HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-49954	Discuz! X5.0 Local File Inclusion via enable_disable.php Plugin Directory_CVE-2026-49954 Discuz! X5.0 releases 20260320 through 20260501 contain a local file inclusion vulnerability that allows authenticated administrators to execute ar...	Discuz!	Discuz! X5.0 20260320	Jun 15, 2026	CVE
HIGH 8.6	CVE-2026-47835	Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores_CVE-2026-47835 In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire ...	Spring	Spring AI 1.0.0	Jun 15, 2026	CVE
HIGH 8.6	CVE-2026-11527	Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle_CVE-2026-11527 Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_...	SHLOMIF	Config::IniFiles	Jun 14, 2026	CVE
HIGH 7.5	CVE-2026-41708	Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability_CVE-2026-41708 In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The applic...	Spring	Spring Cloud Sleuth 3.1.0	Jun 15, 2026	CVE
HIGH 8.3	B8597AF3-5382-	Exploit for CVE-2025-2783_B8597AF3-5382-5D92-B7C2-B9350D29B3DD Chromium CVE-2025-2783: Sandbox Escape & Full-Chain RCE Exploit This repository contains a full-chain exploit implementation for CVE-2025-2783. The...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-47777	Mastodon has a consent-check bypass in its remote Collections_CVE-2026-47777 Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote account...	mastodon	mastodon >= nightly.2026-03-10, < 4.6.0-beta.1	Jun 15, 2026	CVE
HIGH 8.8	THN:DED9C232B49...	LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers_THN:DED9C232B49BBF1CB0977760C793F104 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiH9LcMRhk5Li59rG05yXoOOofNzGpeG1MMSKQqhFCGW_28n0SjLKd9D4MC68N7jPP6dF2h2l8gW1OE7Y7ak...	N/A	N/A	Jun 15, 2026	THN
HIGH 7.5	CVE-2026-9863	Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability_CVE-2026-9863 Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installation...	Fortra	Core Privileged Access Manager (BoKS) boks-server 8.1.0.0	Jun 15, 2026	CVE
HIGH 7.5	THN:0C053FA1B9E...	One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files_THN:0C053FA1B9E28CFF8B119BFB93E9A94A ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH3B8zgsVZmHEyLi8McE-eOrGvwf6Uh3zyqWrttvaEddXJCot7sybI1o-Ly5Q1TtuEJx9BzXol3oaXSFdzFi...	N/A	N/A	Jun 15, 2026	THN
HIGH 8.8	THN:856A8FFBDB6...	⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More_THN:856A8FFBDB69929C783A53A3AC085A13 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOtdohah5P1Lv9egIZCwwxpEdcV4phYigmhvgzB3ulDhSeeffe4qDsVoowrzaTD6WsgwyjKIdJ_vzvnsUJ78...	N/A	N/A	Jun 15, 2026	THN