tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-54066	SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read)_CVE-2026-54066 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Traversal via Double URL Encodin...	siyuan-note	siyuan < 3.7.0	Jun 24, 2026	CVE
MEDIUM 6.1	CVE-2026-53766	chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots_CVE-2026-53766 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpCont...	ChromeDevTools	chrome-devtools-mcp >= 0.24.0, < 1.1.0	Jun 24, 2026	CVE
MEDIUM 6.1	CVE-2026-53765	chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory_CVE-2026-53765 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chr...	ChromeDevTools	chrome-devtools-mcp >= 0.20.0, < 1.1.0	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-52794	Sentry: Inefficient Regular Expression Complexity in sentry_CVE-2026-52794 Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability...	getsentry	sentry >= 24.4.0, < 26.5.2	Jun 24, 2026	CVE
CRITICAL 9.9	CVE-2026-50551	SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content_CVE-2026-50551 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in...	siyuan-note	siyuan < 3.7.0	Jun 24, 2026	CVE
HIGH 8.9	CVE-2026-50189	Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route_CVE-2026-50189 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC inter...	appsmithorg	appsmith < 2.1	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-47110	Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute_CVE-2026-47110 Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by ...	ueberdosis	tiptap-php	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-10642	Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control_CVE-2026-10642 The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) contains an unbounded software loop in pl011_irq_tx_enable() that repeatedly invokes the...	zephyrproject	zephyr 4.1.0	Jun 24, 2026	CVE
HIGH 7.8	CVE-2026-10043	MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability_CVE-2026-10043 MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbi...	MosaicML	Composer 0.32.1	Jun 24, 2026	CVE
CRITICAL 9.1	75711BFE-8B18-	Exploit for CVE-2026-56111_75711BFE-8B18-55AC-A70F-7ACF021EFAE2 CVE-2026-56111 - Marlin M421 Out-of-bounds Write Proof of concept for CVE-2026-56111, an out-of-bounds write in the M421 G-code handler of Marlin F...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT