HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	CVE-2026-44705	tmp: Path Traversal via unsanitized prefix/postfix enables directory escape_CVE-2026-44705 tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows ...	raszi	node-tmp < 0.2.6	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44496	Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection_CVE-2026-44496 Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line bu...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7	CVE-2026-44495	Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge_CVE-2026-44495 Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadge...	axios	axios >= 1.0.0, < 1.15.2	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-44494	Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`_CVE-2026-44494 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollu...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 8.6	CVE-2026-44492	Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)_CVE-2026-44492 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. ...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44488	Axios: Allocation of Resources Without Limits or Throttling in axios_CVE-2026-44488 Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and respon...	axios	axios >= 1.7.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 8.2	CVE-2026-44487	Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter_CVE-2026-44487 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Auth...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44486	Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection_CVE-2026-44486 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credential...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7.3	PACKETSTORM:223224	📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass_PACKETSTORM:223224 This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may ...	N/A	N/A	Jun 11, 2026	PACKETSTORM
HIGH 8.8	B4BD65AE-C56B-	Exploit for Use After Free in Redis_B4BD65AE-C56B-5415-BFF0-4D29FA8BEAA1 CVE-2026-23479 Scanner Redis Use-After-Free vulnerability CVE-2026-23479 detection tool. Automatically checks Redis instances for vulnerability, mi...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT