HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-53917	Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling_CVE-2026-53917 Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. ...	Apache Software Foundation	Apache ActiveMQ	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-53916	Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec_CVE-2026-53916 Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated clie...	Apache Software Foundation	Apache ActiveMQ	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-49432	Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service_CVE-2026-49432 Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can rea...	Apache Software Foundation	Apache ActiveMQ	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-57081	Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input_CVE-2026-57081 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested ...	SANKO	Net::BitTorrent	Jun 30, 2026	CVE
HIGH 7	CVE-2026-44949	Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook_CVE-2026-44949 A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to ...	SUSE	Rancher 0.7.0	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-27957	Coolify: Authenticated RCE via command injection in CA certificate management feature_CVE-2026-27957 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated comma...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-48307	ColdFusion \| Cross-site Scripting (Reflected XSS) (CWE-79)_CVE-2026-48307 ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit thi...	Adobe	ColdFusion	Jun 30, 2026	CVE
HIGH 8.6	CVE-2026-48285	ColdFusion \| Server-Side Request Forgery (SSRF) (CWE-918)_CVE-2026-48285 ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security ...	Adobe	ColdFusion	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-58375	JimuReport 2.5.0 – Unauthenticated Report Export via /jmreport/auto/export_CVE-2026-58375 JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so ...	jeecgboot	jimureport	Jun 30, 2026	CVE
HIGH 8.1	CVE-2026-58372	SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys_CVE-2026-58372 SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principal...	seaweedfs	seaweedfs	Jun 30, 2026	CVE