Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-56402	NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler_CVE-2026-56402 NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role au...	nanocoai	nanoclaw	Jun 23, 2026	CVE
MEDIUM 5.8	CVE-2026-55767	Guzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzle_CVE-2026-55767 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-pad...	guzzle	guzzle < 7.12.1	Jun 23, 2026	CVE
MEDIUM 4.8	CVE-2026-55766	guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization_CVE-2026-55766 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain ...	guzzle	psr7 < 2.12.1	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-55568	Guzzle: Silent HTTPS-Proxy Downgrade to Cleartext_CVE-2026-55568 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the prox...	guzzle	guzzle < 7.12.1	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54314	n8n: Denial of Service via ZIP decompression in webhook workflow_CVE-2026-54314 n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archi...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54313	n8n: NoSQL Injection in MongoDB Node Find And Replace Operation_CVE-2026-54313 n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filte...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
HIGH 7.2	CVE-2026-54312	n8n: Microsoft SQL Node Prototype Pollution_CVE-2026-54312 n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achi...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-54311	n8n: Merge Node SQL Mode Prototype Pollution_CVE-2026-54311 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54310	n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes_CVE-2026-54310 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
HIGH 8.8	CVE-2026-54309	n8n: n8n MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions_CVE-2026-54309 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoi...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE