Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-48774	ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract_CVE-2026-48774 ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `run_sql_readonly` tool v...	sysown	proxysql >= 3.0.6, < 3.0.9	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-48773	ProxySQL pre-auth heap overflow in MySQL and PostgreSQL first-packet handling_CVE-2026-48773 ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption ...	sysown	proxysql >= 2.0.18, < 3.0.9	Jun 19, 2026	CVE
CRITICAL 10	CVE-2026-48772	ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL_CVE-2026-48772 ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the `PROXY...	sysown	proxysql >= 2.0.0, < 3.0.9	Jun 19, 2026	CVE
HIGH 7.7	CVE-2026-48715	radvdump’s Route Information Option Parser has a Stack Buffer Overflow_CVE-2026-48715 radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow ...	radvd-project	radvdump < 2.21	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-48089	DevGuard has improper authorization on public assets_CVE-2026-48089 DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public a...	l3montree-dev	devguard < 1.4.2	Jun 19, 2026	CVE
HIGH 7.5	CVE-2026-50559	Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities_CVE-2026-50559 Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20....	quarkusio	quarkus >= 3.36.0, < 3.36.3	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49346	libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow_CVE-2026-49346 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and...	strukturag	libde265 < 1.1.0	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-49337	libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`_CVE-2026-49337 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_...	strukturag	libde265 < 1.0.20	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49295	libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS_CVE-2026-49295 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds a...	strukturag	libde265 < 1.0.20	Jun 19, 2026	CVE
LOW 1.3	CVE-2026-48794	Authelia has an Edge Case Access Control Rule Mismatch_CVE-2026-48794 Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications vi...	authelia	authelia >= 4.36.0, < 4.39.20	Jun 19, 2026	CVE