CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-40985	Data Binding Vulnerability in Spring Web Flow with Unified EL Parser_CVE-2026-40985 Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring...	Spring	Spring Web Flow 4.0.0	Jun 11, 2026	CVE
NONE	73629CA5-6CDC-	claude-code-f002-poc_73629CA5-6CDC-5867-A16B-E46998DF46E8 F002: Supply Chain Attack via Non-Interactive Workspace Trust Bypass 🔴 CRITICAL — CVE Candidate Severity CRITICAL when chained with supply chain a...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
MEDIUM 4.7	CVE-2026-2827	Open User Map PRO <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting via 'oum_location_notification'_CVE-2026-2827 The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions u...	100plugins	Open User Map PRO	Jun 11, 2026	CVE
CRITICAL 9.8	CVE-2026-35273	CVE-2026-35273_CVE-2026-35273 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions...	Oracle Corporation	PeopleSoft Enterprise PeopleTools 8.61, 8.62	Jun 11, 2026	CVE
HIGH 8.1	F11C41A7-4DE7-	Exploit for Type Confusion in Google Chrome_F11C41A7-4DE7-55FE-9CEE-BFF8F14A09D7 SSD Advisory – Google Chrome RCE Source: ssd-disclosure.com/ssd-advisory-google-chrome-rce Summary A critical remote code execution vulnerability i...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
NONE	TRENDMICROBLOG:...	GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026_TRENDMICROBLOG:AA4A788A037B4D31219E33496D242017 This year’s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed -- and the gap between what these tools promise an...	N/A	N/A	Jun 10, 2026	TRENDMICROBLOG
HIGH 7.6	98D7FC0C-3955-	Exploit for Improper Authentication in Pocketbase_98D7FC0C-3955-56D1-8337-74FE94A341E4 CVE-2026-44166 — PocketBase OAuth2 Account Pre-Hijacking Self-contained lab + writeup for CVE-2026-44166: an attacker with any account on a configu...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
NONE	A80B7830-0196-	Exploit for CVE-2026-28699_A80B7830-0196-594A-AA8C-1EF928459222 CVE-2026-28699 — Gitea OAuth2 Scope Bypass via HTTP Basic Auth Self-contained lab + writeup for CVE-2026-28699: a Gitea OAuth2 access token scoped ...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
CRITICAL 9.1	BD6FBA2A-C9D0-	0day_BD6FBA2A-C9D0-5CA6-95F7-FEE1045D9EEC 0day Due to well-known reasons, the original repository was deleted, but a copy remains. Forking and stargazing counts as zero. However, rest assur...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
MEDIUM 6.2	CVE-2026-53465	ImageMagick: Heap Buffer Over-Write in SF3 encoder when writing multi-frame image_CVE-2026-53465 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can...	ImageMagick	ImageMagick < 7.1.2-25	Jun 10, 2026	CVE