CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-7253	IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway_CVE-2026-7253 IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an...	IBM	IBM Watson Speech Services Cartridge 4.0.0	Jun 22, 2026	CVE
CRITICAL 9.1	CVE-2026-56104	Chainlit < 2.10.1 Session Hijacking via WebSocket Session Restoration_CVE-2026-56104 Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user s...	Chainlit	chainlit	Jun 22, 2026	CVE
HIGH 8.2	CVE-2026-54268	Angular: Denial of Service (DoS) via OOM in Date Formatting (formatDate)_CVE-2026-54268 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
HIGH 8.6	CVE-2026-54267	Angular Client Hydration DOM Clobbering & Response-Cache Poisoning_CVE-2026-54267 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-54266	Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning_CVE-2026-54266 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54265	Angular: Two-Way Property Binding Sanitization Bypass (XSS)_CVE-2026-54265 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-54264	Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker_CVE-2026-54264 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-53655	node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)_CVE-2026-53655 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides)...	isaacs	node-tar < 7.5.16	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-53550	js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases_CVE-2026-53550 js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key...	nodeca	js-yaml < 4.2.0	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-52725	Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)_CVE-2026-52725 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...	angular	angular >= 22.0.0-next.0 < 22.0.0-rc.2	Jun 22, 2026	CVE