CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9	CVE-2026-54157	LobeHub: Unauthenticated SSRF in `/webapi/proxy`_CVE-2026-54157 LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy e...	lobehub	lobehub < 2.1.57	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-53662	immich: One-click account takeover via XSS in login page continue redirect_CVE-2026-53662 immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting ...	immich-app	immich >= main@4ffa26c9, < main@4eb1003	Jun 23, 2026	CVE
MEDIUM 4.2	CVE-2026-52846	Caddy: stripHTML template function bypass_CVE-2026-52846 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HT...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-52845	Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`_CVE-2026-52845 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied ident...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
HIGH 7.5	CVE-2026-52844	Caddy: Windows `file_server` path authorization bypass via encoded backslash_CVE-2026-52844 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outs...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
MEDIUM 5.4	CVE-2026-45692	Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization_CVE-2026-45692 Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer d...	caddyserver	caddy >= 2.4.0, < 2.11.3	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-45135	Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files_CVE-2026-45135 Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/r...	caddyserver	caddy >= 2.7.0, < 2.11.3	Jun 23, 2026	CVE
MEDIUM 4.1	CVE-2026-0864	Configuration Injection via Carriage Return (\r) in write() method_CVE-2026-0864 When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the result...	Python Software Foundation	CPython	Jun 23, 2026	CVE
HIGH 9.3	844FC1AB-4B6F-	Exploit for OS Command Injection in Apache Tomcat_844FC1AB-4B6F-5722-BE86-44451AAF41EC CVE-2019-0232 — Apache Tomcat CGI Servlet RCE Educational PoC for authorized CTF / penetration testing only. Running this against systems you do no...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
NONE	FILIPPOIO:7E5AA...	Vulnerability Reports Are Not Special Anymore_FILIPPOIO:7E5AA1729D42CFF70B3B99F0B9C1A508 A requirement for staying sane while working in public as an open source maintainer is realizing that every issue, PR, and piece of feedback is a p...	N/A	N/A	Jun 23, 2026	FILIPPOIO