CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.2	CVE-2026-12567	Symlink-following arbitrary write via github_workflows module_CVE-2026-12567 The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacke...	Black Lantern Security	BBOT 2.0.0	Jun 17, 2026	CVE
LOW 3.1	CVE-2026-12566	SSRF via unvalidated WWW-Authenticate realm in docker_pull module_CVE-2026-12566 The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without va...	Black Lantern Security	BBOT 2.0.0	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-12565	Path Traversal (Zip-Slip) in unarchive module_CVE-2026-12565 The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behav...	Black Lantern Security	BBOT 2.3.1	Jun 17, 2026	CVE
HIGH 7.2	CVE-2026-53676	CVE-2026-53676_CVE-2026-53676 ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can lo...	ThingsBoard	ThingsBoard prior to v4.3.1.2	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-45357	LiquidJS: Memory and render limit bypass via unbounded width padding in `date` filter (strftime)_CVE-2026-45357 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
CRITICAL 9.8	AVLEONOV:CC3D65...	June “In the Trend of VM” (#28): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities_AVLEONOV:CC3D65635446B497749DDD41CFC7A7F3 ![June In the Trend of VM \(#28\): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities](https://avleonov.com/wp-content...	N/A	N/A	Jun 17, 2026	AVLEONOV
NONE	AKAMAIBLOG:E8DA...	How Akamai Defended an Indian Bank Against Record-Breaking DDoS Attacks_AKAMAIBLOG:E8DAACEDC9DD18E841381BE36778451B Learn how Akamai successfully neutralized one of the largest DDoS attacks ever recorded in the Indian banking sector before a single customer was i...	N/A	N/A	Jun 17, 2026	AKAMAIBLOG
CRITICAL 9.3	38CC0676-948A-	Exploit for Cross-site Scripting in Roundcube Webmail_38CC0676-948A-5269-9162-8B92F853D747 CVE-2024-42009 — Roundcube Webmail 1.6.6 Stored XSS PoC For authorised security testing, CTF environments, and educational research only. Using thi...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
CRITICAL 9.3	C5EFE23A-E7AE-	Exploit for CVE-2015-10141_C5EFE23A-E7AE-5AC1-BCD5-1817788E4C5B CVE-2015-10141...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-55202	Tinyproxy – Stathost Detection Bypass via Host Header Manipulation_CVE-2026-55202 Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated a...	tinyproxy	tinyproxy	Jun 17, 2026	CVE