HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	CVE-2026-48595	Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects_CVE-2026-48595 Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirec...	elixir-tesla	tesla 1.4.0	Jun 2, 2026	CVE
HIGH 8.2	CVE-2026-48594	Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression_CVE-2026-48594 Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression b...	elixir-tesla	tesla 0.6.0	Jun 2, 2026	CVE
HIGH 7.5	CVE-2026-42342	React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint_CVE-2026-42342 React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtim...	remix-run	react-router >= 7.0.0, < 7.15.0	Jun 2, 2026	CVE
HIGH 8.1	CVE-2026-42211	React Router’s vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE_CVE-2026-42211 React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow una...	remix-run	react-router >= 7.0.0, < 7.14.2	Jun 2, 2026	CVE
HIGH 7.5	CVE-2026-34077	React Router vulnerable to Denial of Service via reflected user input in single-fetch_CVE-2026-34077 React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there ...	remix-run	react-router >= 7.0.0, < 7.14.0	Jun 2, 2026	CVE
HIGH 8	CVE-2026-33245	React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets_CVE-2026-33245 React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there ...	remix-run	react-router >= 7.7.0, < 7.13.2	Jun 2, 2026	CVE
HIGH 8.2	CVE-2026-28299	SolarWinds Web Help Desk Denial-of-Service Vulnerability_CVE-2026-28299 SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server t...	SolarWinds	Web Help Desk 2026.1 and all previous versions	Jun 2, 2026	CVE
HIGH 8.8	CVE-2026-1829	Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution_CVE-2026-1829 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via ...	jhorowitz	Content Visibility for Divi Builder	Jun 2, 2026	CVE
HIGH 8.4	THN:5042E49AA00...	Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited_THN:5042E49AA00F0CB8BDF02D51DF7758F5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu6SfsDfrb_dr_5DP0MiwOMy86maTi3XyrtkQLw-sHAGlBZbhZ0uEfRkamwFqXGT4qNmVIqg6LQtaaRVLr_o...	N/A	N/A	Jun 2, 2026	THN
HIGH 7.5	PACKETSTORM:222473	📄 WordPress OrderConvo 13.5 Path Traversal_PACKETSTORM:222473 Proof of concept exploit that demonstrates a path traversal vulnerability in WordPress OrderConvo plugin version 13.5...	N/A	N/A	Jun 2, 2026	PACKETSTORM