CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	1C4C9845-A374-	Exploit for Improper Privilege Management in Enlightenment_1C4C9845-A374-55A0-891B-94D916CABECA CVE-2022-37706 Overview CVE-2022-37706 adalah kerentanan Local Privilege Escalation LPE yang ditemukan pada komponen enlightenmentsys di lingkungan...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 7.6	CVE-2025-71354	picklescan – Remote Code Execution via idlelib.debugobj.ObjectTreeItem.SetText_CVE-2025-71354 picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. At...	picklescan	picklescan	Jun 24, 2026	CVE
HIGH 8.5	CVE-2025-71332	Flowise – SQL Injection in importChatflows API via chatflow.id Parameter_CVE-2025-71332 Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, a...	Flowise	Flowise	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-13163	Lack of input validation in Mailerup input parameter leads to Open Redirect_CVE-2026-13163 Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint (/c//) in Mailerup	Mailerup	Mailerup	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-12242	AdRotate Banner Manager <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection via 'banner' Shortcode Attribute_CVE-2026-12242 The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' ...	adegans	AdRotate Banner Manager	Jun 24, 2026	CVE
HIGH 8.4	CVE-2026-42450	OpenColorIO vulnerable to stack buffer overflow via unbounded `sscanf %s` in Spi3D (.spi3d) LUT parser_CVE-2026-42450 OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with ...	AcademySoftwareFoundation	OpenColorIO < 2.5.2	Jun 24, 2026	CVE
HIGH 8.6	CVE-2026-35025	ProFTPD ACL Bypass via /proc/self/root Path Prefix in RNFR_CVE-2026-35025 ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory AC...	ProFTPD Project	ProFTPD 1.3.9b, 1.3.10rc2	Jun 24, 2026	CVE
CRITICAL 10	CVE-2026-12537	Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows_CVE-2026-12537 Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub A...	Google Cloud	Gemini CLI	Jun 24, 2026	CVE
CRITICAL 10	SECURELIST:25DF...	StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader_SECURELIST:25DF27E139AF4557190EDA740DEAB957 ![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2026/06/24085803/SL-StrikeShark-featured-990x400.jpg) ## Introduction Durin...	N/A	N/A	Jun 24, 2026	SECURELIST
NONE	MALWAREBYTES:0F...	“Total access to all your devices.” Sextortion scammers strike again_MALWAREBYTES:0FD9C7128A95FF6374187563C0B72426 At the moment, we’re seeing all kinds of sextortion emails. The scam is cheap to run, easy to automate, and apparently profitable enough that cyber...	N/A	N/A	Jun 24, 2026	MALWAREBYTES