HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-45290	Cloudburst Network has DoS in RakNet connection handling due to missing bound checks_CVE-2026-45290 Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260417.085727-30`...	CloudburstMC	Network < 1.0.0.CR3-20260417.085727-30	Jun 5, 2026	CVE
HIGH 8.6	CVE-2026-50733	Markdown Preview Enhanced Arbitrary Code Execution via WaveDrom eval()_CVE-2026-50733 Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScrip...	shd101wyy	Markdown Preview Enhanced	Jun 5, 2026	CVE
HIGH 8.6	CVE-2026-49493	Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()_CVE-2026-49493 Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.run...	shd101wyy	Markdown Preview Enhanced	Jun 5, 2026	CVE
HIGH 8.6	CVE-2026-49492	Markdown Preview Enhanced OS Command Injection in External File and Link Opening_CVE-2026-49492 Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs take...	shd101wyy	Markdown Preview Enhanced	Jun 5, 2026	CVE
HIGH 8.1	CVE-2026-45749	Termix’s TOTP two-factor authentication can be disabled or bypassed using only the account password_CVE-2026-45749 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `P...	Termix-SSH	Termix < 2.3.2	Jun 5, 2026	CVE
HIGH 8	CVE-2026-45745	Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft_CVE-2026-45745 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Des...	Termix-SSH	Termix >= 1.7.0, <= 2.2.1	Jun 5, 2026	CVE
HIGH 8.1	CVE-2026-45743	Termix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)_CVE-2026-45743 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix p...	Termix-SSH	Termix < 2.3.2	Jun 5, 2026	CVE
HIGH 8.8	CVE-2026-5415	WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link_CVE-2026-5415 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Aut...	webfactory	Advanced Google reCAPTCHA	Jun 5, 2026	CVE
HIGH 8.8	CVE-2026-5411	WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload_CVE-2026-5411 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arb...	webfactory	Advanced Google reCAPTCHA	Jun 5, 2026	CVE
HIGH 8.7	CVE-2026-46511	HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack_CVE-2026-46511 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynami...	haxtheweb	haxcms-nodejs < 26.0.0	Jun 5, 2026	CVE