Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2026-54557	mise HTTP backend uses raw version path for install symlink destination_CVE-2026-54557 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination fro...	jdx	mise < 2026.6.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-54341	Dragonfly: RESTORE operations may crash the server_CVE-2026-54341 Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds r...	dragonflydb	dragonfly < 1.39.0	Jun 26, 2026	CVE
LOW 2.3	CVE-2026-47206	Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer_CVE-2026-47206 Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis...	dragonflydb	dragonfly < 1.38.9	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2026-33646	mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)_CVE-2026-33646 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template e...	jdx	mise < 2026.3.10	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48743	Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length_CVE-2026-48743 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can tran...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
MEDIUM 5.9	CVE-2026-48706	Envoy Heap Buffer Overflow in TcpStatsdSink_CVE-2026-48706 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vul...	envoyproxy	envoy >= 1.38.0, < 1.38.3	Jun 26, 2026	CVE
MEDIUM 5.9	CVE-2026-48497	Envoy: Abnormal process termination in DNS UDP filter_CVE-2026-48497 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48044	Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion_CVE-2026-48044 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vu...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48042	Envoy: Stack overflow in destructor of highly nested JSON_CVE-2026-48042 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of ...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE
MEDIUM 4.4	CVE-2026-47778	Envoy: Embedded NUL in TLS DNS SAN Truncation in the Default TLS Certificate Validator. (Auth Bypass)_CVE-2026-47778 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural f...	envoyproxy	envoy >= 1.38.0, < 1.38.1	Jun 26, 2026	CVE