tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-48721	Warp: Env-var prefixes can lead to denylisted command autoexecution_CVE-2026-48721 Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution...	warpdotdev	warp >= 0.2025.10.08.08.12.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-48720	Warp: SSH remote output can lead to local file overwrite and persistence_CVE-2026-48720 Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337...	warpdotdev	warp >= 0.2025.03.05.08.02.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 8	CVE-2026-48719	Warp branch selector command injection via Git branch names_CVE-2026-48719 Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection...	warpdotdev	warp >= 0.2025.08.06.08.12.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-48704	Warp Markdown notebook links may open executable local files_CVE-2026-48704 Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local fi...	warpdotdev	warp >= 0.2023.10.24.08.03.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 7.8	CVE-2026-48703	Warp: Command Injection via Warp code search tool arguments_CVE-2026-48703 Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution...	warpdotdev	warp >= 0.2025.04.09.08.11.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-44022	Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands_CVE-2026-44022 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2....	docling-project	docling >= 2.73.0, < 2.91.0	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-44020	Docling: Unsafe XML Entity Expansion in USPTO Patent Backend_CVE-2026-44020 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2....	docling-project	docling >= 2.13.0, < 2.74.0	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-44017	Docling: Unsafe Zip Extraction in EasyOCR Model Download_CVE-2026-44017 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the...	docling-project	docling < 2.91.0	Jun 24, 2026	CVE
HIGH 8.2	CVE-2026-44016	Docling: Unsafe Playwright-based HTML Rendering_CVE-2026-44016 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82...	docling-project	docling >= 2.82.0, < 2.91.0	Jun 24, 2026	CVE
HIGH 7.5	PACKETSTORM:224227	📄 HTTP.sys HTTP/2 Denial of Service_PACKETSTORM:224227 This advisory provides simple proof of concept details to trigger the HTTP/2 denial of service condition related to malformed Accept-Encoding heade...	N/A	N/A	Jun 24, 2026	PACKETSTORM