HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-52845	Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`_CVE-2026-52845 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied ident...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
HIGH 7.5	CVE-2026-52844	Caddy: Windows `file_server` path authorization bypass via encoded backslash_CVE-2026-52844 Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outs...	caddyserver	caddy < 2.11.4	Jun 23, 2026	CVE
HIGH 8.1	CVE-2026-45135	Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files_CVE-2026-45135 Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/r...	caddyserver	caddy >= 2.7.0, < 2.11.3	Jun 23, 2026	CVE
HIGH 9.3	844FC1AB-4B6F-	Exploit for OS Command Injection in Apache Tomcat_844FC1AB-4B6F-5722-BE86-44451AAF41EC CVE-2019-0232 — Apache Tomcat CGI Servlet RCE Educational PoC for authorized CTF / penetration testing only. Running this against systems you do no...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-8379	Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download_CVE-2026-8379 The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing una...	Unknown	Frontend File Manager Plugin	Jun 23, 2026	CVE
HIGH 7.4	CVE-2026-56815	CVE-2026-56815_CVE-2026-56815 pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor.	rasta-mouse	pwnlift	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-35018	NetComm NF20MESH < R6B032 Authenticated RCE via OS Command Injection_CVE-2026-35018 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated...	NetComm Wireless Pty Ltd	NF20MESH R6B031 and earlier	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56695	OpenHarness – Cross-Session Disclosure via /resume and /summary Commands_CVE-2026-56695 OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and lo...	HKUDS	OpenHarness	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56402	NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler_CVE-2026-56402 NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role au...	nanocoai	nanoclaw	Jun 23, 2026	CVE
HIGH 7.2	CVE-2026-54312	n8n: Microsoft SQL Node Prototype Pollution_CVE-2026-54312 n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achi...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE