CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.4	CVE-2026-44791	n8n: XML Node Prototype Pollution Patch Bypass_CVE-2026-44791 n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modif...	n8n-io	n8n < 1.123.43	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-44790	n8n: Arbitrary File Read via Git Node_CVE-2026-44790 n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modif...	n8n-io	n8n < 1.123.43	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-44789	n8n: HTTP Request Node Pagination Prototype Pollution to RCE_CVE-2026-44789 n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modif...	n8n-io	n8n < 1.123.43	Jun 23, 2026	CVE
CRITICAL 9.3	CVE-2026-54257	Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow_CVE-2026-54257 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs i...	electron	electron >= 42.3.1, < 42.3.3	Jun 23, 2026	CVE
CRITICAL 9	CVE-2026-54157	LobeHub: Unauthenticated SSRF in `/webapi/proxy`_CVE-2026-54157 LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy e...	lobehub	lobehub < 2.1.57	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-53662	immich: One-click account takeover via XSS in login page continue redirect_CVE-2026-53662 immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting ...	immich-app	immich >= main@4ffa26c9, < main@4eb1003	Jun 23, 2026	CVE
CRITICAL 9.1	CVE-2026-9733	Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter_CVE-2026-9733 Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specifi...	HAYAJO	Mojolicious::Plugin::Web::Auth::OAuth2 0.17	Jun 23, 2026	CVE
CRITICAL 9.2	CVE-2026-35019	NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass_CVE-2026-35019 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers t...	NetComm Wireless Pty Ltd	NF20MESH	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-28496	FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE_CVE-2026-28496 FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulne...	FOSSBilling	FOSSBilling < 0.8.0	Jun 23, 2026	CVE
CRITICAL 10	CVE-2026-27604	FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions_CVE-2026-27604 FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization byp...	FOSSBilling	FOSSBilling >= 0.5.4, < 0.8.0	Jun 23, 2026	CVE