Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-44645	LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body_CVE-2026-44645 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the renderLimit option can...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
MEDIUM 6.1	CVE-2026-44644	LiquidJS’s strip_html filter bypass via newline characters in HTML tags enables XSS_CVE-2026-44644 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through ...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-12568	Arbitrary File Write in postman_download module_CVE-2026-12568 The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a mal...	Black Lantern Security	BBOT 2.1.0	Jun 17, 2026	CVE
LOW 2.2	CVE-2026-12567	Symlink-following arbitrary write via github_workflows module_CVE-2026-12567 The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacke...	Black Lantern Security	BBOT 2.0.0	Jun 17, 2026	CVE
LOW 3.1	CVE-2026-12566	SSRF via unvalidated WWW-Authenticate realm in docker_pull module_CVE-2026-12566 The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without va...	Black Lantern Security	BBOT 2.0.0	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-12565	Path Traversal (Zip-Slip) in unarchive module_CVE-2026-12565 The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behav...	Black Lantern Security	BBOT 2.3.1	Jun 17, 2026	CVE
HIGH 7.2	CVE-2026-53676	CVE-2026-53676_CVE-2026-53676 ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can lo...	ThingsBoard	ThingsBoard prior to v4.3.1.2	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-45357	LiquidJS: Memory and render limit bypass via unbounded width padding in `date` filter (strftime)_CVE-2026-45357 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
CRITICAL 9.8	AVLEONOV:CC3D65...	June “In the Trend of VM” (#28): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities_AVLEONOV:CC3D65635446B497749DDD41CFC7A7F3 ![June In the Trend of VM \(#28\): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities](https://avleonov.com/wp-content...	N/A	N/A	Jun 17, 2026	AVLEONOV
NONE	AKAMAIBLOG:E8DA...	How Akamai Defended an Indian Bank Against Record-Breaking DDoS Attacks_AKAMAIBLOG:E8DAACEDC9DD18E841381BE36778451B Learn how Akamai successfully neutralized one of the largest DDoS attacks ever recorded in the Indian banking sector before a single customer was i...	N/A	N/A	Jun 17, 2026	AKAMAIBLOG