 4 1.0	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-8806	Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module_CVE-2026-8806 Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a r...	Mitsubishi Electric Corporation	Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP All versions	Jun 19, 2026	CVE
HIGH 8.7	CVE-2026-8805	Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module_CVE-2026-8805 Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-E...	Mitsubishi Electric Corporation	Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior	Jun 19, 2026	CVE