CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-48713	i18next-fs-backend: Prototype pollution via crafted missing-key string_CVE-2026-48713 Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. v...	i18next	i18next-fs-backend < 2.6.6	Jun 15, 2026	CVE
CRITICAL 9.2	CVE-2026-48853	Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc_CVE-2026-48853 Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticate...	elixir-grpc	grpc 0.4.0	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-50628	Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control_CVE-2026-50628 A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any oth...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-50627	Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator_CVE-2026-50627 The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issu...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
CRITICAL 9.8	CVE-2026-9691	WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability_CVE-2026-9691 Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms	CRM Perks	Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms 1.1.1	Jun 15, 2026	CVE
CRITICAL 9.6	CVE-2026-52703	WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability_CVE-2026-52703 Unauthenticated Path Traversal in FastDup	Ninja Team	FastDup n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-52693	WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability_CVE-2026-52693 Unauthenticated SQL Injection in eCommerce Product Catalog	impleCode	eCommerce Product Catalog n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49781	WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability_CVE-2026-49781 Unauthenticated PHP Object Injection in OttoKit	Brainstorm Force	OttoKit n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-49776	WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability_CVE-2026-49776 Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites	JExtensions Store	GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49770	WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability_CVE-2026-49770 Unauthenticated PHP Object Injection in WP Travel Engine	WP Travel Engine	WP Travel Engine n/a	Jun 15, 2026	CVE