exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-48814	Network-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)_CVE-2026-48814 Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin ...	Jovancoding	Network-AI < 5.7.2	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-32682	NGINX Gateway Fabric vulnerability_CVE-2026-32682 When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources...	F5	NGINX Gateway Fabric 1.3.0	Jun 17, 2026	CVE
HIGH 8.6	CVE-2026-11407	Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed_CVE-2026-11407 Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary meth...	Pimcore GmbH	Pimcore CMS/DXP	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-49133	Typemill < 2.24.0 Path Traversal via ControllerApiImage::getPagemedia()_CVE-2026-49133 Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary f...	typemill	typemill	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48988	markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations_CVE-2026-48988 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to qua...	markdown-it	markdown-it < 14.2.0	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-48979	PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling_CVE-2026-48979 PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 an...	php-standard-library	php-standard-library >= 6.1.0, < 6.1.2	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-48821	Shaarli: DOM-based Cross-Site Scripting (XSS) in Thumbnail Synchronizer_CVE-2026-48821 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vulnerability in the Thumbnail ...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
NONE	MSF:EXPLOIT-WINDOWS-	NTLM Relay to Self (HTTP to LDAP) – Post Exploitation_MSF:EXPLOIT-WINDOWS-LOCAL-NTLM_RELAY_2_SELF- This module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, then trigge...	N/A	N/A	Jun 17, 2026	METASPLOIT
NONE	FC7E063F-7FC6-	Hadoop-YARN-RCE_FC7E063F-7FC6-592E-BBD9-FE777046579E Unauthenticated RCE in Apache Hadoop YARN ResourceManager An unauthorized access vulnerability exists in Apache Hadoop YARN ResourceManager when it...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
MEDIUM 5.5	7C677A10-9FA7-	Exploit for Path Traversal in Microsoft_7C677A10-9FA7-51FB-8E47-4CC7BE2CF1F8 NimbusPwn — networkd-dispatcher 📜 Description A C PoC for NimbusPwn, a local privilege escalation in networkd-dispatcher. An unprivileged user cla...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT