HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-49432	Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service_CVE-2026-49432 Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can rea...	Apache Software Foundation	Apache ActiveMQ	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-57081	Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input_CVE-2026-57081 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested ...	SANKO	Net::BitTorrent	Jun 30, 2026	CVE
HIGH 7	CVE-2026-44949	Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook_CVE-2026-44949 A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to ...	SUSE	Rancher 0.7.0	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-27957	Coolify: Authenticated RCE via command injection in CA certificate management feature_CVE-2026-27957 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated comma...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
HIGH 8.8	CVE-2026-48307	ColdFusion \| Cross-site Scripting (Reflected XSS) (CWE-79)_CVE-2026-48307 ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit thi...	Adobe	ColdFusion	Jun 30, 2026	CVE
HIGH 8.6	CVE-2026-48285	ColdFusion \| Server-Side Request Forgery (SSRF) (CWE-918)_CVE-2026-48285 ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security ...	Adobe	ColdFusion	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-58375	JimuReport 2.5.0 – Unauthenticated Report Export via /jmreport/auto/export_CVE-2026-58375 JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so ...	jeecgboot	jimureport	Jun 30, 2026	CVE
HIGH 8.1	CVE-2026-58372	SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys_CVE-2026-58372 SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principal...	seaweedfs	seaweedfs	Jun 30, 2026	CVE
HIGH 8.1	CVE-2026-58370	Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name_CVE-2026-58370 Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is popu...	woodpecker-ci	woodpecker	Jun 30, 2026	CVE
HIGH 8.3	CVE-2026-58170	Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading Mandates_CVE-2026-58170 Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory witho...	HKUDS	Vibe-Trading	Jun 30, 2026	CVE