CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-50623	Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService_CVE-2026-50623 An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the securi...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
LOW 1	CVE-2026-12065	Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme_CVE-2026-12065 A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebVi...	Groww	Stock, Mutual Fund, Gold App 20260805	Jun 12, 2026	CVE
HIGH 8.5	CVE-2026-11967	Arbitrary code execution in MobaXterm Personal Edition (Portable)_CVE-2026-11967 MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the ...	Mobatek	MobaXterm Personal Edition (Portable) 26.3	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-8694	Improper access control on the API documentation endpoint in PowerShell Universal_CVE-2026-8694 Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI sp...	Devolutions	PowerShell Universal	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-7368	Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization_CVE-2026-7368 The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded crede...	Yarbo	Yarbo Android/IOS mobile application	Jun 12, 2026	CVE
CRITICAL 9.8	CVE-2026-6853	OTP Bypass in Başbelen Group’s Pause+ Mobile App_CVE-2026-6853 Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ M...	Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co.	Pause+ Mobile App v1.0.6	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-6211	Arbitrary File Upload in Global IT’s WEOLL_CVE-2026-6211 Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Prope...	Global IT Informatics Services Inc.	WEOLL 2.0.9	Jun 12, 2026	CVE
CRITICAL 9.8	CVE-2026-54133	jmespath.php has CompilerRuntime code injection via unescaped function names_CVE-2026-54133 jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications ...	jmespath	jmespath.php < 2.9.1	Jun 12, 2026	CVE
CRITICAL 9.3	CVE-2026-53787	Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload_CVE-2026-53787 Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthentica...	Amasty	Order Attributes for Magento 2	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-53722	Nuxt: Reflected XSS in `` via unsanitised `javascript:` or `data:` URL_CVE-2026-53722 Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound t...	nuxt	nuxt < 3.21.7	Jun 12, 2026	CVE