CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-4096	A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests._CVE-2026-4096 IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could ...	IBM	DevOps Plan 3.0.0	Jun 11, 2026	CVE
MEDIUM 5.4	CVE-2026-3341	IBM Langflow Desktop 1.0.0 – 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services_CVE-2026-3341 IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker...	IBM	Langflow Desktop 1.0.0	Jun 11, 2026	CVE
CRITICAL 9.9	CVE-2026-11839	Arbitrary File Upload in Basarsoft’s Rotaban_CVE-2026-11839 Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web...	Başarsoft Information Technologies Inc.	Rotaban V2026.06.002	Jun 11, 2026	CVE
HIGH 8.2	CVE-2026-49982	tmp: Type-confusion bypass of _assertPath in [email protected] allows path traversal via non-string prefix/postfix/template_CVE-2026-49982 tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that con...	raszi	node-tmp 0.2.6	Jun 11, 2026	CVE
HIGH 7.7	CVE-2026-44705	tmp: Path Traversal via unsanitized prefix/postfix enables directory escape_CVE-2026-44705 tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows ...	raszi	node-tmp < 0.2.6	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44496	Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection_CVE-2026-44496 Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line bu...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7	CVE-2026-44495	Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge_CVE-2026-44495 Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadge...	axios	axios >= 1.0.0, < 1.15.2	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-44494	Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`_CVE-2026-44494 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollu...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 8.6	CVE-2026-44492	Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)_CVE-2026-44492 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. ...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
MEDIUM 4.8	CVE-2026-44490	Axios: DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions_CVE-2026-44490 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadge...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE