CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.4	CVE-2026-56422	MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields_CVE-2026-56422 Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope fore...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.2	CVE-2026-7166	Multiple vulnerabilities in the Assassin game by Gaudire_CVE-2026-7166 Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘...	Gaudire	Assassin game last version	Jun 22, 2026	CVE
CRITICAL 9.4	CVE-2026-7165	Multiple vulnerabilities in the Assassin game by Gaudire_CVE-2026-7165 The vulnerability is present in the ‘/addJugador’ endpoint: * The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of ot...	Gaudire	Assassin game last version	Jun 22, 2026	CVE
CRITICAL 9.3	CVE-2026-56447	MISP remote code execution via arbitrary rdkafka configuration path_CVE-2026-56447 MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary filesystem path. MISP subsequently parsed ...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.3	CVE-2026-56425	MISP AAD authentication plugin – Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection_CVE-2026-56425 The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow a...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.4	CVE-2026-56423	MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints_CVE-2026-56423 MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection hand...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.6	CVE-2026-28381	Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT_CVE-2026-28381 The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write fil...	Grafana	Snowflake Datasource 1.14.7	Jun 22, 2026	CVE
CRITICAL 10	CVE-2026-10561	Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection_CVE-2026-10561 IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass t...	IBM	Langflow OSS 1.0.0	Jun 22, 2026	CVE
CRITICAL 9.9	0CD6EB69-616A-	Exploit for Code Injection in Microsoft_0CD6EB69-616A-5F14-BC54-BAF18F35CE8E CVE-2026-26030 — Semantic Kernel filter eval RCE lab A self-contained, network-isolated Docker lab reproducing CVE-2026-26030: prompt-injectable re...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
CRITICAL 10	THN:43941E2D420...	Stop Your Legacy Infrastructure from Hijacking Your AI Agents_THN:43941E2D42031698DDE8721BBA2C4DF5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSdS_7552zEvsn5xVfDcVMG2u8ponFIE1E65j5A8Wx-qUroU49h-f6qF7FPCABA063IjNnw-JntL-L1iZjHp...	N/A	N/A	Jun 22, 2026	THN