CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-35025	ProFTPD ACL Bypass via /proc/self/root Path Prefix in RNFR_CVE-2026-35025 ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory AC...	ProFTPD Project	ProFTPD 1.3.9b, 1.3.10rc2	Jun 24, 2026	CVE
CRITICAL 10	CVE-2026-12537	Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows_CVE-2026-12537 Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub A...	Google Cloud	Gemini CLI	Jun 24, 2026	CVE
CRITICAL 10	SECURELIST:25DF...	StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader_SECURELIST:25DF27E139AF4557190EDA740DEAB957 ![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2026/06/24085803/SL-StrikeShark-featured-990x400.jpg) ## Introduction Durin...	N/A	N/A	Jun 24, 2026	SECURELIST
NONE	MALWAREBYTES:0F...	“Total access to all your devices.” Sextortion scammers strike again_MALWAREBYTES:0FD9C7128A95FF6374187563C0B72426 At the moment, we’re seeing all kinds of sextortion emails. The scam is cheap to run, easy to automate, and apparently profitable enough that cyber...	N/A	N/A	Jun 24, 2026	MALWAREBYTES
NONE	SCHNEIER:7A1236...	Embedding Forbidden Text in Spyware to Discourage AI Analysis_SCHNEIER:7A1236483F174AEC1AD949F80DF69235 At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. D...	N/A	N/A	Jun 24, 2026	SCHNEIER
NONE	THN:E39759F4A03...	Dawn of the Apex Agentic Adversary_THN:E39759F4A03F44F39AA790935B0FBE4A ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuQ2GvCcnjBgMTXoXBXqazE9MU3nbNgeccOlWELBQOL9WcHHH4uXS1BKCrrmv6iWWAn6vu1LZJzpHl1MGetv...	N/A	N/A	Jun 24, 2026	THN
MEDIUM 5.5	CVE-2026-11968	Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) in TortoiseGit_CVE-2026-11968 Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit	TortoiseGit team	TortoiseGit 1.8.10.0	Jun 24, 2026	CVE
MEDIUM 6.9	CVE-2026-13150	SSRF in Pentestify PDF generation endpoint via Host header_CVE-2026-13150 Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 ...	Pentestify	Pentestify	Jun 24, 2026	CVE
HIGH 7.8	4BA3261D-2DE6-	Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel_4BA3261D-2DE6-5D66-AE25-4FA760E8F87D rootpacket CVE-2026-31431 A Linux Docker-to-host cryptojacking toolkit captured from live attacks on Kinryū Labs honeypots. It breaks in through an...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 10	776C9ED4-3841-	Exploit for Code Injection in Craftcms Craft_Cms_776C9ED4-3841-5FC1-B7D1-370CEAB62FAB PoCCVE-2025-32432 CraftCMS CVE-2025-32432 - Clean PoC Version nettoyée et améliorée du PoC original. Crédits - Recherche originale : Orange Cyberde...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT