CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.2	CVE-2026-28742	Naxclow IoT Platform Use of hard-coded cryptographic key_CVE-2026-28742 Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is ...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
CRITICAL 10	MSF:EXPLOIT-LINUX-	Paperclip AI RCE using a chain of six API calls (CVE-2026-41679)._MSF:EXPLOIT-LINUX-HTTP-PAPERCLIPAI_UNAUTH_RCE_CVE_2026_41679- Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior ...	N/A	N/A	Jun 12, 2026	METASPLOIT
CRITICAL 9.1	PACKETSTORM:223334	📄 Palo Alto GlobalProtect Authentication Bypass_PACKETSTORM:223334 This Metasploit module exploits an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components. Th...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:223318	📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection_PACKETSTORM:223318 This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by levera...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 9.3	PACKETSTORM:223316	📄 Check Point VPN IKE Logic Flaw_PACKETSTORM:223316 This is a Python script attempting to exploit a vulnerability in Check Point VPN by sending a malformed IKESAINIT packet to UDP port 500, detecting...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 9.6	PACKETSTORM:223339	📄 WordPress Gravity Forms 2.10.0.1 File Deletion / Path Traversal_PACKETSTORM:223339 This Metasploit module exploits a vulnerability in the Gravity Forms WordPress plugin versions 2.10.0.1 and below where file URLs stored in form en...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 10	PACKETSTORM:223364	📄 Paperclip AI Remote Code Execution_PACKETSTORM:223364 Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior ...	N/A	N/A	Jun 12, 2026	PACKETSTORM
CRITICAL 9.6	CVE-2026-12027	CVE-2026-12027_CVE-2026-12027 Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer proces...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE
CRITICAL 9.8	CVE-2026-6853	OTP Bypass in Başbelen Group’s Pause+ Mobile App_CVE-2026-6853 Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ M...	Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co.	Pause+ Mobile App v1.0.6	Jun 12, 2026	CVE
CRITICAL 9.8	CVE-2026-54133	jmespath.php has CompilerRuntime code injection via unescaped function names_CVE-2026-54133 jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications ...	jmespath	jmespath.php < 2.9.1	Jun 12, 2026	CVE