HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-54341	Dragonfly: RESTORE operations may crash the server_CVE-2026-54341 Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds r...	dragonflydb	dragonfly < 1.39.0	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48743	Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length_CVE-2026-48743 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can tran...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48044	Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion_CVE-2026-48044 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vu...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48042	Envoy: Stack overflow in destructor of highly nested JSON_CVE-2026-48042 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of ...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-47220	Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format_CVE-2026-47220 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SER...	envoyproxy	envoy >= 1.38.0, < 1.38.3	Jun 26, 2026	CVE
HIGH 7.6	PACKETSTORM:224380	📄 TypeBot Server-Side Request Forgery_PACKETSTORM:224380 TypeBot versions prior to 3.16.0 suffer from a server-side request forgery vulnerability...	N/A	N/A	Jun 26, 2026	PACKETSTORM
HIGH 8.6	PACKETSTORM:224376	📄 Yeoman Environment 6.0.0 Code Execution_PACKETSTORM:224376 Yeoman Environment versions 2.9.0 through 6.0.0 have an issue where missing generators can be installed without user confirmation, turning attacker...	N/A	N/A	Jun 26, 2026	PACKETSTORM
HIGH 8.3	PACKETSTORM:224372	📄 Plane Improper Authorization_PACKETSTORM:224372 Plane's asset subsystem trusted workspace slugs and asset UUIDs without enforcing the right membership checks, which let one authenticated user rea...	N/A	N/A	Jun 26, 2026	PACKETSTORM
HIGH 7.5	CVE-2026-46602	Lack of limit on tile sizes in x/image/tiff in golang.org/x/image_CVE-2026-46602 The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to...	golang.org/x/image	golang.org/x/image/tiff	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-46601	Panic on VP8 alpha channel size mismatch in x/image/webp in golang.org/x/image_CVE-2026-46601 The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.	golang.org/x/image	golang.org/x/image/webp	Jun 25, 2026	CVE