exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-34594	Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management_CVE-2026-34594 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated comma...	coollabsio	coolify < 4.0.0-beta.471	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57997	Strapi users-permissions – JWT Algorithm Confusion via Missing Algorithm Configuration_CVE-2026-57997 Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowin...	strapi	strapi	Jun 29, 2026	CVE
HIGH 7.7	CVE-2026-34592	Coolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and Infrastructure_CVE-2026-34592 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and pro...	coollabsio	coolify < 4.0.0-beta.471	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-10647	Deadlock denial of service in USB CDC-NCM device class on TX enqueue failure_CVE-2026-10647 The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in its ethernet transmit c...	zephyrproject	zephyr 4.1.0	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-8023	Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read_CVE-2026-8023 Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYS...	zephyrproject	zephyr 4.0.0	Jun 29, 2026	CVE
HIGH 8.1	CVE-2026-7656	Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zephyr net stack_CVE-2026-7656 The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expr...	zephyrproject	zephyr 1.14.0	Jun 29, 2026	CVE
CRITICAL 10	745E87EB-2F7B-	Exploit for Improper Control of Dynamically-Managed Code Resources in Kidocode Crawl4Ai_745E87EB-2F7B-5DE3-8689-0B856028F54D CVE-2026-53753 — Crawl4AI Unauthenticated Remote Code Execution AST Sandbox Escape Pre-authentication RCE in Crawl4AI expression evaluator safeeval...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
CRITICAL 9.8	964E7791-B2DF-	Exploit for Authentication Bypass by Primary Weakness in Crushftp_964E7791-B2DF-59B8-81F3-BEFC914A712D CrushFTP 10.8.0 — CVE-2025-31161 Vulnerable Build Pre-built CrushFTP 10.8.0 binary for authorized penetration testing of CVE-2025-31161. !CAUTION T...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
CRITICAL 9.8	983CAFED-3C66-	Exploit for Authentication Bypass by Primary Weakness in Crushftp_983CAFED-3C66-576E-BB1A-B397A3A030D6 Ansible Role: CrushFTP CVE-2025-31161 Ludus An Ansible Role that deploys a vulnerable CrushFTP 10.8.0 instance on Windows for authorized penetratio...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
NONE	394EC506-B436-	Pentesting-Skill-For-Ai-Agent_394EC506-B436-5307-87F3-9DB6D187E8FE No description provided...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT