CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-45558	Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save_CVE-2026-45558 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endp...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-45556	Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`_CVE-2026-45556 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accept...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-45552	Roxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered server_CVE-2026-45552 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declare...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.1	CVE-2026-45550	Roxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant’s monitoring URL/IP/body_CVE-2026-45550 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/s...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.3	E58673C7-8ED0-	Exploit for Improper Authentication in Checkpoint Gaia_Os_E58673C7-8ED0-562C-8B2F-1A682CF0C643 markdown CVE-2026-50751 - Check Point IKEv1 Authentication Bypass Exploit ⚠️ ADVERTENCIA IMPORTANTE Este código es SOLO para fines educativos y pru...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT
CRITICAL 9.8	9BC08ADB-8F4F-	Exploit for SQL Injection in Glpi-Project Glpi_9BC08ADB-8F4F-5010-BDA8-9F36150A79A7 CVE-2023-36808 - GLPI Unauthenticated SQL Injection Vulnerability GLPI versions field is injected directly into a SQL query without sanitisation: s...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT
CRITICAL 9.8	A471D383-7A66-	Exploit for Improper Input Validation in Drupal_A471D383-7A66-5507-AD3C-3606DC272DB9 drupalgeddon2-cli A command-line rewrite of the Drupalgeddon2 CVE-2018-7600 proof-of-concept, built as a study exercise while working through the H...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT
CRITICAL 10	7D18273C-34E3-	Exploit for Use of Incorrectly-Resolved Name or Reference in Apache Tomcat_7D18273C-34E3-5A00-B425-67EF1C53E606 CVE-2025-24813 - Apache Tomcat Partial PUT + Deserialization RCE 📋 Overview CVE-2025-24813 is a high‑severity vulnerability in Apache Tomcat that ...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT
CRITICAL 9.1	CVE-2026-9067	Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload_CVE-2026-9067 The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers a...	Unknown	Schema & Structured Data for WP & AMP	Jun 10, 2026	CVE
CRITICAL 9.8	CVE-2025-6254	Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation_CVE-2025-6254 The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctre...	AmentoTech	Doctreat Core	Jun 10, 2026	CVE