HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-42211	React Router’s vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE_CVE-2026-42211 React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow una...	remix-run	react-router >= 7.0.0, < 7.14.2	Jun 2, 2026	CVE
HIGH 7.5	CVE-2026-34077	React Router vulnerable to Denial of Service via reflected user input in single-fetch_CVE-2026-34077 React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there ...	remix-run	react-router >= 7.0.0, < 7.14.0	Jun 2, 2026	CVE
HIGH 8	CVE-2026-33245	React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets_CVE-2026-33245 React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there ...	remix-run	react-router >= 7.7.0, < 7.13.2	Jun 2, 2026	CVE
HIGH 8.2	CVE-2026-28299	SolarWinds Web Help Desk Denial-of-Service Vulnerability_CVE-2026-28299 SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server t...	SolarWinds	Web Help Desk 2026.1 and all previous versions	Jun 2, 2026	CVE
HIGH 8.8	CVE-2026-1829	Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution_CVE-2026-1829 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via ...	jhorowitz	Content Visibility for Divi Builder	Jun 2, 2026	CVE
HIGH 8.4	THN:5042E49AA00...	Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited_THN:5042E49AA00F0CB8BDF02D51DF7758F5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu6SfsDfrb_dr_5DP0MiwOMy86maTi3XyrtkQLw-sHAGlBZbhZ0uEfRkamwFqXGT4qNmVIqg6LQtaaRVLr_o...	N/A	N/A	Jun 2, 2026	THN
HIGH 7.5	PACKETSTORM:222473	📄 WordPress OrderConvo 13.5 Path Traversal_PACKETSTORM:222473 Proof of concept exploit that demonstrates a path traversal vulnerability in WordPress OrderConvo plugin version 13.5...	N/A	N/A	Jun 2, 2026	PACKETSTORM
HIGH 7.5	THN:1DB8C609A00...	Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation_THN:1DB8C609A0019C07637C95FF2CBAEDDE ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyTRAA7jrm-wO7d39ZhI2e75GnwqNE6t-CKpScXYfVikGGVRC4fYajbw5kn3aHqZc9rmbdjIqft5nwFLWAxC...	N/A	N/A	Jun 2, 2026	THN
HIGH 8.8	THN:EC1CA545F49...	Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine_THN:EC1CA545F493C8BBF09867DC93311116 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIWYqVAlf5o0isz1fGZ_KcAkqIAroOtFMRAvlOMseZrj7e5iLaZ47_92-zoFzN4rtQHJpmGHjMaOShanlb01...	N/A	N/A	Jun 2, 2026	THN
HIGH 7.5	CVE-2026-9096	CVE-2026-9096_CVE-2026-9096 Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including ...	Casdoor	Casdoor	May 28, 2026	CVE