CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	THN:752B90FA610...	ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities_THN:752B90FA61064ECC5D562EA512CCEC15 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBpNcbfulhruio1VSh8OPKOjdx3gvP-Chg8OjSm7LZeVK2GaVR-osKeoQjO9e1_56Dtedmlisu76lYc70Wv5...	N/A	N/A	Jun 11, 2026	THN
CRITICAL 10	CVE-2026-49261	MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`_CVE-2026-49261 MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11...	MariaDB	server >= 10.6.1, < 10.6.27	Jun 11, 2026	CVE
CRITICAL 9.5	CVE-2026-47174	Duck Site: Untrusted pull request code can trigger privileged production deployment_CVE-2026-47174 In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pu...	duck-organization	duck-site < 1.0.1	Jun 11, 2026	CVE
CRITICAL 9.5	CVE-2026-47172	Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment._CVE-2026-47172 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged ...	duck-organization	quest-bot < 1.0.3	Jun 11, 2026	CVE
CRITICAL 9.1	CVE-2026-45177	Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism_CVE-2026-45177 Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unau...	CyberArk Software, a Palo Alto Networks Company	Conjur Cloud (Edge Finding only) 1.0	Jun 11, 2026	CVE
CRITICAL 9.8	1B4E1928-22BA-	Systems-and-Cyber-Security-Coursework_1B4E1928-22BA-58AE-868A-852185F77BAA CSI6SCS2526 — Systems and Cyber Security Coursework Grey-Box Vulnerability Assessment \| LSBU \| 2025/26 Student ID: 4214293 \| Group 10 \| Network: 10...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2026-38581	CVE-2026-38581_CVE-2026-38581 SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idF...	damasac	thaipalliative_lte 3.0	Jun 11, 2026	CVE
CRITICAL 9.1	CVE-2026-9648	CVE-2026-9648_CVE-2026-9648 The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alter...	Haskell Programming Language	crypton-certificate	Jun 11, 2026	CVE
CRITICAL 9.9	CVE-2026-11839	Arbitrary File Upload in Basarsoft’s Rotaban_CVE-2026-11839 Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web...	Başarsoft Information Technologies Inc.	Rotaban V2026.06.002	Jun 11, 2026	CVE
CRITICAL 9.8	PACKETSTORM:223236	📄 Drupal core 10.5.5 JSON:API PostgreSQL Error-Based SQL Injection_PACKETSTORM:223236 This code demonstrates a research-oriented implementation targeting a reported SQL injection condition in Drupal JSON:API endpoints backed by Postg...	N/A	N/A	Jun 11, 2026	PACKETSTORM