CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	THN:0BD4A62DBE4...	The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm_THN:0BD4A62DBE41A6B9A27B7AEF56EC0C96 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT390XWb8ahl36RgVGzdXiIpEJ43hxHfayY1i2C_rBLbVyu5A2Q-uOFptUFJL33Ehedvbx97RiUV2NivTy-F...	N/A	N/A	Jun 11, 2026	THN
HIGH 8.8	CVE-2026-50223	Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution_CVE-2026-50223 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/Dat...	Apache Software Foundation	Apache OFBiz before 24.09.07	Jun 10, 2026	CVE
CRITICAL 9.8	CVE-2026-38581	CVE-2026-38581_CVE-2026-38581 SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idF...	damasac	thaipalliative_lte 3.0	Jun 11, 2026	CVE
CRITICAL 9.1	CVE-2026-9648	CVE-2026-9648_CVE-2026-9648 The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alter...	Haskell Programming Language	crypton-certificate	Jun 11, 2026	CVE
HIGH 8.8	CVE-2026-7870	IBM i is Affected by Privilege Escalation []_CVE-2026-7870 IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-...	IBM	i 7.6	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-7787	Unauthenticated Session History Access via Public Flow Execution_CVE-2026-7787 IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using in...	IBM	Langflow OSS 1.0.0	Jun 11, 2026	CVE
HIGH 8.6	CVE-2026-53777	Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket_CVE-2026-53777 Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writa...	PerryTS	perry	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-4096	A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests._CVE-2026-4096 IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could ...	IBM	DevOps Plan 3.0.0	Jun 11, 2026	CVE
MEDIUM 5.4	CVE-2026-3341	IBM Langflow Desktop 1.0.0 – 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services_CVE-2026-3341 IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker...	IBM	Langflow Desktop 1.0.0	Jun 11, 2026	CVE
CRITICAL 9.9	CVE-2026-11839	Arbitrary File Upload in Basarsoft’s Rotaban_CVE-2026-11839 Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web...	Başarsoft Information Technologies Inc.	Rotaban V2026.06.002	Jun 11, 2026	CVE