CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2026-12027	CVE-2026-12027_CVE-2026-12027 Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer proces...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE
CRITICAL 9.8	CVE-2026-6853	OTP Bypass in Başbelen Group’s Pause+ Mobile App_CVE-2026-6853 Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ M...	Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co.	Pause+ Mobile App v1.0.6	Jun 12, 2026	CVE
CRITICAL 9.8	CVE-2026-54133	jmespath.php has CompilerRuntime code injection via unescaped function names_CVE-2026-54133 jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications ...	jmespath	jmespath.php < 2.9.1	Jun 12, 2026	CVE
CRITICAL 9.3	CVE-2026-53787	Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload_CVE-2026-53787 Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthentica...	Amasty	Order Attributes for Magento 2	Jun 12, 2026	CVE
CRITICAL 9.8	CVE-2026-47210	vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass_CVE-2026-47210 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
CRITICAL 10	CVE-2026-47208	vm2: Sandbox Breakout Using Promise Species_CVE-2026-47208 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to ...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
CRITICAL 10	CVE-2026-47140	vm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution_CVE-2026-47140 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_thre...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
CRITICAL 10	CVE-2026-47137	vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE_CVE-2026-47137 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodev...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
CRITICAL 10	CVE-2026-47131	vm2: Sandbox Escape_CVE-2026-47131 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buf...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
CRITICAL 9.3	CVE-2026-10557	Yarbo Android/iOS Mobile Application and Cloud Infrastructure Use of Hard-coded Credentials_CVE-2026-10557 The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentia...	Yarbo	Yarbo Android/IOS mobile application	Jun 12, 2026	CVE