CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	3BCADBAC-E6C7-	Exploit for Prototype Pollution in Cure53 Dompurify_3BCADBAC-E6C7-5B3A-84E1-6938398220F9 DOMPurify re-clone bypass. Instead of relying on easily stripped source comments or version variables, this tool performs logic fingerprinting on m...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.2	8AD1A192-E34A-	Exploit for CVE-2026-42945_8AD1A192-E34A-5E8C-A3B9-4AAECCED2A20 No description provided...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2026-38967	CVE-2026-38967_CVE-2026-38967 CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values.	CrowCpp	CrowCpp Crow v1.3.1	Jun 2, 2026	CVE
CRITICAL 9	CVE-2026-36748	CVE-2026-36748_CVE-2026-36748 RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.	Rock RMS	RockRMS v16.13, before v17.7.0	Jun 3, 2026	CVE
CRITICAL 9.8	CVE-2026-36576	CVE-2026-36576_CVE-2026-36576 An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute a...	openlabs	docker-wkhtmltopdf-aas up to commit 9f50579	Jun 3, 2026	CVE
CRITICAL 9.8	PACKETSTORM:222614	📄 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614 This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to re...	N/A	N/A	Jun 3, 2026	PACKETSTORM
CRITICAL 9.8	7FE5A510-990A-	Exploit for Prototype Pollution in Cure53 Dompurify_7FE5A510-990A-5CCB-9427-6AA5D7B10937 No description provided...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.8	393A755A-8E32-	Exploit for Stack-based Buffer Overflow in Microsoft_393A755A-8E32-59DA-B6AC-2DE1A68B3BB0 LongLogon · CVE-2026-41089 LongLogon is an unauthenticated, non-destructive precondition checker for CVE-2026-41089, a pre-auth stack buffer overfl...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.8	93EFFA1D-01DF-	Exploit for Eval Injection in Geoserver_93EFFA1D-01DF-57C9-9826-139DBF9FD985 CVE-2024-36401 — Unauthenticated RCE in GeoServer A complete, reproducible study of CVE-2024-36401, an unauthenticated remote code execution flaw i...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 10	93A59886-B99C-	Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware_93A59886-B99C-532C-9C2C-E718BDD5A455 No description provided...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT