Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-47135	vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks_CVE-2026-47135 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Nod...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
CRITICAL 10	CVE-2026-47131	vm2: Sandbox Escape_CVE-2026-47131 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buf...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-46340	Netty: SCTP reassembly nests buffers without bound_CVE-2026-46340 Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Fina...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-45674	Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records_CVE-2026-45674 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 6.8	CVE-2026-45673	Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port_CVE-2026-45673 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 4	CVE-2026-45536	Netty: Unix-socket fd receive leaks descriptors when peer sends two at once_CVE-2026-45536 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_u...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-45416	Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes_CVE-2026-45416 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClie...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-44894	Netty’s Default QUIC token handler accepts any client-supplied token_CVE-2026-44894 Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the appl...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-44893	Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length_CVE-2026-44893 Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final an...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-44205	Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload_CVE-2026-44205 Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an...	frappe	frappe < 15.106.0	Jun 12, 2026	CVE