CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	PACKETSTORM:224334	📄 Dalfox Found-Action Deserialization Remote Code Execution_PACKETSTORM:224334 When dalfox versions less than or equal to 2.12.0 is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and...	N/A	N/A	Jun 25, 2026	PACKETSTORM
CRITICAL 9.2	CVE-2026-56123	socat 1.8.0.0 – 1.8.1.1 Heap Buffer Overflow via SOCKS5 Reply Parser_CVE-2026-56123 socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite ...	socat	socat 1.8.0.0	Jun 25, 2026	CVE
CRITICAL 9.4	CVE-2026-55413	ToolJet – Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution_CVE-2026-55413 ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-l...	ToolJet	ToolJet < 3.20.178-lts	Jun 25, 2026	CVE
CRITICAL 10	CVE-2026-57700	WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability_CVE-2026-57700 Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from...	Daan.dev	OMGF Pro n/a	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2026-56786	RTKLIB 2.4.3 – Out-of-bounds Write in decode_type1033 via Crafted RTCM3 Message_CVE-2026-56786 RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination b...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
CRITICAL 9.1	CVE-2026-54089	File Browser: Authentication Bypass via Proxy Auth Header Forgery_CVE-2026-54089 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting w...	filebrowser	filebrowser >= 2.0.0-rc.1	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2026-54088	File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)_CVE-2026-54088 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2026-54849	WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability_CVE-2026-54849 Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce	Premmerce	Premmerce Wishlist for WooCommerce 1.1.11	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2026-54843	WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability_CVE-2026-54843 Unauthenticated SQL Injection in MDTF	PluginUs.Net	MDTF n/a	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2026-54836	WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability_CVE-2026-54836 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue ...	YMC	YMC Filter n/a	Jun 25, 2026	CVE