CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-49269	CVE-2026-49269_CVE-2026-49269 Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU re...	Apple	Apple M1 GPU Legacy	Jun 24, 2026	CVE
LOW 2.1	CVE-2026-54906	concurrent-ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption_CVE-2026-54906 concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calli...	ruby-concurrency	concurrent-ruby < 1.3.7	Jun 24, 2026	CVE
LOW 2	CVE-2026-54905	concurrent-ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity_CVE-2026-54905 concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after...	ruby-concurrency	concurrent-ruby < 1.3.7	Jun 24, 2026	CVE
HIGH 8.2	CVE-2026-54904	concurrent-ruby: `AtomicReference#update` livelocks when the stored value is `Float::NAN`_CVE-2026-54904 concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop wh...	ruby-concurrency	concurrent-ruby < 1.3.7	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-54297	Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters_CVE-2026-54297 Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Farada...	lostisland	faraday >= 1.0.0, < 1.10.6	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-13164	Unauthenticated self-registration in MailerUp allows access to stored email data_CVE-2026-13164 Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp	Mailerup	Mailerup	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-54699	Warp: OS command injection when opening terminal links from WSL_CVE-2026-54699 Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injec...	warpdotdev	warp >= 0.2024.03.12.08.02.stable_01, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-54686	Warp: DCS lifecycle hook spoofing can alter terminal session metadata_CVE-2026-54686 Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutat...	warpdotdev	warp >= 0.2021.04.25.23.05.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-49851	Mistune: Potential DoS via quadratic-time parsing in parse_link_text_CVE-2026-49851 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (a...	lepture	mistune < 3.3.0	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-48789	AnythingLLM: Windows path containment bypass in document folder route_CVE-2026-48789 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Win...	Mintplex-Labs	anything-llm < 1.13.0	Jun 24, 2026	CVE