HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-44488	Axios: Allocation of Resources Without Limits or Throttling in axios_CVE-2026-44488 Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and respon...	axios	axios >= 1.7.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 8.2	CVE-2026-44487	Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter_CVE-2026-44487 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Auth...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44486	Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection_CVE-2026-44486 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credential...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7.3	PACKETSTORM:223224	📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass_PACKETSTORM:223224 This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may ...	N/A	N/A	Jun 11, 2026	PACKETSTORM
HIGH 8.8	B4BD65AE-C56B-	Exploit for Use After Free in Redis_B4BD65AE-C56B-5415-BFF0-4D29FA8BEAA1 CVE-2026-23479 Scanner Redis Use-After-Free vulnerability CVE-2026-23479 detection tool. Automatically checks Redis instances for vulnerability, mi...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
HIGH 7.8	D039E607-9443-	Exploit for Use After Free in Linux Linux_Kernel_D039E607-9443-53D4-AA20-578FC0282FE1 CVE-2026-23111 nftables LPE: exposure check and safe lab Defensive tooling and a reproducible virtual-machine lab for CVE-2026-23111, the nftables ...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
HIGH 8.1	236C3334-CF38-	Exploit for CVE-2026-10795_236C3334-CF38-5100-98AA-1DF6189FF3D2 CVE-2026-10795 UpdraftPlus Auto-Exploit & Mass Scanner Authorized Use Only — This tool is provided for authorized penetration testing, security res...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
HIGH 7.1	CVE-2026-8406	openSIS Classic 9.3 – Insecure Direct Object Reference in Sent Mail_CVE-2026-8406 openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the m...	OS4ED	openSIS-Classic 9.3	Jun 11, 2026	CVE
HIGH 8.8	CVE-2026-53661	boruta-server sent sensitive session cookies without the Secure attribute_CVE-2026-53661 Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior ...	malach-it	boruta-server < 0.9.1	Jun 11, 2026	CVE
HIGH 8.1	CVE-2026-11816	Path Traversal in keras-team/keras_CVE-2026-11816 Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/file_utils....	keras-team	keras-team/keras unspecified	Jun 11, 2026	CVE