CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	6C9A8646-8BC0-	Exploit for Path Traversal in Fortinet Fortisandbox_6C9A8646-8BC0-5180-846E-1136F5603E79 cve-id ⚡ Simple Usage Use this project only in safe and authorized environments such as: - Local virtual machines - Docker containers - Isolated l...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
CRITICAL 9.8	6FFCC386-0479-	Exploit for OS Command Injection in Fortinet Fortisandbox_6FFCC386-0479-54C4-BA32-967FE298FCBA cve-id ⚡ Simple Usage Use this project only in safe and authorized environments such as: - Local virtual machines - Docker containers - Isolated l...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
CRITICAL 9.9	CVE-2026-46765	CVE-2026-46765_CVE-2026-46765 {“lastseen”:””,”description”:””,”published”:”2026-06-16T19:27:13.188Z”,&#82...	Oracle Corporation	Oracle WebCenter Portal 12.2.1.4.0	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-54194	WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability_CVE-2026-54194 Contributor PHP Object Injection in Fusion Builder	ThemeFusion	Fusion Builder n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-49080	WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability_CVE-2026-49080 Unauthenticated SQL Injection in wpDataTables	TMS	wpDataTables n/a	Jun 16, 2026	CVE
CRITICAL 9.9	CVE-2026-48781	Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery_CVE-2026-48781 Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob i...	gitroomhq	postiz-app < 2.21.8	Jun 16, 2026	CVE
CRITICAL 10	CVE-2026-48055	Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction_CVE-2026-48055 Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip v...	truelockmc	streambert < 2.5.0	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-39529	WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability_CVE-2026-39529 Unauthenticated PHP Object Injection in Elementra	ThemeREX Group	Elementra n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-39438	WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability_CVE-2026-39438 Unauthenticated SQL Injection in ListingPro	Emraan Cheema	ListingPro n/a	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-27429	WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability_CVE-2026-27429 Unauthenticated PHP Object Injection in Nifty	BoldThemes	Nifty n/a	Jun 16, 2026	CVE