CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2025-11919	Unprotected temporary directories in Wolfram Cloud may result in privilege escalation_CVE-2025-11919 The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp...	Wolfram Research Inc.	Cloud 14.2	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2026-33646	mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)_CVE-2026-33646 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template e...	jdx	mise < 2026.3.10	Jun 26, 2026	CVE
CRITICAL 9.8	C1779145-9574-	Exploit for OS Command Injection in Cacti_C1779145-9574-5457-B610-1891430BF6B2 CVE-2026-39938: Cacti " 3.2 Execute the Code by Including Log File bash curl -k -s "http://target-cacti/graphimage.php?action=view&localgraphid=1&g...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
CRITICAL 9.8	2A8C8CE0-592F-	Exploit for Missing Authentication for Critical Function in Splunk_2A8C8CE0-592F-566A-AD1D-9DB21DEE0C60 CVE-2026-20253 - Splunk Enterprise Pre-Auth RCE PoC ⚠️ ADVERTENCIA: Este script es solo para fines educativos y de prueba en entornos autorizados. ...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
CRITICAL 10	THN:7EF04AAF427...	New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks_THN:7EF04AAF4274557391FF629872DDC867 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsnAZNjHSEX7UtabbKNVn68uohH8pK5LKuU2CgckZTJowWHxYmEjx9ROquO9tFsThy-3_759_ko2TQEX4Wm3...	N/A	N/A	Jun 26, 2026	THN
CRITICAL 10	B351E803-26D7-	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft_B351E803-26D7-5CFC-8727-D423591F86F5 SMBGhost Scanner — CVE-2020-0796 SMBv3 vulnerability scanner SMBGhost. Detects vulnerable Windows hosts by sending a malformed SMBv3 negotiation pa...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
CRITICAL 9.4	ED8AC01D-C112-	Exploit for SQL Injection in Ghost_ED8AC01D-C112-5F2F-86B2-002DDA813E82 CVE-2026-26980 — Ghost CMS Content API Blind SQL Injection Affected: Ghost 3.24.0 – 6.19.0 Fixed in: Ghost 6.19.1 Auth required: None — Content API...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
CRITICAL 9.1	CVE-2026-57658	WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability_CVE-2026-57658 Administrator Arbitrary File Upload in TemplateSpare	Templatespare	TemplateSpare n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-56070	WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability_CVE-2026-56070 Unauthenticated SQL Injection in Advance Product Search	ThemeHunk	Advance Product Search n/a	Jun 26, 2026	CVE
CRITICAL 9.3	CVE-2026-56068	WordPress JetEngine plugin <= 3.8.10.2 - SQL Injection vulnerability_CVE-2026-56068 Unauthenticated SQL Injection in JetEngine	Crocoblock. Jetimpex Inc.	JetEngine n/a	Jun 26, 2026	CVE