CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-27604	FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions_CVE-2026-27604 FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization byp...	FOSSBilling	FOSSBilling >= 0.5.4, < 0.8.0	Jun 23, 2026	CVE
NONE	THN:70DA639E50D...	Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents_THN:70DA639E50D29B870448D12D6323F7DF ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb14v3ddlfpybc15jRbk-cwHI-0S8BAzdp8Ix83L5ZCZ4AB8gCySG7J4tZr4od9q3Jbuic1a4J29VAvRcdSQ...	N/A	N/A	Jun 23, 2026	THN
NONE	THN:5382CB6B456...	Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration_THN:5382CB6B456E3DF10A48275317E6FC76 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoC7KFWoDGkSi-UzAyKNUkw-Ogs4oy2tCOAYXiYAAkqEUC1WMotLAE1GUwoWApfXK3prWVctTP05aLGjru0h...	N/A	N/A	Jun 23, 2026	THN
MEDIUM 5.3	CVE-2026-56696	OpenHarness – Prompt Injection via /issue and /pr_comments Slash Commands_CVE-2026-56696 OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-contro...	HKUDS	OpenHarness	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56695	OpenHarness – Cross-Session Disclosure via /resume and /summary Commands_CVE-2026-56695 OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and lo...	HKUDS	OpenHarness	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-56694	NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback_CVE-2026-56694 NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse f...	nanocoai	nanoclaw	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-56693	NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action_CVE-2026-56693 NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-d...	nanocoai	nanoclaw	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-56692	NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles_CVE-2026-56692 NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate hos...	nanocoai	nanoclaw	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56402	NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler_CVE-2026-56402 NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role au...	nanocoai	nanoclaw	Jun 23, 2026	CVE
MEDIUM 5.8	CVE-2026-55767	Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle_CVE-2026-55767 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-pad...	guzzle	guzzle < 7.12.1	Jun 23, 2026	CVE