HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-55677	Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files_CVE-2026-55677 Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches rout...	labstack	echo < 4.15.3	Jun 26, 2026	CVE
HIGH 7.8	CVE-2025-60464	CVE-2025-60464_CVE-2025-60464 A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to ca...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-38640	CVE-2026-38640_CVE-2026-38640 A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 8.3	CVE-2026-13281	CVE-2026-13281_CVE-2026-13281 Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially...	Google	Chrome 149.0.7827.201	Jun 25, 2026	CVE
HIGH 8.5	THN:E8D8161AFE5...	Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs_THN:E8D8161AFE599365E1D9D2A719B2C65B ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEig3gygt20RdznayWN2yru6wSgNt8CSdr16F8I-naxtPn837cr6v0uV0bXdhz36P1XYrpnjmzDXTAtH0wa43M...	N/A	N/A	Jun 26, 2026	THN
HIGH 7.6	E61DF141-B3A8-	Exploit for CVE-2026-34207_E61DF141-B3A8-537B-8845-233051D12F82 CVE-2026-34207 The SSRF filter checked hostname text, but the actual destination was decided later by DNS. That gap let attacker-controlled Webhook...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
HIGH 8.3	22CFEBF4-738A-	Exploit for Missing Authorization in Plane_22CFEBF4-738A-52AD-B1A9-E066D3D33C80 CVE-2026-46558 Plane’s V2 asset subsystem trusted workspace slugs and asset UUIDs without enforcing the right membership checks, which let one auth...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-13283	CVE-2026-13283_CVE-2026-13283 Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific...	Google	Chrome 149.0.7827.201	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-10823	YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure_CVE-2026-10823 The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supp...	Unknown	YMC Filter	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-57920	CVE-2026-57920_CVE-2026-57920 Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints.	Peplink	InControl	Jun 26, 2026	CVE