HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2025-61023	CVE-2025-61023_CVE-2025-61023 An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL st...	n/a	n/a n/a	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-9800	Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison_CVE-2026-9800 A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role...	Red Hat	Red Hat Build of Keycloak	Jun 25, 2026	CVE
HIGH 7.7	CVE-2026-9099	Keycloak: group-admin escalation to realm-admin_CVE-2026-9099 A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authentica...	Red Hat	Red Hat Build of Keycloak	Jun 25, 2026	CVE
HIGH 7.3	CVE-2026-9086	Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass_CVE-2026-9086 A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to cli...	Red Hat	Red Hat Build of Keycloak	Jun 25, 2026	CVE
HIGH 8.3	CVE-2026-55412	ToolJet Cloud – SSRF to Azure Cloud Infrastructure Compromise_CVE-2026-55412 ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-l...	ToolJet	ToolJet < 3.20.178-lts	Jun 25, 2026	CVE
HIGH 7	CVE-2026-55092	Trivy: Path traversal via a crafted vulnerability database or other downloaded artifacts_CVE-2026-55092 Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the ...	aquasecurity	trivy < 0.71.1	Jun 25, 2026	CVE
HIGH 7.7	CVE-2026-54033	LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs_CVE-2026-54033 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-c...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
HIGH 8	CVE-2026-54030	LibreChat: Missing Resource Parameter Validation in MCP OAuth Flow_CVE-2026-54030 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate ...	danny-avila	LibreChat < 0.8.5	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-45233	HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave_CVE-2026-45233 HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by s...	danpros	htmly	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-13351	net: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packets_CVE-2026-13351 Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragment...	zephyrproject-rtos	Zephyr *	Jun 25, 2026	CVE