CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.8	CVE-2026-40996	Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default_CVE-2026-40996 Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inb...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
MEDIUM 5.4	CVE-2026-40995	X.509 authentication bypasses Spring Security account checks_CVE-2026-40995 X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without ap...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
HIGH 8.2	CVE-2026-40994	Wss4jSecurityInterceptor disables WS-I BSP validation by default_CVE-2026-40994 Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J BSP enforcemen...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
MEDIUM 5	CVE-2026-40992	Mail Auto-Configuration Does Not Enable SSL Hostname Verification_CVE-2026-40992 Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.m...	Spring	Spring Boot 4.0.0	Jun 11, 2026	CVE
HIGH 7.1	CVE-2026-40987	Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization_CVE-2026-40987 A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory)...	Spring	Spring Integration 7.0.0	Jun 11, 2026	CVE
MEDIUM 4.8	CVE-2026-40986	Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML_CVE-2026-40986 Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can res...	Spring	Spring Web Flow 4.0.0	Jun 11, 2026	CVE
HIGH 8.1	CVE-2026-10795	UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc_CVE-2026-10795 The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2...	davidanderson	UpdraftPlus: WP Backup & Migration Plugin	Jun 11, 2026	CVE
HIGH 7.8	D6A93691-F8DB-	overflow_exploit_framework_D6A93691-F8DB-5F5D-A462-8943071573F9 kernel-research — Framework CVE overflow Usage éducatif uniquement. Structure kernel-research/ ├── framework/ │ ├── Dockerfile.base ← image Docker ...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
NONE	6E759A42-6EB5-	Exploit for CVE-2026-45034_6E759A42-6EB5-5158-BC5F-E1FD8AE27F04 🧨 PHPSpreadsheet Phar Deserialization Exploit Bypass prohibitWrappers + Remote Code Execution RCE on phpoffice/phpspreadsheet This repository prov...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
CRITICAL 9.8	19E0D94A-E2E8-	Exploit for CVE-2026-7458_19E0D94A-E2E8-5EDF-91D0-9D413694423C 🧨 CVE-2026-7458 – PickPlugins User Verification OTP Bypass Unauthenticated Authentication Bypass via Loose Comparison in OTP Verification REST API...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT