CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.5	CVE-2026-49468	LiteLLM: Authentication Bypass via Host Header Injection_CVE-2026-49468 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.	BerriAI	litellm < 1.84.0	Jun 22, 2026	CVE
CRITICAL 9.2	CVE-2026-45034	PhpSpreadsheet: File::prohibitWrappers bypass_CVE-2026-45034 PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::pro...	PHPOffice	PhpSpreadsheet < 1.30.5	Jun 22, 2026	CVE
CRITICAL 9.3	CVE-2026-44727	Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP_CVE-2026-44727 Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored noteb...	jupyter-server	jupyter_server < 2.20	Jun 22, 2026	CVE
CRITICAL 9.2	CVE-2026-56266	Crawl4AI – Server-Side Request Forgery via Direct Crawl Endpoints_CVE-2026-56266 Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitra...	unclecode	Crawl4AI 0.8.7	Jun 22, 2026	CVE
CRITICAL 9.3	4DC88245-D5D6-	Exploit for CVE-2026-49772_4DC88245-D5D6-582C-AA2B-EE9293E136F3 The Events Calendar SQL Injection CVE-2026-49772 PoC Description CVE-2026-49772 is an unauthenticated blind SQL injection in the WordPress plugin T...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
CRITICAL 9.3	PACKETSTORM:224001	📄 Worksnaps.net Worksnaps Hardcoded Root Cloud Credentials_PACKETSTORM:224001 Silver Leaf Technologies - Worksnaps.net Worksnaps suffers from a hardcoded credential vulnerability. Several application binaries contained hardco...	N/A	N/A	Jun 22, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:223999	📄 Sprecher Automation SPRECON-E-C/-E-P/-E-T3 Missing Secure-Boot / Static Passwords_PACKETSTORM:223999 Sprecher Automation SPRECON-E-C/-E-P/-E-T3 leaks the firmware signing private key, is missing a secure-boot mechanism, has unencrypted flash memory...	N/A	N/A	Jun 22, 2026	PACKETSTORM
CRITICAL 10	0D7DE32F-DF63-	Exploit for Improper Access Control in Widgetfactorylimited Jce_0D7DE32F-DF63-51D0-A699-AAD3D055B58E CVE-2025-48907 - Joomla! JCE Unauthenticated RCE Joomla! JCE extension --- 📋 Overview This repository contains a proof-of-concept PoC exploit for ...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
CRITICAL 10	THN:97CE7D79A5B...	ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack_THN:97CE7D79A5B9C74093178E4266ABFB48 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd4DchiVkQLBMvGHgWrojoZUdyk2SwEhEj5q6cOYzKCUWF1Lz3Mxeizurg1O-SLVi2jg319ib4SJsSoVWixA...	N/A	N/A	Jun 22, 2026	THN
CRITICAL 9.1	CVE-2025-62821	CVE-2025-62821_CVE-2025-62821 Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the repo...	Microsoft	Microsoft HEIF Image Extensions 1.2.22.0	Jun 19, 2026	CVE