CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-10696	CVE-2026-10696_CVE-2026-10696 Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community cat...	Devolutions	UniGetUI	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54388	Tinyproxy – HTTP Request Smuggling via Duplicate Content-Length Headers_CVE-2026-54388 Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwa...	tinyproxy	tinyproxy	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54387	Tinyproxy – HTTP Request Smuggling via CL/TE Desynchronization_CVE-2026-54387 Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding...	tinyproxy	tinyproxy	Jun 17, 2026	CVE
HIGH 8.1	CVE-2026-50107	NGINX Gateway Fabric vulnerability_CVE-2026-50107 When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX confi...	F5	NGINX Gateway Fabric 2.3.0	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-48823	Shaarli has Stored Cross-Site Scripting (XSS) via Tags Search_CVE-2026-48823 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the tag filtering...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-48822	Shaarli has Stored Cross-Site Scripting (XSS) via Markdown Reference Links_CVE-2026-48822 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the Markdown-to-H...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48817	Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`_CVE-2026-48817 Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by low...	Kludex	starlette < 1.1.0	Jun 17, 2026	CVE
CRITICAL 9.1	CVE-2026-48814	Network-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)_CVE-2026-48814 Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin ...	Jovancoding	Network-AI < 5.7.2	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-32682	NGINX Gateway Fabric vulnerability_CVE-2026-32682 When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources...	F5	NGINX Gateway Fabric 1.3.0	Jun 17, 2026	CVE
HIGH 8.6	CVE-2026-11407	Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed_CVE-2026-11407 Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary meth...	Pimcore GmbH	Pimcore CMS/DXP	Jun 17, 2026	CVE