Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-9639	Authenticated Denial of Service via Malicious Backup Tarball in LXD_CVE-2026-9639 Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_sto...	Canonical	LXD 5.21.0	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-47214	Docling: Unsafe URI and Path Handling in HTML Backend_CVE-2026-47214 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the...	docling-project	docling < 2.94.0	Jun 26, 2026	CVE
MEDIUM 5.5	CVE-2026-44018	Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend_CVE-2026-44018 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2....	docling-project	docling >= 2.45.0, < 2.91.0	Jun 26, 2026	CVE
HIGH 8.4	CVE-2026-12411	Broken Access Control in Canonical LXD DevLXD API_CVE-2026-12411 Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another ...	Canonical	lxd 6.6	Jun 26, 2026	CVE
HIGH 8.7	CVE-2026-57518	Pagekit CMS 1.0.18 Privilege Escalation via UserApiController_CVE-2026-57518 Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escala...	pagekit	pagekit 1.0.18	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-57231	Podman: Malformed Image can trick podman run into leaking host environment variables into the container_CVE-2026-57231 Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a k...	podman-container-tools	podman >= 1.8.1, < 5.8.4	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-56823	AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering_CVE-2026-56823 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /ap...	Significant-Gravitas	AutoGPT < 0.6.64	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-56663	AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access_CVE-2026-56663 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an auth...	Significant-Gravitas	AutoGPT < 0.6.52	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-55686	Podman: WORKDIR symlink traversal vulnerability_CVE-2026-55686 Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains ...	podman-container-tools	podman >= 3.0.0, < 5.7.1	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-55677	Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677 Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches rout...	labstack	echo < 4.15.3	Jun 26, 2026	CVE