CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-56425	MISP AAD authentication plugin – Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection_CVE-2026-56425 The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow a...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.4	CVE-2026-56423	MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints_CVE-2026-56423 MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection hand...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.6	CVE-2026-28381	Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT_CVE-2026-28381 The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write fil...	Grafana	Snowflake Datasource 1.14.7	Jun 22, 2026	CVE
CRITICAL 10	CVE-2026-10561	Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection_CVE-2026-10561 IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass t...	IBM	Langflow OSS 1.0.0	Jun 22, 2026	CVE
CRITICAL 9.9	0CD6EB69-616A-	Exploit for Code Injection in Microsoft_0CD6EB69-616A-5F14-BC54-BAF18F35CE8E CVE-2026-26030 — Semantic Kernel filter eval RCE lab A self-contained, network-isolated Docker lab reproducing CVE-2026-26030: prompt-injectable re...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
CRITICAL 10	THN:43941E2D420...	Stop Your Legacy Infrastructure from Hijacking Your AI Agents_THN:43941E2D42031698DDE8721BBA2C4DF5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSdS_7552zEvsn5xVfDcVMG2u8ponFIE1E65j5A8Wx-qUroU49h-f6qF7FPCABA063IjNnw-JntL-L1iZjHp...	N/A	N/A	Jun 22, 2026	THN
CRITICAL 9.2	7653BA4D-99D6-	Exploit for Heap-based Buffer Overflow in F5 Dos_7653BA4D-99D6-5EB4-8B19-D98FB57CD325 No description provided...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
CRITICAL 10	A9AC151B-4017-	Exploit for CVE-2026-48908_A9AC151B-4017-55EC-996C-AB5AF8111575 CVE-2026-48908 — SP Page Builder Joomla Unauthenticated RCE Proof-of-concept exploit for CVE-2026-48908, a critical CVSS 4.0 = 10.0 unauthenticated...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
CRITICAL 10	40E52223-C309-	Log4J-PoC_40E52223-C309-5E07-BDDC-2B93D5BCEEEB Log4Shell – Technical Overview & PoC Made in May 2026 by Robin Köhler and Darian Rashed as part of the lecture Secure Software Testing at Hochschul...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
CRITICAL 9.8	BC1EFC7B-C6E0-	Exploit for Authentication Bypass by Spoofing in Zabbix_BC1EFC7B-C6E0-528C-BD5D-A2D2ECE15187 CVE-2022-23131 - Zabbix SAML SSO Authentication Bypass + RCE Overview When SAML SSO is enabled, Zabbix stores session data in a client-side cookie ...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT