CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-53753	Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain – Pre-Auth RCE in Docker API_CVE-2026-53753 Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature ...	unclecode	crawl4ai < 0.8.7	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-11807	Eda-server: websocket missing authorization allows credential theft via activation_id spoofing_CVE-2026-11807 A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not...	Red Hat	Red Hat Ansible Automation Platform 2.5 2.5	Jun 23, 2026	CVE
CRITICAL 9.3	CVE-2026-55450	Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak_CVE-2026-55450 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data ...	langflow-ai	langflow < 1.9.1	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-55447	Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit_CVE-2026-55447 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RA...	langflow-ai	langflow < 1.9.2	Jun 23, 2026	CVE
CRITICAL 9.9	CVE-2026-55255	Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User’s Flow_CVE-2026-55255 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerabi...	langflow-ai	langflow < 1.9.2	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-48519	Langflow: Unauthenticated RCE in Shareable Playgrounds_CVE-2026-48519 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in cod...	langflow-ai	langflow < 1.9.2	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-44791	n8n: XML Node Prototype Pollution Patch Bypass_CVE-2026-44791 n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modif...	n8n-io	n8n < 1.123.43	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-44790	n8n: Arbitrary File Read via Git Node_CVE-2026-44790 n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modif...	n8n-io	n8n < 1.123.43	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-44789	n8n: HTTP Request Node Pagination Prototype Pollution to RCE_CVE-2026-44789 n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modif...	n8n-io	n8n < 1.123.43	Jun 23, 2026	CVE
CRITICAL 9.3	CVE-2026-54257	Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow_CVE-2026-54257 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs i...	electron	electron >= 42.3.1, < 42.3.3	Jun 23, 2026	CVE