CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-10629	CVE-2026-10629_CVE-2026-10629 SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Secur...	Verizon	VoLTE UNKNOWN	Jun 2, 2026	CVE
CRITICAL 9.8	CVE-2026-5076	ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation_CVE-2026-5076 The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The pl...	armember	ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	Jun 2, 2026	CVE
CRITICAL 9.8	PACKETSTORM:222477	📄 Samba SMB Printer Queue Command Injection / Remote Task Delivery_PACKETSTORM:222477 This Python script is a structured exploitation framework targeting Samba print services exposed over SMB port 445. It focuses on printer-share int...	N/A	N/A	Jun 2, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:222450	📄 Drupal core 10.5.5 SQL Injection_PACKETSTORM:222450 This proof of concept demonstrates an error-based remote SQL injection vulnerability in Drupal core version 10.5.5 PostgreSQL. User-controlled JSON...	N/A	N/A	Jun 2, 2026	PACKETSTORM
CRITICAL 9.8	AVLEONOV:68E701...	May Linux Patch Wednesday_AVLEONOV:68E7010A21B0F3420D3F6FE77C9479F4 ![May Linux Patch Wednesday](https://avleonov.com/wp-content/uploads/2026/06/[email protected]) May Linux Patch Wednesday. A total of 1,638 vu...	N/A	N/A	Jun 2, 2026	AVLEONOV
CRITICAL 9.1	CVE-2026-9098	CVE-2026-9098_CVE-2026-9098 In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs wit...	Casdoor	Casdoor	May 28, 2026	CVE
CRITICAL 9.8	CVE-2026-9097	CVE-2026-9097_CVE-2026-9097 Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in obje...	Casdoor	Casdoor 2.362.0 and earlier	May 28, 2026	CVE
CRITICAL 9.8	CVE-2026-9094	CVE-2026-9094_CVE-2026-9094 Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in obje...	Casdoor	Casdoor 2.362.0 and earlier	May 28, 2026	CVE
CRITICAL 9.8	CVE-2026-9093	CVE-2026-9093_CVE-2026-9093 In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML asserti...	Casdoor	Casdoor 2.362.0 and earlier	May 28, 2026	CVE
CRITICAL 9.1	CVE-2026-42252	Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern_CVE-2026-42252 Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator...	Apache Software Foundation	Apache Airflow 3.0.0	Jun 1, 2026	CVE