CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-5064	HP One Agent Software – Security Update_CVE-2026-5064 Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escal...	HP Inc.	HP One Agent Software	Jun 15, 2026	CVE
CRITICAL 9.1	CVE-2026-48714	i18next-http-middleware missingKeyHandler does not reject keys whose segments contain prototype-polluting names_CVE-2026-48714 i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9....	i18next	i18next-http-middleware < 3.9.7	Jun 15, 2026	CVE
CRITICAL 9.1	CVE-2026-48713	i18next-fs-backend: Prototype pollution via crafted missing-key string_CVE-2026-48713 Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. v...	i18next	i18next-fs-backend < 2.6.6	Jun 15, 2026	CVE
MEDIUM 6.1	CVE-2026-48157	Slim has Reflected XSS in the HtmlErrorRenderer_CVE-2026-48157 Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses ...	slimphp	Slim >= 4.4.0, < 4.15.2	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-48017	DbGate: Remote Code Execution via functionName injection in loadReader endpoint_CVE-2026-48017 DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName par...	dbgate	dbgate < 7.1.9	Jun 15, 2026	CVE
HIGH 8.7	CVE-2026-53430	grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1_CVE-2026-53430 Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) all...	elixir-grpc	grpc 0.4.0	Jun 15, 2026	CVE
HIGH 8.7	CVE-2026-48854	Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc_CVE-2026-48854 Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memor...	elixir-grpc	grpc 0.3.1	Jun 15, 2026	CVE
CRITICAL 9.2	CVE-2026-48853	Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc_CVE-2026-48853 Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticate...	elixir-grpc	grpc 0.4.0	Jun 15, 2026	CVE
HIGH 7.6	CVE-2026-48599	Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding_CVE-2026-48599 Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources bel...	elixir-grpc	grpc 0.8.0	Jun 15, 2026	CVE
HIGH 7.8	CVE-2026-48723	BrowserStack Cypress CL: Command Injection via cypress_config_file leads to arbitrary code execution through malicious browserstack.json_CVE-2026-48723 The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable...	browserstack	browserstack-cypress-cli < 1.36.6	Jun 15, 2026	CVE