HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	CVE-2026-9099	Keycloak: group-admin escalation to realm-admin_CVE-2026-9099 A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authentica...	Red Hat	Red Hat Build of Keycloak	Jun 25, 2026	CVE
HIGH 7.3	CVE-2026-9086	Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass_CVE-2026-9086 A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to cli...	Red Hat	Red Hat Build of Keycloak	Jun 25, 2026	CVE
HIGH 8.3	CVE-2026-55412	ToolJet Cloud – SSRF to Azure Cloud Infrastructure Compromise_CVE-2026-55412 ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-l...	ToolJet	ToolJet < 3.20.178-lts	Jun 25, 2026	CVE
HIGH 7	CVE-2026-55092	Trivy: Path traversal via a crafted vulnerability database or other downloaded artifacts_CVE-2026-55092 Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the ...	aquasecurity	trivy < 0.71.1	Jun 25, 2026	CVE
HIGH 7.7	CVE-2026-54033	LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs_CVE-2026-54033 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-c...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
HIGH 8	CVE-2026-54030	LibreChat: Missing Resource Parameter Validation in MCP OAuth Flow_CVE-2026-54030 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate ...	danny-avila	LibreChat < 0.8.5	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-45233	HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave_CVE-2026-45233 HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by s...	danpros	htmly	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-13351	net: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packets_CVE-2026-13351 Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragment...	zephyrproject-rtos	Zephyr *	Jun 25, 2026	CVE
HIGH 8.2	CVE-2026-55961	wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer_CVE-2026-55961 wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos,...	wolfSSL	wolfSSL 3.15.7	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-55700	pnpm: stage download writes outside destination via manifest version traversal_CVE-2026-55700 pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled package name and versi...	pnpm	pnpm >= 11.3.0, < 11.5.3	Jun 25, 2026	CVE