HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	428AF504-46AA-	aetherion_428AF504-46AA-5342-B996-9B28AD7932B2 /\ \| \| \| \| \| \| / \ \| \|\| \| \| \| / /\ \ \| \| \ / \ \| \\| \| / \ \| \ / \ \| \|\| \| \| \| / \| \| \| \| \|\| \|\| \| \| \| // \\ \\|\| \|\|\\| \|\| \|\|\| \/ \|\| \|\| Aetherion Android...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-7387	Mattermost group syncable endpoints allow privilege escalation via scheme_admin_CVE-2026-7387 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
HIGH 7.6	CVE-2026-6961	CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync_CVE-2026-6961 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-53982	Capgo Console < 12.28.2 Account Deletion DoS via Device Identifier Association_CVE-2026-53982 Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authenticat...	Cap-go	console.capgo.app	Jun 12, 2026	CVE
HIGH 7.2	CVE-2026-53981	Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism_CVE-2026-53981 Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authentica...	Cap-go	Cap-go	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-3840	Path Traversal in kedro-org/kedro_CVE-2026-3840 A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path...	kedro-org	kedro-org/kedro unspecified	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50645	Apache CXF: No restriction on attachment headers per message_CVE-2026-50645 There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to unc...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
HIGH 8.1	CVE-2026-50633	Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl_CVE-2026-50633 A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is ab...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
HIGH 8.1	CVE-2026-50632	Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory_CVE-2026-50632 A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, w...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
HIGH 7.4	CVE-2026-50631	Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing_CVE-2026-50631 A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate m...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE