CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	MS:CVE-2026-11672	Chromium: CVE-2026-11671 Use after free in Navigation_MS:CVE-2026-11672 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 16, 2026	MSCVE
CRITICAL 9.6	MS:CVE-2026-11697	Chromium: CVE-2026-11696 Uninitialized Use in Video_MS:CVE-2026-11697 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 16, 2026	MSCVE
CRITICAL 9.6	MS:CVE-2026-11698	Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI_MS:CVE-2026-11698 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 16, 2026	MSCVE
CRITICAL 9.1	CVE-2026-48714	i18next-http-middleware missingKeyHandler does not reject keys whose segments contain prototype-polluting names_CVE-2026-48714 i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9....	i18next	i18next-http-middleware < 3.9.7	Jun 15, 2026	CVE
CRITICAL 9.1	CVE-2026-48713	i18next-fs-backend: Prototype pollution via crafted missing-key string_CVE-2026-48713 Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. v...	i18next	i18next-fs-backend < 2.6.6	Jun 15, 2026	CVE
CRITICAL 9.2	CVE-2026-48853	Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc_CVE-2026-48853 Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticate...	elixir-grpc	grpc 0.4.0	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-50628	Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control_CVE-2026-50628 A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any oth...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-50627	Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator_CVE-2026-50627 The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issu...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
CRITICAL 9.8	CVE-2026-9691	WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability_CVE-2026-9691 Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms	CRM Perks	Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms 1.1.1	Jun 15, 2026	CVE
CRITICAL 9.6	CVE-2026-52703	WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability_CVE-2026-52703 Unauthenticated Path Traversal in FastDup	Ninja Team	FastDup n/a	Jun 15, 2026	CVE