HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-13164	Unauthenticated self-registration in MailerUp allows access to stored email data_CVE-2026-13164 Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp	Mailerup	Mailerup	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-54699	Warp: OS command injection when opening terminal links from WSL_CVE-2026-54699 Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injec...	warpdotdev	warp >= 0.2024.03.12.08.02.stable_01, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-49851	Mistune: Potential DoS via quadratic-time parsing in parse_link_text_CVE-2026-49851 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (a...	lepture	mistune < 3.3.0	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-48732	Warp: Remote SSH cwd can lead to unauthorized remote command execution_CVE-2026-48732 Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection...	warpdotdev	warp >= 0.2023.03.21.08.02.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 7.8	CVE-2026-48731	Warp: Linux external editor command injection_CVE-2026-48731 Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection...	warpdotdev	warp >= 0.2024.02.20.08.01.stable_01, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 8.1	CVE-2026-48725	Warp may allow terminal output to access the local clipboard through OSC 52_CVE-2026-48725 Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to re...	warpdotdev	warp >= 0.2021.04.25.23.05.stable_00, < v0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 8.6	CVE-2026-48721	Warp: Env-var prefixes can lead to denylisted command autoexecution_CVE-2026-48721 Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution...	warpdotdev	warp >= 0.2025.10.08.08.12.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-48720	Warp: SSH remote output can lead to local file overwrite and persistence_CVE-2026-48720 Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337...	warpdotdev	warp >= 0.2025.03.05.08.02.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 8	CVE-2026-48719	Warp branch selector command injection via Git branch names_CVE-2026-48719 Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection...	warpdotdev	warp >= 0.2025.08.06.08.12.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-48704	Warp Markdown notebook links may open executable local files_CVE-2026-48704 Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local fi...	warpdotdev	warp >= 0.2023.10.24.08.03.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE