Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-56280	Cap-go – Privilege Inversion in Build Log Stream via SSE Disconnect_CVE-2026-56280 Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel runni...	Cap-go	capgo	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56268	Flowise – Cross-Workspace Information Disclosure via chatflows/apikey Endpoint_CVE-2026-56268 Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query para...	Flowise	Flowise	Jun 22, 2026	CVE
CRITICAL 9.2	CVE-2026-56266	Crawl4AI – Server-Side Request Forgery via Direct Crawl Endpoints_CVE-2026-56266 Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitra...	unclecode	Crawl4AI 0.8.7	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56255	Capgo – Denial of Service via Unlimited Demo App Creation_CVE-2026-56255 Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write perm...	Capgo	Capgo	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-56221	Cap-go – SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts_CVE-2026-56221 Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are in...	Cap-go	capgo	Jun 22, 2026	CVE
HIGH 7.6	CVE-2026-55409	Filament: Disabled RichEditor field state can be used for XSS_CVE-2026-55409 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendere...	filamentphp	filament >= 3.0.0, < 3.3.53	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-54911	UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()_CVE-2026-54911 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or uj...	ultrajson	ultrajson < 5.13.0	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-54281	Nest: Middleware Bypass on Fastify via Trailing Slash_CVE-2026-54281 Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nes...	nestjs	nest < 11.1.24	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48517	MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments_CVE-2026-48517 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePa...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48516	MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings_CVE-2026-48516 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with ...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE