tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.6	CVE-2026-55583	Twenty: Cross-workspace IDOR in AgentTurnResolver_CVE-2026-55583 Twenty is an open-source CRM (customer relationship management) platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direc...	twentyhq	twenty < 2.9.0	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-48028	Mastodon: Removal of integrity-protected JSON entries from signed activities_CVE-2026-48028 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incomi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
HIGH 8.6	CVE-2026-47389	Mastodon: SSRF protection bypass on older Ruby versions_CVE-2026-47389 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older tha...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-46349	Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring_CVE-2026-46349 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incomi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-46348	Mastodon: SSRF Bypass via IPv6 Unspecified Address (::)_CVE-2026-46348 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-27708	FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access_CVE-2026-27708 FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's __call method ...	FOSSBilling	FOSSBilling < 0.8.0	Jun 24, 2026	CVE
HIGH 8	CVE-2026-23879	py7zr: Arbitrary File Write Vulnerability_CVE-2026-23879 py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below...	miurahr	py7zr < 1.1.3	Jun 24, 2026	CVE
NONE	40F18FB2-8F72-	AttackGraph_40F18FB2-8F72-57E1-B69E-6FC9A3A864D9 AttackGraph AI AttackGraph AI is an AI-powered application security platform that aggregates findings from multiple security tools, correlates rela...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
NONE	FAF88B42-E4E8-	ritesh-security-check_FAF88B42-E4E8-5324-9F0C-4D51FA034454 Ritesh Security Check A portable security-audit ruleset for AI-generated / "vibe-coded" apps Next.js, React, Vite, Supabase, Firebase. It's a do/do...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-0126	CVE-2026-0126_CVE-2026-0126 In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional exe...	Google	Android Android kernel	Jun 16, 2026	CVE