CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.9	CVE-2026-48989	Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS_CVE-2026-48989 Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP contro...	CursorTouch	Windows-MCP < 0.7.5	Jun 17, 2026	CVE
MEDIUM 6.3	CVE-2026-48820	CakePHP: View::element() is missing a path containment check_CVE-2026-48820 CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, a...	cakephp	cakephp >= 5.3.0, < 5.3.6	Jun 17, 2026	CVE
HIGH 8.4	CVE-2026-12530	Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()_CVE-2026-12530 Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 m...	AWS	bedrock-agentcore 1.1.3	Jun 17, 2026	CVE
MEDIUM 6.9	CVE-2026-54533	vantage6 node has an Improper Access Control issue_CVE-2026-54533 vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access othe...	vantage6	vantage6 < 5.0.0	Jun 17, 2026	CVE
MEDIUM 6.9	CVE-2026-54445	Vantage6: Set admin user and password from environment or configuration_CVE-2026-54445 vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username `root` and...	vantage6	vantage6 < 5.0.0	Jun 17, 2026	CVE
LOW 1.9	CVE-2026-50268	Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding_CVE-2026-50268 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configurat...	SteeltoeOSS	Steeltoe.Configuration.Encryption >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE
MEDIUM 4.7	CVE-2026-50267	Steeltoe: TLS private keys written to /tmp with default permissions, never deleted_CVE-2026-50267 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configurat...	SteeltoeOSS	Steeltoe.Configuration.Abstractions >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-50202	Steeltoe’s static JWKS cache shared across schemes and never invalidated_CVE-2026-50202 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.A...	SteeltoeOSS	Steeltoe.Security.Authentication.CloudFoundryBase < 3.4.0	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-50201	Steeltoe’s sensitive actuators (heapdump/env) only require Restricted permission_CVE-2026-50201 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-48759	TypeBot: Cross-Workspace Theme Template IDOR (Modification and Deletion)_CVE-2026-48759 TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme T...	baptisteArno	typebot.io < 3.16.0	Jun 17, 2026	CVE