CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7	CVE-2026-44495	Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge_CVE-2026-44495 Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadge...	axios	axios >= 1.0.0, < 1.15.2	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-44494	Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`_CVE-2026-44494 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollu...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 8.6	CVE-2026-44492	Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)_CVE-2026-44492 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. ...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
MEDIUM 4.8	CVE-2026-44490	Axios: DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions_CVE-2026-44490 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadge...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
LOW 3.7	CVE-2026-44489	Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix_CVE-2026-44489 Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., conf...	axios	axios 1.15.2	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44488	Axios: Allocation of Resources Without Limits or Throttling in axios_CVE-2026-44488 Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and respon...	axios	axios >= 1.7.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 8.2	CVE-2026-44487	Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter_CVE-2026-44487 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Auth...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44486	Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection_CVE-2026-44486 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credential...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
MEDIUM 6.4	CVE-2026-11945	PostgreSQL Anonymizer: SQL injection in the rules import functions_CVE-2026-11945 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious co...	DALIBO	PostgreSQL Anonymizer 1	Jun 11, 2026	CVE
HIGH 7.3	PACKETSTORM:223224	📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass_PACKETSTORM:223224 This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may ...	N/A	N/A	Jun 11, 2026	PACKETSTORM