category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-44046	Apache APISIX: wolf-rbac plugin Identity Spoofing_CVE-2026-44046 Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentia...	Apache Software Foundation	Apache APISIX 1.2.0	Jun 19, 2026	CVE
HIGH 7	CVE-2026-39999	Apache APISIX: JWT Algorithm Confusion allows authentication bypass_CVE-2026-39999 Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain config...	Apache Software Foundation	Apache APISIX 2.2	Jun 19, 2026	CVE
MEDIUM 5.8	CVE-2026-39998	Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup_CVE-2026-39998 Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof...	Apache Software Foundation	Apache APISIX 2.12.0	Jun 19, 2026	CVE
HIGH 8.6	CVE-2026-12104	Authenticated OS Command Injection in Bondix_CVE-2026-12104 OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an auth...	SIMA GmbH	Bondix Server	Jun 19, 2026	CVE
LOW 3	CVE-2026-49358	PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles_CVE-2026-49358 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `AbstractGenerator::$temporaryFiles` is ...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-21768	HCL Verse for Android is susceptible to an injection vulnerability_CVE-2026-21768 The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input...	HCLSoftware	Verse for Android 14.5.10	Jun 19, 2026	CVE
HIGH 8.5	CVE-2025-71326	AVAST Antivirus 25.11 Unquoted Service Path Privilege Escalation_CVE-2025-71326 AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute c...	Avast	AVAST Antivirus 25.11	Jun 19, 2026	CVE
CRITICAL 9.6	CVE-2026-12297	Sandbox escape due to incorrect boundary conditions in the Networking component_CVE-2026-12297 Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, F...	Mozilla	Firefox 115.37	Jun 16, 2026	CVE
CRITICAL 9.6	CVE-2026-12296	Sandbox escape in the Security: Process Sandboxing component_CVE-2026-12296 Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and...	Mozilla	Firefox 140.12	Jun 16, 2026	CVE
CRITICAL 9.6	CVE-2026-12295	Sandbox escape in the DOM: Navigation component_CVE-2026-12295 Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 1...	Mozilla	Firefox 115.37	Jun 16, 2026	CVE