MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-54285	opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation_CVE-2026-54285 opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract() in @opentelemetry/core does not enforce siz...	open-telemetry	opentelemetry-js < 2.8.0	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54278	AIOHTTP: Unread Compressed Request Bodies Bypass client_max_size During Cleanup_CVE-2026-54278 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed req...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54277	AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines_CVE-2026-54277 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check i...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-54276	AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges_CVE-2026-54276 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication re...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54274	AIOHTTP: Incomplete websocket frame payloads bypass memory limits_CVE-2026-54274 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket fr...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54273	AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit_CVE-2026-54273 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined re...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54270	protobufjs: Memory amplification from preserved unknown fields in binary decode_CVE-2026-54270 protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message...	protobufjs	protobuf.js >=8.2.0, < 8.5.0	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54269	protobufjs: Schema-derived names can shadow runtime-significant properties_CVE-2026-54269 protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names...	protobufjs	protobuf.js < 7.6.3	Jun 22, 2026	CVE
MEDIUM 5.5	CVE-2026-53632	NTLMv2 hash disclosure via UNC path handling on Windows_CVE-2026-53632 launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrar...	vitejs	launch-editor < 2.14.1	Jun 22, 2026	CVE
MEDIUM 5.7	CVE-2026-50184	Angular: Request Credential & Cache Policy Stripping in Angular Service Worker_CVE-2026-50184 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...	angular	angular >= 22.0.0-next.0, < 22.0.0-rc.2	Jun 22, 2026	CVE