CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.4	CVE-2026-56395	SiYuan – Remote Code Execution via Malicious Bazaar Package Metadata and README_CVE-2026-56395 SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject ...	SiYuan	SiYuan	Jun 21, 2026	CVE
CRITICAL 9.3	CVE-2026-56265	Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attacker...	Crawl4AI	Crawl4AI	Jun 21, 2026	CVE
CRITICAL 9.2	1EF4AA0B-45D8-	Exploit for CVE-2026-49757_1EF4AA0B-45D8-513E-B6D6-AF05E52ECFC6 CVE-2026-49757 — AshAuthentication OAuth2/OIDC Account Takeover Proof of Concept for CVE-2026-49757 — a critical vulnerability in AshAuthentication...	N/A	N/A	Jun 21, 2026	GITHUBEXPLOIT
CRITICAL 9.8	FB774AC0-68D8-	Exploit for CVE-2026-11561_FB774AC0-68D8-53A1-A43B-0733FA9AF1BD CVE-2026-11561 — Apinizer SSTI / RCE Version Check Infra Nuclei template to detect Apinizer versions lower than 2026.04.6, which are vulnerable to ...	N/A	N/A	Jun 21, 2026	GITHUBEXPLOIT
CRITICAL 9.2	CVE-2026-56345	AVideo – Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo Endpoint_CVE-2026-56345 AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the targ...	AVideo	AVideo	Jun 20, 2026	CVE
CRITICAL 9.8	B59AFB79-5EFF-	Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat_B59AFB79-5EFF-5CBE-9EBA-41DE2D90DCE9 No description provided...	N/A	N/A	Jun 20, 2026	GITHUBEXPLOIT
CRITICAL 9.9	CVE-2026-5366	Git Argument Injection in prefecthq/prefect_CVE-2026-5366 Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage clas...	prefecthq	prefecthq/prefect unspecified	Jun 20, 2026	CVE
CRITICAL 9.8	51654478-7539-	Exploit for OS Command Injection in Redhat Openshift_Container_Platform_51654478-7539-5748-ADF6-E1E5CD131F2F CVE-2026-4480-PoC...	N/A	N/A	Jun 20, 2026	GITHUBEXPLOIT
CRITICAL 10	CVE-2026-48939	Joomla Extension – icagenda.com – Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15_CVE-2026-48939 A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in P...	icagenda.com	iCagenda extension for Joomla 1.0.0-3.9.14	Jun 20, 2026	CVE
CRITICAL 9.5	CVE-2026-48909	Joomla Extension – joomshaper.com – PHP Object injection in SP LMS extension for Joomla < 4.1.4_CVE-2026-48909 SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker t...	joomshaper.net	SP LMS extension for Joomla 1.0.0-4.1.3	Jun 20, 2026	CVE