CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9	CVE-2026-54157	LobeHub: Unauthenticated SSRF in `/webapi/proxy`_CVE-2026-54157 LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy e...	lobehub	lobehub < 2.1.57	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-53662	immich: One-click account takeover via XSS in login page continue redirect_CVE-2026-53662 immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting ...	immich-app	immich >= main@4ffa26c9, < main@4eb1003	Jun 23, 2026	CVE
CRITICAL 9.1	CVE-2026-9733	Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter_CVE-2026-9733 Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specifi...	HAYAJO	Mojolicious::Plugin::Web::Auth::OAuth2 0.17	Jun 23, 2026	CVE
CRITICAL 9.2	CVE-2026-35019	NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass_CVE-2026-35019 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers t...	NetComm Wireless Pty Ltd	NF20MESH	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-28496	FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE_CVE-2026-28496 FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulne...	FOSSBilling	FOSSBilling < 0.8.0	Jun 23, 2026	CVE
CRITICAL 10	CVE-2026-27604	FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions_CVE-2026-27604 FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization byp...	FOSSBilling	FOSSBilling >= 0.5.4, < 0.8.0	Jun 23, 2026	CVE
CRITICAL 9.8	TRENDMICROBLOG:...	From Langflow to Monero: Inside CVE-2026-33017 Cryptominer_TRENDMICROBLOG:D6D82F6102E243699FEABC242F869EE4 We tracked a cryptocurrency-mining campaign exploiting CVE-2026-33017, which revealed how threat actors are now scanning exposed AI application inf...	N/A	N/A	Jun 23, 2026	TRENDMICROBLOG
CRITICAL 9.3	CVE-2026-56315	picklescan – Remote Code Execution via Unblocked Standard Library Modules_CVE-2026-56315 picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, a...	picklescan	picklescan	Jun 23, 2026	CVE
CRITICAL 9.2	CVE-2026-56258	Crawl4AI – Arbitrary File Write via output_path Symlink and TOCTOU_CVE-2026-56258 Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to w...	Crawl4AI	Crawl4AI 0.8.8	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-44089	Buffer Overflow in Totolink EX1200L router_CVE-2026-44089 Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be ex...	Totolink	EX1200L 9.3.5u.6146_B20201023	Jun 23, 2026	CVE