Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.6	CVE-2026-54277	AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines_CVE-2026-54277 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check i...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-54276	AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges_CVE-2026-54276 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication re...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 2.7	CVE-2026-54275	AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed ...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54274	AIOHTTP: Incomplete websocket frame payloads bypass memory limits_CVE-2026-54274 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket fr...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54273	AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit_CVE-2026-54273 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined re...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
HIGH 8.2	CVE-2026-54271	protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names_CVE-2026-54271 protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / stati...	protobufjs	protobufjs-cli < 1.3.2	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54270	protobufjs: Memory amplification from preserved unknown fields in binary decode_CVE-2026-54270 protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message...	protobufjs	protobuf.js >=8.2.0, < 8.5.0	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54269	protobufjs: Schema-derived names can shadow runtime-significant properties_CVE-2026-54269 protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names...	protobufjs	protobuf.js < 7.6.3	Jun 22, 2026	CVE
MEDIUM 5.5	CVE-2026-53632	NTLMv2 hash disclosure via UNC path handling on Windows_CVE-2026-53632 launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrar...	vitejs	launch-editor < 2.14.1	Jun 22, 2026	CVE
HIGH 8.2	CVE-2026-53571	Vite: `server.fs.deny` bypass on Windows alternate paths_CVE-2026-53571 Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny ...	vitejs	vite >= 8.0.0, < 8.0.16	Jun 22, 2026	CVE