HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-48089	DevGuard has improper authorization on public assets_CVE-2026-48089 DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public a...	l3montree-dev	devguard < 1.4.2	Jun 19, 2026	CVE
HIGH 7.5	CVE-2026-50559	Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities_CVE-2026-50559 Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20....	quarkusio	quarkus >= 3.36.0, < 3.36.3	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49346	libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow_CVE-2026-49346 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and...	strukturag	libde265 < 1.1.0	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49295	libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS_CVE-2026-49295 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds a...	strukturag	libde265 < 1.0.20	Jun 19, 2026	CVE
HIGH 8.8	CVE-2026-47645	Microsoft 365 Copilot’s Business Chat Elevation of Privilege Vulnerability_CVE-2026-47645 {“lastseen”:””,”description”:””,”published”:”2026-06-19T20:29:42.232Z”,&#82...	Microsoft	Microsoft 365 Copilot -	Jun 19, 2026	CVE
HIGH 8.8	CVE-2026-32208	Microsoft Edge (Chromium-based) Spoofing Vulnerability_CVE-2026-32208 {“lastseen”:””,”description”:””,”published”:”2026-06-19T20:27:45.083Z”,&#82...	Microsoft	Microsoft Edge (Chromium-based) -	Jun 19, 2026	CVE
HIGH 7.6	CVE-2026-49290	Slopsmith has path traversal in archive extractors that allows arbitrary file write → potential RCE_CVE-2026-49290 Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a pat...	byrongamatos	slopsmith < 0.2.9-alpha.5	Jun 19, 2026	CVE
HIGH 7.4	CVE-2026-49287	Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction_CVE-2026-49287 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It a...	statamic	cms < 5.73.23	Jun 19, 2026	CVE
HIGH 8.1	CVE-2026-49286	PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)_CVE-2026-49286 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49339	Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user’s playlist_CVE-2026-49339 gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit `6dd71e6a3c966867ef8c900d359a...	sentriz	gonic < 0.21.0	Jun 19, 2026	CVE