HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-50108	Naxclow IoT Platform Missing Authorization_CVE-2026-50108 The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-47138	Parse Server: Pre-authentication denial of service via client version header regex backtracking_CVE-2026-47138 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1,...	parse-community	parse-server < 8.6.77	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-42947	Naxclow IoT Platform Authorization bypass through User-Controlled key_CVE-2026-42947 A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an ar...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
HIGH 7.2	CVE-2026-42306	Moby: Race condition in docker cp allows bind mount redirection to host path_CVE-2026-42306 Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prio...	moby	moby github.com/docker/docker/daemon <= 28.5.2	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-12143	form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)_CVE-2026-12143 form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and ...	form-data	form-data	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-12043	Heap double-free in AWS Common Runtime aws-c-http_CVE-2026-12043 Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a se...	AWS	aws-c-http 0.4.22	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-50287	Missing Authentication for Critical Function in @agenticmail/mcp_CVE-2026-50287 AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport w...	agenticmail	agenticmail < 0.9.27	Jun 12, 2026	CVE
HIGH 7.7	CVE-2026-47260	Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs_CVE-2026-47260 Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolut...	koel	koel < 9.3.5	Jun 12, 2026	CVE
HIGH 7.8	58E729A1-1305-	Exploit for Use After Free in Linux Linux_Kernel_58E729A1-1305-508A-A366-27ECA7ADF232 CVE-2026-23111 Auto-Root VM Testing Local privilege escalation exploit for CVE-2026-23111 — Linux kernel nftables use-after-free via inverted ! in ...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
HIGH 8.8	428AF504-46AA-	aetherion_428AF504-46AA-5342-B996-9B28AD7932B2 /\ \| \| \| \| \| \| / \ \| \|\| \| \| \| / /\ \ \| \| \ / \ \| \\| \| / \ \| \ / \ \| \|\| \| \| \| / \| \| \| \| \|\| \|\| \| \| \| // \\ \\|\| \|\|\\| \|\| \|\|\| \/ \|\| \|\| Aetherion Android...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT