HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	PACKETSTORM:222473	📄 WordPress OrderConvo 13.5 Path Traversal_PACKETSTORM:222473 Proof of concept exploit that demonstrates a path traversal vulnerability in WordPress OrderConvo plugin version 13.5...	N/A	N/A	Jun 2, 2026	PACKETSTORM
HIGH 7.5	THN:1DB8C609A00...	Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation_THN:1DB8C609A0019C07637C95FF2CBAEDDE ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyTRAA7jrm-wO7d39ZhI2e75GnwqNE6t-CKpScXYfVikGGVRC4fYajbw5kn3aHqZc9rmbdjIqft5nwFLWAxC...	N/A	N/A	Jun 2, 2026	THN
HIGH 8.8	THN:EC1CA545F49...	Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine_THN:EC1CA545F493C8BBF09867DC93311116 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIWYqVAlf5o0isz1fGZ_KcAkqIAroOtFMRAvlOMseZrj7e5iLaZ47_92-zoFzN4rtQHJpmGHjMaOShanlb01...	N/A	N/A	Jun 2, 2026	THN
HIGH 7.5	CVE-2026-9096	CVE-2026-9096_CVE-2026-9096 Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including ...	Casdoor	Casdoor	May 28, 2026	CVE
HIGH 8.8	CVE-2026-49298	Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments_CVE-2026-49298 A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the wo...	Apache Software Foundation	Apache Airflow	Jun 1, 2026	CVE
HIGH 7.5	CVE-2026-41084	Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation_CVE-2026-41084 A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization...	Apache Software Foundation	Apache Airflow 3.2.0	Jun 1, 2026	CVE
HIGH 7.2	CVE-2026-40961	Apache Airflow: Open Redirect Bypass Vulnerability_CVE-2026-40961 A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redir...	Apache Software Foundation	Apache Airflow 3.0.0	Jun 1, 2026	CVE
HIGH 7.5	CVE-2026-37235	CVE-2026-37235_CVE-2026-37235 FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function vali...	n/a	n/a n/a	Jun 1, 2026	CVE
HIGH 7.8	CVE-2026-0088	CVE-2026-0088_CVE-2026-0088 In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. Th...	Google	Android 16-qpr2	Jun 1, 2026	CVE
HIGH 7.8	CVE-2026-40715	CVE-2026-40715_CVE-2026-40715 Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local acc...	Dell	ThinOS 10	Jun 2, 2026	CVE