CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-56232	Capgo – Subkey Scope Bypass in middlewareKey via x-limited-key-id Header_CVE-2026-56232 Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewar...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-56231	Capgo – Broken Object Level Authorization in Build Job Control via jobId Parameter_CVE-2026-56231 Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST /build/start/:jobId and POST /build/cancel/:job...	Capgo	Capgo	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-56223	Capgo – Account Takeover via Cross-Domain SSO Email Assertion in provision-user_CVE-2026-56223 Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbi...	Capgo	Capgo	Jun 24, 2026	CVE
LOW 1.1	CVE-2026-13140	Stored Cross-Site Scripting in Canarytokens.org_CVE-2026-13140 Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledg...	Thinkst Applied Research	Canarytokens sha-4116b92cb	Jun 24, 2026	CVE
CRITICAL 9.8	2DEFD2D9-CD2E-	Exploit for OS Command Injection in Fortinet Fortiweb_2DEFD2D9-CD2E-5E1B-BEAB-3A15FD3493B4 Mô phỏng khai thác FortiWeb CVE-2025-64446 & CVE-2025-58034 Lưu ý: - Tài liệu này chỉ phục vụ mục đích học tập và nghiên cứu bảo mật. - Không sử dụ...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 10	671F5C5A-5DF1-	Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware_671F5C5A-5DF1-5396-BCA3-038841185E26 Mô phỏng khai thác Dahua Authentication Bypass PoC CVE-2021-33044 Tổng quan Camera IP Dahua là thiết bị IoT được sử dụng phổ biến trong các hệ thốn...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 10	FC87C5D8-8FE4-	Exploit for Deserialization of Untrusted Data in Facebook React_FC87C5D8-8FE4-516F-8C86-FF2150B1A826 Mô phỏng khai thác React2Shell CVE-2025-55182 Lưu ý: - Tài liệu này chỉ phục vụ mục đích học tập và nghiên cứu bảo mật. - Không sử dụng để tấn công...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 7.8	1C4C9845-A374-	Exploit for Improper Privilege Management in Enlightenment_1C4C9845-A374-55A0-891B-94D916CABECA CVE-2022-37706 Overview CVE-2022-37706 adalah kerentanan Local Privilege Escalation LPE yang ditemukan pada komponen enlightenmentsys di lingkungan...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 7.6	CVE-2025-71354	picklescan – Remote Code Execution via idlelib.debugobj.ObjectTreeItem.SetText_CVE-2025-71354 picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. At...	picklescan	picklescan	Jun 24, 2026	CVE
HIGH 8.5	CVE-2025-71332	Flowise – SQL Injection in importChatflows API via chatflow.id Parameter_CVE-2025-71332 Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, a...	Flowise	Flowise	Jun 24, 2026	CVE