Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-53726	Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL_CVE-2026-53726 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6,...	parse-community	parse-server < 8.6.80	Jun 12, 2026	CVE
MEDIUM 5.9	CVE-2026-53725	Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied_CVE-2026-53725 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-...	parse-community	parse-server >= 9.8.0, < 9.9.1-alpha.5	Jun 12, 2026	CVE
LOW 2.1	CVE-2026-53724	Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist_CVE-2026-53724 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4,...	parse-community	parse-server < 8.6.79	Jun 12, 2026	CVE
HIGH 8.1	CVE-2026-53408	CVE-2026-53408_CVE-2026-53408 Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an un...	Zoom Communications	Zoom Workplace	Jun 12, 2026	CVE
HIGH 8.1	CVE-2026-53407	CVE-2026-53407_CVE-2026-53407 Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an un...	Zoom Communications	Zoom Workplace	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50244	Naxclow IoT Platform Missing Authorization_CVE-2026-50244 The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied accoun...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-50108	Naxclow IoT Platform Missing Authorization_CVE-2026-50108 The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
CRITICAL 9.2	CVE-2026-50101	Naxclow IoT Platform Not using password aging_CVE-2026-50101 Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credent...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-50099	Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory_CVE-2026-50099 During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART conso...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50008	Parse Server: Server option routeAllowList is bypassable through batch sub-requests_CVE-2026-50008 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-...	parse-community	parse-server >= 9.8.0, < 9.9.1-alpha.3	Jun 12, 2026	CVE