Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-54130	M365 Copilot Information Disclosure Vulnerability_CVE-2026-54130 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:39.358Z”,&#82...	Microsoft	Microsoft 365 Copilot -	Jun 18, 2026	CVE
HIGH 7.7	CVE-2026-54017	Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal_CVE-2026-54017 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse prox...	open-webui	open-webui < 0.9.6	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-49205	phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)_CVE-2026-49205 phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 a...	thorsten	phpMyFAQ < 4.1.4	Jun 18, 2026	CVE
CRITICAL 9.9	CVE-2026-47647	Dynamics 365 Elevation of Privilege Vulnerability_CVE-2026-47647 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:40.084Z”,&#82...	Microsoft	Microsoft Dynamics 365 -	Jun 18, 2026	CVE
HIGH 7.5	CVE-2026-47633	Microsoft Cost Management Information Disclosure Vulnerability_CVE-2026-47633 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:37:36.850Z”,&#82...	Microsoft	Microsoft Cost Management -	Jun 18, 2026	CVE
HIGH 7.7	CVE-2026-32174	Azure Bot Service Elevation of Privilege Vulnerability_CVE-2026-32174 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:39:17.817Z”,&#82...	Microsoft	Azure AI Bot Service -	Jun 18, 2026	CVE
MEDIUM 4.8	CVE-2026-22674	Hashgraph Guardian Stored XSS via branding companyName field_CVE-2026-22674 Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users wit...	hashgraph	guardian	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-56078	PraisonAI – Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor_CVE-2026-56078 PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. At...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
HIGH 7.1	CVE-2026-56077	PraisonAI – Information Disclosure via Shared MultiAgentLedger State_CVE-2026-56077 PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensiti...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-56076	PraisonAI – Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint_CVE-2026-56076 PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitra...	PraisonAI	PraisonAI	Jun 18, 2026	CVE