category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-48137	Untrusted pointer dereference in NI grpc-device sideband streaming API_CVE-2026-48137 There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitra...	NI	grpc-device	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-47341	Apache APISIX: Session replay issue in hmac-auth_CVE-2026-47341 Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a ...	Apache Software Foundation	Apache APISIX 3.11.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-47339	Apache APISIX: authz-casdoor incorrect session sharing_CVE-2026-47339 Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenti...	Apache Software Foundation	Apache APISIX 2.14.1	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-44915	Apache APISIX: Cas-auth plugin open redirect via unsanitized cookie value_CVE-2026-44915 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vuln...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-44087	Apache APISIX: Openid-connect plugin Identity Header Spoofing_CVE-2026-44087 Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack...	Apache Software Foundation	Apache APISIX 2.3	Jun 19, 2026	CVE
LOW 2.3	CVE-2026-44046	Apache APISIX: wolf-rbac plugin Identity Spoofing_CVE-2026-44046 Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentia...	Apache Software Foundation	Apache APISIX 1.2.0	Jun 19, 2026	CVE
HIGH 7	CVE-2026-39999	Apache APISIX: JWT Algorithm Confusion allows authentication bypass_CVE-2026-39999 Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain config...	Apache Software Foundation	Apache APISIX 2.2	Jun 19, 2026	CVE
MEDIUM 5.8	CVE-2026-39998	Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup_CVE-2026-39998 Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof...	Apache Software Foundation	Apache APISIX 2.12.0	Jun 19, 2026	CVE
HIGH 8.6	CVE-2026-12104	Authenticated OS Command Injection in Bondix_CVE-2026-12104 OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an auth...	SIMA GmbH	Bondix Server	Jun 19, 2026	CVE
LOW 3	CVE-2026-49358	PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles_CVE-2026-49358 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `AbstractGenerator::$temporaryFiles` is ...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE