CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	D76E3BC5-2C10-	Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin_D76E3BC5-2C10-52DE-8FE2-24C1C9C72D09 this is my version i found a lot in internet but those are too bad USAGE python3 exploit.py -u http://IP/grav-admin/ --lhost YOUR TUN0 IP --lport 4...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
CRITICAL 9.6	CVE-2026-54588	Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction._CVE-2026-54588 Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` re...	poweradmin	poweradmin < 4.2.4	Jun 23, 2026	CVE
CRITICAL 9.8	IMPERVABLOG:CC2...	CVE-2025-54068 Laravel Livewire Credential Theft Campaign: 6,000+ Applications Compromised_IMPERVABLOG:CC22F53AF67610E01435FC711BB2B03F ## Introduction On May 24, 2026, Imperva observed exploitation attempts against Laravel Livewire applications, blocked by the Imperva Cloud WA...	N/A	N/A	Jun 23, 2026	IMPERVABLOG
CRITICAL 9.8	CVE-2026-53753	Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain – Pre-Auth RCE in Docker API_CVE-2026-53753 Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature ...	unclecode	crawl4ai < 0.8.7	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-11807	Eda-server: websocket missing authorization allows credential theft via activation_id spoofing_CVE-2026-11807 A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not...	Red Hat	Red Hat Ansible Automation Platform 2.5 2.5	Jun 23, 2026	CVE
CRITICAL 9.3	CVE-2026-55450	Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak_CVE-2026-55450 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data ...	langflow-ai	langflow < 1.9.1	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-55447	Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit_CVE-2026-55447 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RA...	langflow-ai	langflow < 1.9.2	Jun 23, 2026	CVE
CRITICAL 9.9	CVE-2026-55255	Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User’s Flow_CVE-2026-55255 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerabi...	langflow-ai	langflow < 1.9.2	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-48519	Langflow: Unauthenticated RCE in Shareable Playgrounds_CVE-2026-48519 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in cod...	langflow-ai	langflow < 1.9.2	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-44791	n8n: XML Node Prototype Pollution Patch Bypass_CVE-2026-44791 n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modif...	n8n-io	n8n < 1.123.43	Jun 23, 2026	CVE