MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-48509	MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies_CVE-2026-48509 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter() constructor uses d...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-48500	Filament: Unauthenticated temporary file upload on auth pages_CVE-2026-48500 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can c...	filamentphp	filament >= 3.0.0, < 3.3.52	Jun 22, 2026	CVE
MEDIUM 6.4	CVE-2026-48167	Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS_CVE-2026-48167 Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and Image...	filamentphp	filament >= 4.0.0, < 4.11.5	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-48166	Filament: Timing-based user enumeration on login page_CVE-2026-48166 Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an obs...	filamentphp	filament >= 4.0.0, < 4.11.5	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-48067	Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields_CVE-2026-48067 Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from ...	filamentphp	filament >= 4.0.0, < 4.11.4	Jun 22, 2026	CVE
MEDIUM 6.1	CVE-2026-44889	WebOb: Location header normalization during redirect leads to open redirect_CVE-2026-44889 WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnera...	Pylons	webob < 1.8.10	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-44311	Fabric.js: Improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization_CVE-2026-44311 Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting (XSS) vulnerability exists in Fabric.js due to imp...	fabricjs	fabric.js < 7.4.0	Jun 22, 2026	CVE
MEDIUM 6.1	MS:CVE-2026-12459	Chromium: CVE-2026-12459 Inappropriate implementation in Serial_MS:CVE-2026-12459 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 5.1	CVE-2026-55443	LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders_CVE-2026-55443 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem pat...	langchain-ai	langchain < 1.3.9	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-54300	@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config_CVE-2026-54300 @astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify conver...	withastro	astro < 7.0.13	Jun 22, 2026	CVE