CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2026-55742	Cotonti CSRF in admin.rights.php allows privilege escalation_CVE-2026-55742 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/ad...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
CRITICAL 10	CVE-2026-28573	CVE-2026-28573_CVE-2026-28573 In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of serv...	Google	Android 14	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2025-10560	Hardcoded cloud credentials in Worksnaps client application binaries expose production cloud resources_CVE-2025-10560 Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries...	Silver Leaf Technologies, Inc.	Worksnaps.net Worksnaps Worksnaps before 1.6.20260201	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-8024	Deserialization vulnerability in ibaPDA and ibaDatCoordinator_CVE-2026-8024 A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access...	iba	ibaPDA 1.0.0	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-54419	PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query_CVE-2026-54419 claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5) con...	claudiopizzillo	PIAF-HMS	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-11718	CVE-2026-11718_CVE-2026-11718 An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When th...	Google	MCP Toolbox for Databases (googleapis/mcp-toolbox) 1.0.0	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-11717	CVE-2026-11717_CVE-2026-11717 An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When ve...	Google	MCP Toolbox for Databases (googleapis/mcp-toolbox) 1.0.0	Jun 18, 2026	CVE
CRITICAL 9.8	63792567-6E10-	Exploit for Improper Input Validation in Hoverfly_63792567-6E10-52EB-9FBC-843EABF2AB52 No description provided...	N/A	N/A	Jun 18, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-48768	TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName_CVE-2026-48768 TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses u...	baptisteArno	typebot.io < 3.17.0	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-12569	Remote Code Execution (RCE) vulnerability in Windchill PDMlink_CVE-2026-12569 A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited...	PTC	Windchill PDMLink	Jun 18, 2026	CVE