HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8	CVE-2026-33245	React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets_CVE-2026-33245 React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there ...	remix-run	react-router >= 7.7.0, < 7.13.2	Jun 2, 2026	CVE
HIGH 8.2	CVE-2026-28299	SolarWinds Web Help Desk Denial-of-Service Vulnerability_CVE-2026-28299 SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server t...	SolarWinds	Web Help Desk 2026.1 and all previous versions	Jun 2, 2026	CVE
HIGH 8.8	CVE-2026-1829	Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution_CVE-2026-1829 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via ...	jhorowitz	Content Visibility for Divi Builder	Jun 2, 2026	CVE
HIGH 8.4	THN:5042E49AA00...	Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited_THN:5042E49AA00F0CB8BDF02D51DF7758F5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu6SfsDfrb_dr_5DP0MiwOMy86maTi3XyrtkQLw-sHAGlBZbhZ0uEfRkamwFqXGT4qNmVIqg6LQtaaRVLr_o...	N/A	N/A	Jun 2, 2026	THN
HIGH 7.5	PACKETSTORM:222473	📄 WordPress OrderConvo 13.5 Path Traversal_PACKETSTORM:222473 Proof of concept exploit that demonstrates a path traversal vulnerability in WordPress OrderConvo plugin version 13.5...	N/A	N/A	Jun 2, 2026	PACKETSTORM
HIGH 7.5	THN:1DB8C609A00...	Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation_THN:1DB8C609A0019C07637C95FF2CBAEDDE ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyTRAA7jrm-wO7d39ZhI2e75GnwqNE6t-CKpScXYfVikGGVRC4fYajbw5kn3aHqZc9rmbdjIqft5nwFLWAxC...	N/A	N/A	Jun 2, 2026	THN
HIGH 8.8	THN:EC1CA545F49...	Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine_THN:EC1CA545F493C8BBF09867DC93311116 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIWYqVAlf5o0isz1fGZ_KcAkqIAroOtFMRAvlOMseZrj7e5iLaZ47_92-zoFzN4rtQHJpmGHjMaOShanlb01...	N/A	N/A	Jun 2, 2026	THN
HIGH 7.5	CVE-2026-9096	CVE-2026-9096_CVE-2026-9096 Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including ...	Casdoor	Casdoor	May 28, 2026	CVE
HIGH 8.8	CVE-2026-49298	Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments_CVE-2026-49298 A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the wo...	Apache Software Foundation	Apache Airflow	Jun 1, 2026	CVE
HIGH 7.5	CVE-2026-41084	Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation_CVE-2026-41084 A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization...	Apache Software Foundation	Apache Airflow 3.2.0	Jun 1, 2026	CVE