Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-44087	Apache APISIX: Openid-connect plugin Identity Header Spoofing_CVE-2026-44087 Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack...	Apache Software Foundation	Apache APISIX 2.3	Jun 19, 2026	CVE
LOW 2.3	CVE-2026-44046	Apache APISIX: wolf-rbac plugin Identity Spoofing_CVE-2026-44046 Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentia...	Apache Software Foundation	Apache APISIX 1.2.0	Jun 19, 2026	CVE
HIGH 7	CVE-2026-39999	Apache APISIX: JWT Algorithm Confusion allows authentication bypass_CVE-2026-39999 Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain config...	Apache Software Foundation	Apache APISIX 2.2	Jun 19, 2026	CVE
MEDIUM 5.8	CVE-2026-39998	Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup_CVE-2026-39998 Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof...	Apache Software Foundation	Apache APISIX 2.12.0	Jun 19, 2026	CVE
HIGH 8.6	CVE-2026-12104	Authenticated OS Command Injection in Bondix_CVE-2026-12104 OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an auth...	SIMA GmbH	Bondix Server	Jun 19, 2026	CVE
LOW 3	CVE-2026-49358	PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles_CVE-2026-49358 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `AbstractGenerator::$temporaryFiles` is ...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-21768	HCL Verse for Android is susceptible to an injection vulnerability_CVE-2026-21768 The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input...	HCLSoftware	Verse for Android 14.5.10	Jun 19, 2026	CVE
HIGH 8.5	CVE-2025-71326	AVAST Antivirus 25.11 Unquoted Service Path Privilege Escalation_CVE-2025-71326 AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute c...	Avast	AVAST Antivirus 25.11	Jun 19, 2026	CVE
HIGH 8.8	MALWAREBYTES:43...	Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap_MALWAREBYTES:430DE23FF1022B331371E640A7316DE9 Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Blu...	N/A	N/A	Jun 19, 2026	MALWAREBYTES
NONE	HACKREAD:3035D5...	eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks_HACKREAD:3035D5C64C91E08AF4597F8366D055C7 New York, USA, 19th June 2026, CyberNewswire	N/A	N/A	Jun 19, 2026	HACKREAD