Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.4	CVE-2025-13162	Advant Master Online Builder DLL vulnerability_CVE-2025-13162 Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: throug...	ABB	Control Builder A	Jun 23, 2026	CVE
LOW 2.9	CVE-2026-57062	CVE-2026-57062_CVE-2026-57062 CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to...	GnuPG	GnuPG	Jun 23, 2026	CVE
MEDIUM 4	CVE-2026-57053	CVE-2026-57053_CVE-2026-57053 GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_inte...	GNU	libidn	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-55517	Deno: Denial of service via non-ASCII bytes in WebSocket response headers_CVE-2026-55517 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed...	denoland	deno < 2.7.5	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-54316	Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch_CVE-2026-54316 Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the ...	anthropics	claude-code >= 0.2.54, < 2.1.163	Jun 23, 2026	CVE
CRITICAL 9.3	CVE-2026-54257	Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow_CVE-2026-54257 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs i...	electron	electron >= 42.3.1, < 42.3.3	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54022	Open WebUI: Any authenticated user can read other users’ private notes via Socket.IO_CVE-2026-54022 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.I...	open-webui	open-webui < 0.8.11	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54021	Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter_CVE-2026-54021 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed ...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54019	Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode_CVE-2026-54019 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-leve...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE
HIGH 7.7	CVE-2026-54018	Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects_CVE-2026-54018 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader impl...	open-webui	open-webui < 0.9.6	Jun 23, 2026	CVE