tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-54300	@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config_CVE-2026-54300 @astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify conver...	withastro	astro < 7.0.13	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-54299	Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)_CVE-2026-54299 Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages (/404 or /500 using export const prerender = true) fetch thos...	withastro	astro < 6.4.6	Jun 22, 2026	CVE
MEDIUM 4.2	CVE-2026-54298	Astro: XSS via Unescaped Attribute Names in Spread Props_CVE-2026-54298 Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and pas...	withastro	astro < 6.4.6	Jun 22, 2026	CVE
HIGH 7.5	CVE-2026-54293	NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read_CVE-2026-54293 NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural L...	nltk	nltk < 3.10.0-rc1	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-54288	Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`_CVE-2026-54288 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the reques...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-53779	WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows_CVE-2026-53779 WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the co...	webp-sh	webp_server_go	Jun 22, 2026	CVE
LOW 3.1	CVE-2026-53663	React Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypass_CVE-2026-53663 React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on PO...	remix-run	react-router >= 7.12.0, < 7.15.1	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-50146	Astro: Reflected XSS via unescaped slot name_CVE-2026-50146 Astro is a web framework. Prior to 6.3.3, when a component uses a client:* directive, Astro inserts named slot content into a data-astro-template a...	withastro	astro < 6.3.3	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-11834	Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers_CVE-2026-11834 A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient va...	TP-Link Systems Inc.	Archer MR200 v07	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-48931	CVE-2026-48931_CVE-2026-48931 A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerab...	nodejs	node 22.22.3	Jun 22, 2026	CVE