HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-50633	Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl_CVE-2026-50633 A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is ab...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
HIGH 8.1	CVE-2026-50632	Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory_CVE-2026-50632 A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, w...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
HIGH 7.4	CVE-2026-50631	Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing_CVE-2026-50631 A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate m...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
HIGH 8.5	CVE-2026-11967	Arbitrary code execution in MobaXterm Personal Edition (Portable)_CVE-2026-11967 MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the ...	Mobatek	MobaXterm Personal Edition (Portable) 26.3	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-7368	Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization_CVE-2026-7368 The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded crede...	Yarbo	Yarbo Android/IOS mobile application	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-6211	Arbitrary File Upload in Global IT’s WEOLL_CVE-2026-6211 Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Prope...	Global IT Informatics Services Inc.	WEOLL 2.0.9	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-53721	Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher_CVE-2026-53721 Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule...	nuxt	nuxt >= 3.11.0, < 3.21.7	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-47209	vm2: Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain_CVE-2026-47209 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver param...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-47139	vm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_server_CVE-2026-47139 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin ...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-47135	vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks_CVE-2026-47135 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Nod...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE