news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	MSSECURE:0DBD52...	Guarding AI memory_MSSECURE:0DBD52AB333FB0A3426DEB860EAE6B80 In this article 1. What AI memory is (and why it matters) 2. What is an agent memory attack? 3. How Microsoft approaches memory security in ...	N/A	N/A	Jun 22, 2026	MSSECURE
HIGH 7.7	CVE-2026-41156	GPU DDK – kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference_CVE-2026-41156 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use ...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 19, 2026	CVE
HIGH 7.7	CVE-2026-34192	GPU DDK – _MMU_AllocLevel error recovery paths leave dangling page table entries_CVE-2026-34192 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables....	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 19, 2026	CVE
MEDIUM 5.1	CVE-2026-55443	LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders_CVE-2026-55443 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem pat...	langchain-ai	langchain < 1.3.9	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54300	@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config_CVE-2026-54300 @astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify conver...	withastro	astro < 7.0.13	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-54299	Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)_CVE-2026-54299 Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages (/404 or /500 using export const prerender = true) fetch thos...	withastro	astro < 6.4.6	Jun 22, 2026	CVE
MEDIUM 4.2	CVE-2026-54298	Astro: XSS via Unescaped Attribute Names in Spread Props_CVE-2026-54298 Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and pas...	withastro	astro < 6.4.6	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-54293	NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read_CVE-2026-54293 NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural L...	nltk	nltk < 3.10.0-rc1	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-54288	Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`_CVE-2026-54288 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the reques...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-53779	WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows_CVE-2026-53779 WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the co...	webp-sh	webp_server_go	Jun 22, 2026	CVE