HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-44494	Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`_CVE-2026-44494 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollu...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 8.6	CVE-2026-44492	Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)_CVE-2026-44492 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. ...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44488	Axios: Allocation of Resources Without Limits or Throttling in axios_CVE-2026-44488 Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and respon...	axios	axios >= 1.7.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 8.2	CVE-2026-44487	Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter_CVE-2026-44487 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Auth...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44486	Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection_CVE-2026-44486 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credential...	axios	axios >= 1.0.0, < 1.16.0	Jun 11, 2026	CVE
HIGH 7.3	PACKETSTORM:223224	📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass_PACKETSTORM:223224 This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may ...	N/A	N/A	Jun 11, 2026	PACKETSTORM
HIGH 8.8	B4BD65AE-C56B-	Exploit for Use After Free in Redis_B4BD65AE-C56B-5415-BFF0-4D29FA8BEAA1 CVE-2026-23479 Scanner Redis Use-After-Free vulnerability CVE-2026-23479 detection tool. Automatically checks Redis instances for vulnerability, mi...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
HIGH 7.8	D039E607-9443-	Exploit for Use After Free in Linux Linux_Kernel_D039E607-9443-53D4-AA20-578FC0282FE1 CVE-2026-23111 nftables LPE: exposure check and safe lab Defensive tooling and a reproducible virtual-machine lab for CVE-2026-23111, the nftables ...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
HIGH 8.1	236C3334-CF38-	Exploit for CVE-2026-10795_236C3334-CF38-5100-98AA-1DF6189FF3D2 CVE-2026-10795 UpdraftPlus Auto-Exploit & Mass Scanner Authorized Use Only — This tool is provided for authorized penetration testing, security res...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
HIGH 7.1	CVE-2026-8406	openSIS Classic 9.3 – Insecure Direct Object Reference in Sent Mail_CVE-2026-8406 openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the m...	OS4ED	openSIS-Classic 9.3	Jun 11, 2026	CVE