CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	CVE-2026-40998	Jaxp13 XPath XXE via StreamSource and SAXSource_CVE-2026-40998 Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with th...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-40997	SOAP security faults leak Spring Security account state_CVE-2026-40997 Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled user semantics) to re...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
MEDIUM 4.8	CVE-2026-40996	Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default_CVE-2026-40996 Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inb...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
MEDIUM 5.4	CVE-2026-40995	X.509 authentication bypasses Spring Security account checks_CVE-2026-40995 X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without ap...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
HIGH 8.2	CVE-2026-40994	Wss4jSecurityInterceptor disables WS-I BSP validation by default_CVE-2026-40994 Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J BSP enforcemen...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
MEDIUM 5	CVE-2026-40992	Mail Auto-Configuration Does Not Enable SSL Hostname Verification_CVE-2026-40992 Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.m...	Spring	Spring Boot 4.0.0	Jun 11, 2026	CVE
HIGH 7.1	CVE-2026-40987	Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization_CVE-2026-40987 A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory)...	Spring	Spring Integration 7.0.0	Jun 11, 2026	CVE
MEDIUM 4.8	CVE-2026-40986	Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML_CVE-2026-40986 Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can res...	Spring	Spring Web Flow 4.0.0	Jun 11, 2026	CVE
HIGH 8.1	CVE-2026-10795	UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc_CVE-2026-10795 The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2...	davidanderson	UpdraftPlus: WP Backup & Migration Plugin	Jun 11, 2026	CVE
HIGH 7.8	D6A93691-F8DB-	overflow_exploit_framework_D6A93691-F8DB-5F5D-A462-8943071573F9 kernel-research — Framework CVE overflow Usage éducatif uniquement. Structure kernel-research/ ├── framework/ │ ├── Dockerfile.base ← image Docker ...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT