CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	74E570DB-A721-	cybersec-mcp_74E570DB-A721-5253-AF4D-820CFCB2BA98 🛡️ Cybersecurity Professor MCP Server Prof. Null — Tu profesor de ciberseguridad impulsado por Claude AI, sin censuras, de cero a experto. ¿Qué es ...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.2	ACDFF314-157E-	Exploit for CVE-2026-9256_ACDFF314-157E-5A20-868D-9DAFBC9A20A4 CVE-2026-9256-POC CVE-2026-9256 Nginx heap buffer overflow POC...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.8	65E0C16C-7DAE-	eCPPT-Penetration-Testing-Reports_65E0C16C-7DAE-5E13-820B-B2415659245F eCPPT Penetration Testing Reports Penetration testing lab reports and CTF writeups documenting offensive security techniques, vulnerability exploit...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.6	CVE-2026-32625	LibreChat Exfiltrates Server Secrets via MCP Server URL Injection_CVE-2026-32625 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP)...	danny-avila	LibreChat < 0.8.4-rc1	Jun 2, 2026	CVE
CRITICAL 9.8	CVE-2026-49448	authentik: SourceStage bypass via empty POST_CVE-2026-49448 authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an ...	goauthentik	authentik < 2025.12.6	Jun 2, 2026	CVE
CRITICAL 9.3	CVE-2026-42849	authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover_CVE-2026-42849 authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flo...	goauthentik	authentik < 2025.12.5	Jun 2, 2026	CVE
CRITICAL 9.8	018B5871-29BC-	Exploit for Stack-based Buffer Overflow in Microsoft_018B5871-29BC-5EF3-B24E-99416F43FF2C CVE-2026-41089 — SentinelCore Defensive Toolkit Python 3 toolkit to detect and remediate exposure to CVE-2026-41089 on Windows Domain Controllers. ...	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT
CRITICAL 9.1	CVE-2026-10629	CVE-2026-10629_CVE-2026-10629 SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Secur...	Verizon	VoLTE UNKNOWN	Jun 2, 2026	CVE
CRITICAL 9.8	CVE-2026-5076	ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation_CVE-2026-5076 The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The pl...	armember	ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	Jun 2, 2026	CVE
CRITICAL 9.8	PACKETSTORM:222477	📄 Samba SMB Printer Queue Command Injection / Remote Task Delivery_PACKETSTORM:222477 This Python script is a structured exploitation framework targeting Samba print services exposed over SMB port 445. It focuses on printer-share int...	N/A	N/A	Jun 2, 2026	PACKETSTORM