news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-56221	Cap-go – SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts_CVE-2026-56221 Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are in...	Cap-go	capgo	Jun 22, 2026	CVE
HIGH 7.6	CVE-2026-55409	Filament: Disabled RichEditor field state can be used for XSS_CVE-2026-55409 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendere...	filamentphp	filament >= 3.0.0, < 3.3.53	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-54911	UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()_CVE-2026-54911 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or uj...	ultrajson	ultrajson < 5.13.0	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-54281	Nest: Middleware Bypass on Fastify via Trailing Slash_CVE-2026-54281 Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nes...	nestjs	nest < 11.1.24	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48517	MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments_CVE-2026-48517 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePa...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48516	MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings_CVE-2026-48516 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with ...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48515	MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions_CVE-2026-48515 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dim...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48514	MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length_CVE-2026-48514 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48513	MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement_CVE-2026-48513 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionRes...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48512	MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement_CVE-2026-48512 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple re...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE