HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-49402	Deno: Command Injection via spawnSync & spawn on Windows_CVE-2026-49402 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:child_process implementation provided an escapeShellArg() h...	denoland	deno < 2.7.10	Jun 23, 2026	CVE
HIGH 7.3	CVE-2026-49401	Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)_CVE-2026-49401 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions...	denoland	deno < 2.7.14	Jun 23, 2026	CVE
HIGH 7.4	CVE-2026-44726	Deno: TLS retry copies stale upgrade hook, risking plaintext traffic_CVE-2026-44726 Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a T...	denoland	deno >= 2.0.0, < 2.7.8	Jun 23, 2026	CVE
HIGH 7.1	CVE-2025-71382	MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering_CVE-2025-71382 MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a d...	ArtifexSoftware	mupdf	Jun 23, 2026	CVE
HIGH 7.5	CVE-2025-61029	CVE-2025-61029_CVE-2025-61029 An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL st...	n/a	n/a n/a	Jun 23, 2026	CVE
HIGH 7.5	CVE-2025-61024	CVE-2025-61024_CVE-2025-61024 An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted ...	n/a	n/a n/a	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-54318	Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location_CVE-2026-54318 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager Broa...	home-assistant	core < 2026.5.3	Jun 23, 2026	CVE
HIGH 7.6	CVE-2026-54317	Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN_CVE-2026-54317 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration regi...	home-assistant	core < 2026.6.0	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-52845	Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`_CVE-2026-52845 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied ident...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
HIGH 7.5	CVE-2026-52844	Caddy: Windows `file_server` path authorization bypass via encoded backslash_CVE-2026-52844 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outs...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE