CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-12486	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability_CVE-2026-12486 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted netwo...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
CRITICAL 10	CVE-2026-12485	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command_CVE-2026-12485 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service ...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
CRITICAL 9.8	EECE9D9F-6DA3-	Exploit for Path Traversal in Apache Http_Server_EECE9D9F-6DA3-5669-A840-4B74F51D2FBB CVE-2021-42013 — PoC: Path Traversal + RCE via modcgi bypass de parche Solo para uso en entornos controlados y propios. No usar contra sistemas sin...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 9.8	D76E3BC5-2C10-	Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin_D76E3BC5-2C10-52DE-8FE2-24C1C9C72D09 this is my version i found a lot in internet but those are too bad USAGE python3 exploit.py -u http://IP/grav-admin/ --lhost YOUR TUN0 IP --lport 4...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
CRITICAL 9.6	CVE-2026-54588	Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction._CVE-2026-54588 Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` re...	poweradmin	poweradmin < 4.2.4	Jun 23, 2026	CVE
CRITICAL 9.8	IMPERVABLOG:CC2...	CVE-2025-54068 Laravel Livewire Credential Theft Campaign: 6,000+ Applications Compromised_IMPERVABLOG:CC22F53AF67610E01435FC711BB2B03F ## Introduction On May 24, 2026, Imperva observed exploitation attempts against Laravel Livewire applications, blocked by the Imperva Cloud WA...	N/A	N/A	Jun 23, 2026	IMPERVABLOG
CRITICAL 9.8	CVE-2026-53753	Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain – Pre-Auth RCE in Docker API_CVE-2026-53753 Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature ...	unclecode	crawl4ai < 0.8.7	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-11807	Eda-server: websocket missing authorization allows credential theft via activation_id spoofing_CVE-2026-11807 A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not...	Red Hat	Red Hat Ansible Automation Platform 2.5 2.5	Jun 23, 2026	CVE
CRITICAL 9.3	CVE-2026-55450	Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak_CVE-2026-55450 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data ...	langflow-ai	langflow < 1.9.1	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-55447	Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit_CVE-2026-55447 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RA...	langflow-ai	langflow < 1.9.2	Jun 23, 2026	CVE