HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-5757	There exists an unauthenticated remote information disclosure vulnerability in Ollama’s model quantization engine_CVE-2026-5757 Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the ser...	Ollama AI	Ollama v0.13.5	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-0828	Kernel driver vulnerability in Safetica Endpoint Client_CVE-2026-0828 Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCT...	Safetica	Endpoint Client 10.5.75.0	Jun 26, 2026	CVE
HIGH 8.1	CVE-2026-56876	extract-zip unvalidated symlink path traversal_CVE-2026-56876 extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relati...	max-mapper	extract-zip	Jun 26, 2026	CVE
HIGH 8.6	CVE-2026-55441	mise: Arbitrary command execution via task-include files in an untrusted, config-less repository_CVE-2026-55441 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versio...	jdx	mise < 2026.6.4	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-54341	Dragonfly: RESTORE operations may crash the server_CVE-2026-54341 Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds r...	dragonflydb	dragonfly < 1.39.0	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48743	Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length_CVE-2026-48743 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can tran...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48044	Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion_CVE-2026-48044 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vu...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48042	Envoy: Stack overflow in destructor of highly nested JSON_CVE-2026-48042 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of ...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-47220	Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format_CVE-2026-47220 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SER...	envoyproxy	envoy >= 1.38.0, < 1.38.3	Jun 26, 2026	CVE
HIGH 7.6	PACKETSTORM:224380	📄 TypeBot Server-Side Request Forgery_PACKETSTORM:224380 TypeBot versions prior to 3.16.0 suffer from a server-side request forgery vulnerability...	N/A	N/A	Jun 26, 2026	PACKETSTORM