Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-6091	Partial-chain verification accepts untrusted intermediate as trust anchor_CVE-2026-6091 Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a truste...	wolfSSL	wolfSSL 5.7.4	Jun 25, 2026	CVE
LOW 2	CVE-2026-55967	AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuse_CVE-2026-55967 AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allo...	wolfSSL	wolfSSL 4.8.0	Jun 25, 2026	CVE
HIGH 8.2	CVE-2026-55961	wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer_CVE-2026-55961 wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos,...	wolfSSL	wolfSSL 3.15.7	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-55700	pnpm: stage download writes outside destination via manifest version traversal_CVE-2026-55700 pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled package name and versi...	pnpm	pnpm >= 11.3.0, < 11.5.3	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-55699	pnpm: reserved bin name deletes PNPM_HOME during global remove_CVE-2026-55699 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a mal...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
HIGH 8.8	CVE-2026-55698	pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes_CVE-2026-55698 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-55697	pnpm: Repository-controlled configDependencies can select a pacquet native install engine_CVE-2026-55697 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-55487	pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle_CVE-2026-55487 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball,...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-55180	pnpm: Repository config can expand victim environment secrets into registry requests before scripts run_CVE-2026-55180 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnp...	pnpm	pnpm < 10.34.2	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-54679	jq: potential integer overflow in jvp_string_append_CVE-2026-54679 jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causi...	jqlang	jq < 1.8.2	Jun 25, 2026	CVE