HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-10621	CVE-2026-10621_CVE-2026-10621 Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to...	Collibra	Collibra Platform (SaaS) 2025.10	Jun 2, 2026	CVE
HIGH 8.4	CVE-2026-8036	Local privilege escalation in NI-PAL_CVE-2026-8036 Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escala...	NI	NI-PAL	Jun 2, 2026	CVE
HIGH 8.4	CVE-2026-5385	GLPI 11.0.0 – Stored XSS in knowledge base_CVE-2026-5385 An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: befor...	glpi-project	glpi	Jun 2, 2026	CVE
HIGH 7.5	CVE-2026-5073	ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter_CVE-2026-5073 The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action...	armember	ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	Jun 2, 2026	CVE
HIGH 8.2	CVE-2026-48597	Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint_CVE-2026-48597 Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesl...	elixir-tesla	tesla 1.3.0	Jun 2, 2026	CVE
HIGH 8.2	CVE-2026-48595	Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects_CVE-2026-48595 Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirec...	elixir-tesla	tesla 1.4.0	Jun 2, 2026	CVE
HIGH 8.2	CVE-2026-48594	Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression_CVE-2026-48594 Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression b...	elixir-tesla	tesla 0.6.0	Jun 2, 2026	CVE
HIGH 7.5	CVE-2026-42342	React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint_CVE-2026-42342 React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtim...	remix-run	react-router >= 7.0.0, < 7.15.0	Jun 2, 2026	CVE
HIGH 8.1	CVE-2026-42211	React Router’s vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE_CVE-2026-42211 React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow una...	remix-run	react-router >= 7.0.0, < 7.14.2	Jun 2, 2026	CVE
HIGH 7.5	CVE-2026-34077	React Router vulnerable to Denial of Service via reflected user input in single-fetch_CVE-2026-34077 React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there ...	remix-run	react-router >= 7.0.0, < 7.14.0	Jun 2, 2026	CVE