CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-36727	CVE-2026-36727_CVE-2026-36727 An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forge...	bookcars	bookcars v8.3	Jun 9, 2026	CVE
CRITICAL 9.9	CVE-2026-50566	Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation_CVE-2026-50566 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-50564	Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape_CVE-2026-50564 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-50563	Fission Container Executor Function PodSpec Injection Leading to Node Escape_CVE-2026-50563 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-50545	Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover_CVE-2026-50545 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
CRITICAL 9.8	CVE-2026-46614	Fission router exposes /fission-function// on its public listener, allowing invocation of any function without an HTTPTrigger_CVE-2026-46614 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.23.0	Jun 10, 2026	CVE
CRITICAL 9.8	CVE-2026-20253	Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise_CVE-2026-20253 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated us...	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE
CRITICAL 9.1	CVE-2026-34182	CMS AuthEnvelopedData Processing May Accept Forged Messages_CVE-2026-34182 Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of ...	OpenSSL	OpenSSL 4.0.0, 3.6.0, 3.5.0, 3.4.0, 3.0.0	Jun 9, 2026	CVE
CRITICAL 9.8	THN:F7E7D468AF7...	China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance_THN:F7E7D468AF7210FBEDEFCF347D48B054 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQC0_BYMuNpY7re4OHHsytEfC6fW3KsonxN6e2X0Dj03fJoMazI6EZnvPj_hOUZ99yJLq6RrH3ZSCsfDWOB6...	N/A	N/A	Jun 10, 2026	THN
CRITICAL 10	PACKETSTORM:223077	📄 UniFi Network 9.0.118 Path Traversal / File Disclosure_PACKETSTORM:223077 UniFi Network version9.0.118 suffers from a path traversal vulnerability that can lead to arbitrary file disclosure...	N/A	N/A	Jun 10, 2026	PACKETSTORM