Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-57585	MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error_CVE-2026-57585 MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a...	msgpack	msgpack-python < 1.2.1	Jun 30, 2026	CVE
MEDIUM 6.9	CVE-2026-57204	pypdf: Missing stream length values ignore defined limits_CVE-2026-57204 pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulner...	py-pdf	pypdf < 6.13.3	Jun 30, 2026	CVE
MEDIUM 6.3	CVE-2026-10585	Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category_CVE-2026-10585 A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary ...	GitHub	Enterprise Server 3.17.0	Jun 30, 2026	CVE
HIGH 8.7	CVE-2026-57995	phpMyFAQ – Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions_CVE-2026-57995 phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to ...	phpMyFAQ	phpMyFAQ	Jun 30, 2026	CVE
MEDIUM 5.3	CVE-2026-56777	n8n – AST Validator Bypass in Python Code Node_CVE-2026-56777 n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticat...	n8n	n8n	Jun 30, 2026	CVE
CRITICAL 9.3	CVE-2026-56700	Grav – Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection_CVE-2026-56700 Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\...	Grav	Grav	Jun 30, 2026	CVE
MEDIUM 5.3	CVE-2026-56399	Open WebUI – Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web_CVE-2026-56399 Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticat...	open-webui	open-webui	Jun 30, 2026	CVE
MEDIUM 4.8	CVE-2026-56377	ImageMagick – Policy Bypass via Incorrect Path Validation_CVE-2026-56377 ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. R...	ImageMagick	ImageMagick	Jun 30, 2026	CVE
MEDIUM 6.3	CVE-2026-56369	ImageMagick – Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage_CVE-2026-56369 ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attacke...	ImageMagick	ImageMagick	Jun 30, 2026	CVE
MEDIUM 6.3	CVE-2026-56365	ImageMagick – Memory Leak in PNG Encoder via MNG Image Writing_CVE-2026-56365 ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder fail...	ImageMagick	ImageMagick	Jun 30, 2026	CVE