CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	C558BD70-1D0A-	Exploit for Eval Injection in Xwiki_C558BD70-1D0A-5175-B681-DC19927F031B CVE-2025-24893 - XWiki Unauthenticated RCE Exploit POC ⚠️ Unauthenticated Remote Code Execution in XWiki 🛠️ PoC implementation by @dollarboysushil ...	N/A	N/A	Jun 21, 2026	GITHUBEXPLOIT
CRITICAL 9.8	D93E90BB-2B9E-	Exploit for Out-of-bounds Write in Tenda Ac9_Firmware_D93E90BB-2B9E-5BD6-A00A-62EF1D546898 CVE-2025-29384 Proof-of-Concept Exploit Overview This repository contains an advanced proof-of-concept PoC exploit for CVE-2025-29384, a critical s...	N/A	N/A	Jun 21, 2026	GITHUBEXPLOIT
CRITICAL 9.1	8FE1D006-969F-	Exploit for Improper Authorization in Vercel Next.Js_8FE1D006-969F-54DD-8019-0A83146AD040 CVE-2025-29927-PoC-Exploit Proof-of-Concept for Authorization Bypass in Next.js Middleware You can run this against a vulnerable version here: http...	N/A	N/A	Jun 21, 2026	GITHUBEXPLOIT
CRITICAL 9.3	004E17C4-056B-	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo_004E17C4-056B-597E-B74C-0D0FCCC055C2 CVE-2025-32463-sudo-chwoot PoC for CVE-2025-32463 - Sudo chroot Elevation of Privilege Vulnerability - Original PoC sudo-chwoot.sh - CTF Demo chwoo...	N/A	N/A	Jun 21, 2026	GITHUBEXPLOIT
CRITICAL 10	89C72402-67E2-	Exploit for Deserialization of Untrusted Data in Facebook React_89C72402-67E2-5AB5-923D-766EE155B081 🛡️ React2Shell CTF 🚀 Welcome to React2Shell-CTF, a Dockerized environment designed to practice exploiting React2Shell CVE-2025-55182. React2Shell ...	N/A	N/A	Jun 21, 2026	GITHUBEXPLOIT
CRITICAL 10	C864AB49-BD5F-	Exploit for Improper Input Validation in N8N_C864AB49-BD5F-550D-849F-BF3E904AB1CF CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenticated Arbitrary File Read → Admin Token Forge → Sandbox Bypass → RCE \| \| \| \|---\|---\| \| C...	N/A	N/A	Jun 21, 2026	GITHUBEXPLOIT
CRITICAL 9.4	CVE-2026-56397	SiYuan – Remote Code Execution via Malicious Bazaar Package Metadata and README_CVE-2026-56397 SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject ...	SiYuan	SiYuan	Jun 21, 2026	CVE
CRITICAL 9.4	CVE-2026-56395	SiYuan – Remote Code Execution via Malicious Bazaar Package Metadata and README_CVE-2026-56395 SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject ...	SiYuan	SiYuan	Jun 21, 2026	CVE
CRITICAL 9.3	CVE-2026-56265	Crawl4AI – Authentication Bypass via Hardcoded JWT Signing Key_CVE-2026-56265 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attacker...	Crawl4AI	Crawl4AI	Jun 21, 2026	CVE
CRITICAL 9.2	1EF4AA0B-45D8-	Exploit for CVE-2026-49757_1EF4AA0B-45D8-513E-B6D6-AF05E52ECFC6 CVE-2026-49757 — AshAuthentication OAuth2/OIDC Account Takeover Proof of Concept for CVE-2026-49757 — a critical vulnerability in AshAuthentication...	N/A	N/A	Jun 21, 2026	GITHUBEXPLOIT