Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-7664	Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS_CVE-2026-7664 IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due...	IBM	Langflow OSS 1.0.0	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-7253	IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway_CVE-2026-7253 IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an...	IBM	IBM Watson Speech Services Cartridge 4.0.0	Jun 22, 2026	CVE
CRITICAL 9.1	CVE-2026-56104	Chainlit < 2.10.1 Session Hijacking via WebSocket Session Restoration_CVE-2026-56104 Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user s...	Chainlit	chainlit	Jun 22, 2026	CVE
HIGH 8.2	CVE-2026-54268	Angular: Denial of Service (DoS) via OOM in Date Formatting (formatDate)_CVE-2026-54268 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
HIGH 8.6	CVE-2026-54267	Angular Client Hydration DOM Clobbering & Response-Cache Poisoning_CVE-2026-54267 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-54266	Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning_CVE-2026-54266 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54265	Angular: Two-Way Property Binding Sanitization Bypass (XSS)_CVE-2026-54265 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-54264	Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker_CVE-2026-54264 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1...	angular	angular >= 22.0.0-next.0 < 22.0.1	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-53655	node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)_CVE-2026-53655 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides)...	isaacs	node-tar < 7.5.16	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-53550	js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases_CVE-2026-53550 js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key...	nodeca	js-yaml < 4.2.0	Jun 22, 2026	CVE