CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-48713	i18next-fs-backend: Prototype pollution via crafted missing-key string_CVE-2026-48713 Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. v...	i18next	i18next-fs-backend < 2.6.6	Jun 15, 2026	CVE
MEDIUM 6.1	CVE-2026-48157	Slim has Reflected XSS in the HtmlErrorRenderer_CVE-2026-48157 Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses ...	slimphp	Slim >= 4.4.0, < 4.15.2	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-48017	DbGate: Remote Code Execution via functionName injection in loadReader endpoint_CVE-2026-48017 DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName par...	dbgate	dbgate < 7.1.9	Jun 15, 2026	CVE
HIGH 8.7	CVE-2026-53430	grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1_CVE-2026-53430 Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) all...	elixir-grpc	grpc 0.4.0	Jun 15, 2026	CVE
HIGH 8.7	CVE-2026-48854	Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc_CVE-2026-48854 Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memor...	elixir-grpc	grpc 0.3.1	Jun 15, 2026	CVE
CRITICAL 9.2	CVE-2026-48853	Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc_CVE-2026-48853 Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticate...	elixir-grpc	grpc 0.4.0	Jun 15, 2026	CVE
HIGH 7.6	CVE-2026-48599	Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding_CVE-2026-48599 Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources bel...	elixir-grpc	grpc 0.8.0	Jun 15, 2026	CVE
HIGH 7.8	CVE-2026-48723	BrowserStack Cypress CL: Command Injection via cypress_config_file leads to arbitrary code execution through malicious browserstack.json_CVE-2026-48723 The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable...	browserstack	browserstack-cypress-cli < 1.36.6	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-9262	CVE-2026-9262_CVE-2026-9262 Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier	Canon Inc.	EOS Network Setting Tool for Windows 1.5.0 or earlier	Jun 15, 2026	CVE
HIGH 7.6	CVE-2026-9261	CVE-2026-9261_CVE-2026-9261 Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier	Canon Inc.	EOS Network Setting Tool for Windows 1.5.0 or earlier	Jun 15, 2026	CVE