Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-13593	CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away_CVE-2026-13593 CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory lea...	GTERMARS	CSS::Minifier::XS	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-41896	Coolify: Unauthenticated Deployment Trigger via Webhook HMAC Bypass with Null Secret_CVE-2026-41896 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the ap...	coollabsio	coolify < 4.0.0-beta.474	Jun 29, 2026	CVE
HIGH 8.8	CVE-2026-34597	Coolify: Authenticated Host RCE_CVE-2026-34597 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticat...	coollabsio	coolify < 4.0.0-beta.470	Jun 29, 2026	CVE
HIGH 8.8	CVE-2026-34594	Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management_CVE-2026-34594 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated comma...	coollabsio	coolify < 4.0.0-beta.471	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57997	Strapi users-permissions – JWT Algorithm Confusion via Missing Algorithm Configuration_CVE-2026-57997 Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowin...	strapi	strapi	Jun 29, 2026	CVE
HIGH 7.7	CVE-2026-34592	Coolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and Infrastructure_CVE-2026-34592 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and pro...	coollabsio	coolify < 4.0.0-beta.471	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-10647	Deadlock denial of service in USB CDC-NCM device class on TX enqueue failure_CVE-2026-10647 The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in its ethernet transmit c...	zephyrproject	zephyr 4.1.0	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-8023	Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read_CVE-2026-8023 Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYS...	zephyrproject	zephyr 4.0.0	Jun 29, 2026	CVE
HIGH 8.1	CVE-2026-7656	Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zephyr net stack_CVE-2026-7656 The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expr...	zephyrproject	zephyr 1.14.0	Jun 29, 2026	CVE
CRITICAL 10	745E87EB-2F7B-	Exploit for Improper Control of Dynamically-Managed Code Resources in Kidocode Crawl4Ai_745E87EB-2F7B-5DE3-8689-0B856028F54D CVE-2026-53753 — Crawl4AI Unauthenticated Remote Code Execution AST Sandbox Escape Pre-authentication RCE in Crawl4AI expression evaluator safeeval...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT