HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-57518	Pagekit CMS 1.0.18 Privilege Escalation via UserApiController_CVE-2026-57518 Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escala...	pagekit	pagekit 1.0.18	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-57231	Podman: Malformed Image can trick podman run into leaking host environment variables into the container_CVE-2026-57231 Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a k...	podman-container-tools	podman >= 1.8.1, < 5.8.4	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-56663	AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access_CVE-2026-56663 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an auth...	Significant-Gravitas	AutoGPT < 0.6.52	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-55677	Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677 Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches rout...	labstack	echo < 4.15.3	Jun 26, 2026	CVE
HIGH 7.8	CVE-2025-60464	CVE-2025-60464_CVE-2025-60464 A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to ca...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-38640	CVE-2026-38640_CVE-2026-38640 A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 8.3	CVE-2026-13281	CVE-2026-13281_CVE-2026-13281 Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially...	Google	Chrome 149.0.7827.201	Jun 25, 2026	CVE
HIGH 8.5	THN:E8D8161AFE5...	Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs_THN:E8D8161AFE599365E1D9D2A719B2C65B ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEig3gygt20RdznayWN2yru6wSgNt8CSdr16F8I-naxtPn837cr6v0uV0bXdhz36P1XYrpnjmzDXTAtH0wa43M...	N/A	N/A	Jun 26, 2026	THN
HIGH 7.6	E61DF141-B3A8-	Exploit for CVE-2026-34207_E61DF141-B3A8-537B-8845-233051D12F82 CVE-2026-34207 The SSRF filter checked hostname text, but the actual destination was decided later by DNS. That gap let attacker-controlled Webhook...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
HIGH 8.3	22CFEBF4-738A-	Exploit for Missing Authorization in Plane_22CFEBF4-738A-52AD-B1A9-E066D3D33C80 CVE-2026-46558 Plane’s V2 asset subsystem trusted workspace slugs and asset UUIDs without enforcing the right membership checks, which let one auth...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT