CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-11839	Arbitrary File Upload in Basarsoft’s Rotaban_CVE-2026-11839 Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web...	Başarsoft Information Technologies Inc.	Rotaban V2026.06.002	Jun 11, 2026	CVE
HIGH 8.2	CVE-2026-49982	tmp: Type-confusion bypass of _assertPath in [email protected] allows path traversal via non-string prefix/postfix/template_CVE-2026-49982 tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that con...	raszi	node-tmp 0.2.6	Jun 11, 2026	CVE
HIGH 7.7	CVE-2026-44705	tmp: Path Traversal via unsanitized prefix/postfix enables directory escape_CVE-2026-44705 tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows ...	raszi	node-tmp < 0.2.6	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44496	Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection_CVE-2026-44496 Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line bu...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7	CVE-2026-44495	Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge_CVE-2026-44495 Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadge...	axios	axios >= 1.0.0, < 1.15.2	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-44494	Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`_CVE-2026-44494 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollu...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 8.6	CVE-2026-44492	Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)_CVE-2026-44492 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. ...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
MEDIUM 4.8	CVE-2026-44490	Axios: DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions_CVE-2026-44490 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadge...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
LOW 3.7	CVE-2026-44489	Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix_CVE-2026-44489 Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., conf...	axios	axios 1.15.2	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44488	Axios: Allocation of Resources Without Limits or Throttling in axios_CVE-2026-44488 Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and respon...	axios	axios >= 1.7.0, < 1.16.0	Jun 11, 2026	CVE