HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.3	CVE-2026-2053	Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager_CVE-2026-2053 The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled in...	WSO2	WSO2 API Manager	Jun 26, 2026	CVE
HIGH 8.8	THN:3AF4D7A4A25...	Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks_THN:3AF4D7A4A2521E78D5A57F5ED9C21560 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9SthtlfUvEkaX0iZanYdYTAOV5hgm44yCwHu_3GCaoa11rO-GkO9oc0_qN9JGw2n86dsEsN_sdaYt2ra_4I...	N/A	N/A	Jun 26, 2026	THN
HIGH 8.8	75D8AF60-1BE7-	Exploit for Use After Free in Google Chrome_75D8AF60-1BE7-5841-A5AC-CC59A30D14EB CVE-2026-13036 — Use-After-Free in Blink WidgetBase::UpdateSurfaceAndScreenInfo A use-after-free vulnerability in Google Chrome's Blink rendering e...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
HIGH 8.8	0AEC5CEA-1ACD-	Exploit for Path Traversal in Rarlab Winrar_0AEC5CEA-1ACD-55C4-80FC-250F80922CE5 Amaranth Project A multi-stage backdoor implantation attack chain is implemented using CVE-2025-8088 WinRAR path traversal vulnerability, ≤ 7.11. F...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
HIGH 8.5	CVE-2026-8797	CVE-2026-8797_CVE-2026-8797 An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary co...	NEC Corporation	ExpressUpdate Agent for Windows 3.24 and prior	Jun 26, 2026	CVE
HIGH 8.8	CVE-2026-50741	CVE-2026-50741_CVE-2026-50741 Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by s...	Revive	Adserver	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-48933	CVE-2026-48933_CVE-2026-48933 A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability af...	nodejs	node 22.22.3	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-48618	CVE-2026-48618_CVE-2026-48618 A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due t...	nodejs	node 22.22.3	Jun 26, 2026	CVE
HIGH 8.8	921E88F8-3925-	Exploit for CVE-2026-43503_921E88F8-3925-519D-9067-4928D48E9B4D CVE-2026-43503 — DirtyClone Linux local privilege escalation. A cloned skbuff loses the SKBFLSHAREDFRAG flag, so ESP in-place decryption writes int...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
HIGH 7.1	CVE-2026-40941	Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages_CVE-2026-40941 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass all...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE