CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	PACKETSTORM:223388	📄 FreePBX SQL Injection / Shell Upload / Remote Root_PACKETSTORM:223388 This Python3 script exploits a remote SQL injection vulnerability in FreePBX and adds a remote shell that achieves root privileges. This issue has ...	N/A	N/A	Jun 15, 2026	PACKETSTORM
HIGH 8.8	THN:DED9C232B49...	LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers_THN:DED9C232B49BBF1CB0977760C793F104 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiH9LcMRhk5Li59rG05yXoOOofNzGpeG1MMSKQqhFCGW_28n0SjLKd9D4MC68N7jPP6dF2h2l8gW1OE7Y7ak...	N/A	N/A	Jun 15, 2026	THN
CRITICAL 9.8	CVE-2026-11526	GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle_CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::I...	RURBAN	GD	Jun 14, 2026	CVE
MEDIUM 5.3	CVE-2026-8386	WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID_CVE-2026-8386 The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing u...	Unknown	WP Go Maps	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-8935	Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation_CVE-2026-8935 The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any f...	Unknown	WP MAPS PRO	Jun 15, 2026	CVE
CRITICAL 9.3	13CA0CE8-12D1-	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering_Toolkits_13CA0CE8-12D1-54FC-9A7F-66AE9C6F4402 No description provided...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
NONE	MALWAREBYTES:BF...	Deepfake porn sites are going offline (re-air) (Lock and Code S07E12)_MALWAREBYTES:BF08B1C9F99DFB1F6F78F43B4FDCFAE4 _This week on the Lock and Code podcast …_ If you weren't taking deepfakes seriously before, it's too late now to ignore them. According to new ...	N/A	N/A	Jun 15, 2026	MALWAREBYTES
NONE	MALWAREBYTES:DD...	Claude Fable 5 and Mythos 5 “abruptly disabled” after US gov. ban_MALWAREBYTES:DD733E96F8F10DD6044EE94F4172A510 Anthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse by adversaries. Reuters...	N/A	N/A	Jun 15, 2026	MALWAREBYTES
NONE	QUALYSBLOG:FAEE...	What Changed in OWASP Top 10 2025 and Recommendations for Each Category_QUALYSBLOG:FAEEFB8C63E738452101F3466498A8D5 ##### Key Takeaways * The 2025 list introduces two new categories – Software Supply Chain Failures (A03) and Mishandling of Exceptional Conditi...	N/A	N/A	Jun 15, 2026	QUALYSBLOG
CRITICAL 9.8	CVE-2026-41157	GPU DDK – OOB Write in CalculateNPOTTwiddleSparsePageMap3D_CVE-2026-41157 A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space...	Imagination Technologies	Graphics DDK 1.18 RTM, 23.2 RTM, 24.2 RTM, 25.1 RTM, 26.1 RTM	Jun 12, 2026	CVE