CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9	CVE-2026-41005	UAA accepts SAML Encrypted Assertions authentication bypass_CVE-2026-41005 Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity...	Cloud Foundry	UAA 2.0.0	Jun 11, 2026	CVE
NONE	9C9F70FF-2585-	dvwa-web-attack-lab_9C9F70FF-2585-522B-AEBD-59CBB8CD56B7 Web Application Penetration Testing Lab Platform: Kali Linux VirtualBox \| Target: DVWA Damn Vulnerable Web Application \| Tools: Burp Suite Communit...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
NONE	TALOSBLOG:E499A...	A tale of two eras_TALOSBLOG:E499ABB864B9A8C19A09AD5A39C7322B ![A tale of two eras](https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/06/threat_source-1.jpg) Welcome to...	N/A	N/A	Jun 11, 2026	TALOSBLOG
NONE	WIRED:0B021BDAA...	Grok Is Still Hosting Sexualized Deepfakes of Famous Women_WIRED:0B021BDAAFB71BEEC59FFF8BD19BFEC9 A WIRED investigation found dozens of “nudified” deepfake images and videos on Grok's website, including nonconsensual depictions of celebrities an...	N/A	N/A	Jun 11, 2026	WIRED
CRITICAL 9.8	THN:752B90FA610...	ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities_THN:752B90FA61064ECC5D562EA512CCEC15 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBpNcbfulhruio1VSh8OPKOjdx3gvP-Chg8OjSm7LZeVK2GaVR-osKeoQjO9e1_56Dtedmlisu76lYc70Wv5...	N/A	N/A	Jun 11, 2026	THN
NONE	MSF:EXPLOIT-MULTI-	VS Code Extension Persistence_MSF:EXPLOIT-MULTI-PERSISTENCE-VSCODE_EXTENSION- This module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS ...	N/A	N/A	Jun 11, 2026	METASPLOIT
CRITICAL 10	CVE-2026-49261	MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`_CVE-2026-49261 MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11...	MariaDB	server >= 10.6.1, < 10.6.27	Jun 11, 2026	CVE
HIGH 8.5	CVE-2026-48546	KanaDojo < 0.1.18 Sandbox Escape RCE via messages.cjs_CVE-2026-48546 KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing...	lingdojo	kana-dojo	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-47157	aiograpi: Unsafe signup challenge path handling_CVE-2026-47157 aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them...	subzeroid	aiograpi < 0.9.10	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-46698	Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action_CVE-2026-46698 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_...	stefanbohacek	fediverse-embeds-wordpress-plugin < 1.5.9	Jun 11, 2026	CVE