HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-7368	Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization_CVE-2026-7368 The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded crede...	Yarbo	Yarbo Android/IOS mobile application	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-6211	Arbitrary File Upload in Global IT’s WEOLL_CVE-2026-6211 Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Prope...	Global IT Informatics Services Inc.	WEOLL 2.0.9	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-53721	Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher_CVE-2026-53721 Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule...	nuxt	nuxt >= 3.11.0, < 3.21.7	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-47209	vm2: Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain_CVE-2026-47209 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver param...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-47139	vm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_server_CVE-2026-47139 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin ...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-47135	vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks_CVE-2026-47135 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Nod...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-46340	Netty: SCTP reassembly nests buffers without bound_CVE-2026-46340 Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Fina...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-45674	Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records_CVE-2026-45674 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-45416	Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes_CVE-2026-45416 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClie...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-44894	Netty’s Default QUIC token handler accepts any client-supplied token_CVE-2026-44894 Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the appl...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE