category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-11967	Arbitrary code execution in MobaXterm Personal Edition (Portable)_CVE-2026-11967 MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the ...	Mobatek	MobaXterm Personal Edition (Portable) 26.3	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-8694	Improper access control on the API documentation endpoint in PowerShell Universal_CVE-2026-8694 Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI sp...	Devolutions	PowerShell Universal	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-7368	Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization_CVE-2026-7368 The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded crede...	Yarbo	Yarbo Android/IOS mobile application	Jun 12, 2026	CVE
CRITICAL 9.8	CVE-2026-6853	OTP Bypass in Başbelen Group’s Pause+ Mobile App_CVE-2026-6853 Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ M...	Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co.	Pause+ Mobile App v1.0.6	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-6211	Arbitrary File Upload in Global IT’s WEOLL_CVE-2026-6211 Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Prope...	Global IT Informatics Services Inc.	WEOLL 2.0.9	Jun 12, 2026	CVE
CRITICAL 9.8	CVE-2026-54133	jmespath.php has CompilerRuntime code injection via unescaped function names_CVE-2026-54133 jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications ...	jmespath	jmespath.php < 2.9.1	Jun 12, 2026	CVE
CRITICAL 9.3	CVE-2026-53787	Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload_CVE-2026-53787 Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthentica...	Amasty	Order Attributes for Magento 2	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-53722	Nuxt: Reflected XSS in `` via unsanitised `javascript:` or `data:` URL_CVE-2026-53722 Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound t...	nuxt	nuxt < 3.21.7	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-53721	Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher_CVE-2026-53721 Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule...	nuxt	nuxt >= 3.11.0, < 3.21.7	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-47739	Frappe: Stored XSS in Note_CVE-2026-47739 Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitizati...	frappe	frappe < 15.106.0	Jun 12, 2026	CVE