MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.2	CVE-2026-49859	Deno: `fetch()` API sandbox bypass via missing DNS resolution check_CVE-2026-49859 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch() was called, Deno checked the destination hostname against -...	denoland	deno < 2.8.1	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-49411	Deno Node TCPWrap numeric hostname aliases bypass –deny-net resolved-IP deny checks_CVE-2026-49411 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the or...	denoland	deno < 2.8.0	Jun 23, 2026	CVE
MEDIUM 5.5	CVE-2026-49406	Deno: BYONM module resolution allows `package.json` main path traversal to bypass `–allow-read` restrictions_CVE-2026-49406 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode (nodeModulesDir: "manual"), the module ...	denoland	deno < 2.7.12	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54324	Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join_CVE-2026-54324 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant author...	daytonaio	daytona < 0.185.0	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-54323	Daytona: Git credential leak via git clone with TLS verification disabled_CVE-2026-54323 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clon...	daytonaio	daytona < 0.185.0	Jun 23, 2026	CVE
MEDIUM 4.2	CVE-2026-52846	Caddy: stripHTML template function bypass_CVE-2026-52846 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HT...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
MEDIUM 5.4	CVE-2026-45692	Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization_CVE-2026-45692 Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer d...	caddyserver	caddy >= 2.4.0, < 2.11.3	Jun 23, 2026	CVE
MEDIUM 4.1	CVE-2026-0864	Configuration Injection via Carriage Return (\r) in write() method_CVE-2026-0864 When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the result...	Python Software Foundation	CPython	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-12969	Dnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validation_CVE-2026-12969 An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is ca...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2026-11772	Reflected XSS in DRIMO CMS_CVE-2026-11772 DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in a...	DRIMO	DRIMO CMS	Jun 23, 2026	CVE