HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 10	AA65832E-F09E-	Exploit for CVE-2026-10187_AA65832E-F09E-592C-8B20-D503A9981614 No description provided...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-50031	CVE-2026-50031_CVE-2026-50031 ipmi-oem in FreeIPMI before 1.16.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) spe...	FreeIPMI	FreeIPMI 0.7.12	Jun 3, 2026	CVE
HIGH 7.8	4844D9DA-C29D-	Exploit for CVE-2026-46243_4844D9DA-C29D-5877-9267-D476E4320671 cifswitch-check A shell script to check whether a Linux system is exposed to CIFSwitch CVE-2026-46243 — a local privilege escalation vulnerability ...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
HIGH 7.1	CVE-2026-31942	LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users’ API keys_CVE-2026-31942 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Refere...	danny-avila	LibreChat < 0.8.3-rc1	Jun 2, 2026	CVE
HIGH 8.2	CVE-2026-25861	QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php_CVE-2026-25861 QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user cred...	QloApps	QloApps	Jun 2, 2026	CVE
HIGH 7.1	CVE-2026-40108	GLPI Vulnerable to Stored XSS in ITIL Costs_CVE-2026-40108 GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. ...	glpi-project	glpi >= 11.0.0, < 11.0.7	Jun 2, 2026	CVE
HIGH 8	CVE-2026-35482	alf.io has an Authenticated RCE via Extension Script Sandbox Escape_CVE-2026-35482 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox es...	alfio-event	alf.io < 2.0-M5-2606	Jun 2, 2026	CVE
HIGH 7.5	DB840F39-36DA-	System-Exploitation-Compromising_DB840F39-36DA-5995-B990-00BE364FFF5D 💀 System Exploitation & Compromising CAP 6135 – Cyber Lab \| Mara Burnside \| UCF \| April 2026 --- 📋 Overview Four penetration testing exercises us...	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-49443	authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API_CVE-2026-49443 authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source...	goauthentik	authentik < 2025.12.6	Jun 2, 2026	CVE
HIGH 7.1	CVE-2026-49144	BrowserStack Runner 0.9.5 Path Traversal via _default HTTP Handler_CVE-2026-49144 BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated...	browserstack	browserstack-runner	Jun 2, 2026	CVE