HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	CVE-2026-44692	Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint_CVE-2026-44692 Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that aut...	code16	sharp < 9.22.0	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-42542	TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)_CVE-2026-42542 TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated ...	taosdata	TDengine >= 3.4.0.0, < 3.4.1.6	Jun 10, 2026	CVE
HIGH 7	CVE-2026-42462	Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring_CVE-2026-42462 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2....	fedify-dev	fedify >= 2.2.0, < 2.2.3	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-10143	kafka-python prior to 2.3.2 DoS via SCRAM Iteration Count in scram.py_CVE-2026-10143 kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-m...	Dana Powers	kafka-python	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-10142	kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length_CVE-2026-10142 kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-midd...	Dana Powers	kafka-python	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46679	libp2p: Memory DoS via subscription flood of unique topics_CVE-2026-46679 libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow ...	libp2p	js-libp2p < 15.0.23	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46625	JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection_CVE-2026-46625 JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies proper...	js-cookie	js-cookie < 3.0.7	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46522	ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion_CVE-2026-46522 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a m...	ImageMagick	ImageMagick < 7.1.2-23	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-46520	ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions_CVE-2026-46520 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when readi...	ImageMagick	ImageMagick < 6.9.13-48	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-45783	libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes_CVE-2026-45783 libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk stor...	libp2p	js-libp2p < 16.2.6	Jun 10, 2026	CVE