CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-53519	Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key_CVE-2026-53519 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the ...	nezhahq	nezha < 2.0.13	Jun 12, 2026	CVE
CRITICAL 9.9	CVE-2026-46716	Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron_CVE-2026-46716 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleM...	nezhahq	nezha >= 1.4.0, < 2.0.8	Jun 12, 2026	CVE
CRITICAL 9.8	F0C31C9B-0A65-	Exploit for CVE-2026-20253_F0C31C9B-0A65-5448-9175-384AF0B76ABF No description provided...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
CRITICAL 9.5	CVE-2026-48558	SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification_CVE-2026-48558 SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. W...	SimpleHelp	SimpleHelp 5.5.0	Jun 12, 2026	CVE
CRITICAL 9.2	CVE-2026-50101	Naxclow IoT Platform Not using password aging_CVE-2026-50101 Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credent...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
CRITICAL 9.2	CVE-2026-28742	Naxclow IoT Platform Use of hard-coded cryptographic key_CVE-2026-28742 Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is ...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
CRITICAL 10	MSF:EXPLOIT-LINUX-	Paperclip AI RCE using a chain of six API calls (CVE-2026-41679)._MSF:EXPLOIT-LINUX-HTTP-PAPERCLIPAI_UNAUTH_RCE_CVE_2026_41679- Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior ...	N/A	N/A	Jun 12, 2026	METASPLOIT
CRITICAL 9.1	PACKETSTORM:223334	📄 Palo Alto GlobalProtect Authentication Bypass_PACKETSTORM:223334 This Metasploit module exploits an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components. Th...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:223318	📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection_PACKETSTORM:223318 This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by levera...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 9.3	PACKETSTORM:223316	📄 Check Point VPN IKE Logic Flaw_PACKETSTORM:223316 This is a Python script attempting to exploit a vulnerability in Check Point VPN by sending a malformed IKESAINIT packet to UDP port 500, detecting...	N/A	N/A	Jun 12, 2026	PACKETSTORM