CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-10879	DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders_CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL p...	HMBRAND	DBI	Jun 5, 2026	CVE
CRITICAL 9.1	CVE-2026-9270	DataDog::DogStatsd versions through 0.07 for Perl allow metric injections_CVE-2026-9270 DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric in...	DataDog	DataDog::DogStatsd 0.07	Jun 5, 2026	CVE
CRITICAL 9.8	CVE-2026-11362	DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags_CVE-2026-11362 DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, al...	BINARY	DataDog::DogStatsd	Jun 5, 2026	CVE
CRITICAL 9.8	CVE-2026-52778	YesWiki has Unsafe eval() in Formula Calculator – Remote Code Execution (RCE) & Denial of Service (DoS)_CVE-2026-52778 YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcF...	YesWiki	yeswiki < 4.6.6	Jun 8, 2026	CVE
CRITICAL 9	CVE-2026-11393	Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import_CVE-2026-11393 Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remot...	AWS	AgentCore CLI 0.4.0	Jun 8, 2026	CVE
CRITICAL 9.1	CVE-2026-36500	CVE-2026-36500_CVE-2026-36500 An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted requ...	OpenDaylight	Controller v12.0.5	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2026-50751	User Authentication Bypass in VPN Remote Access and Mobile Access_CVE-2026-50751 A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote a...	checkpoint	Quantum Security Gateway R82.10 with Jumbo Hotfix Take 19 or below	Jun 8, 2026	CVE
CRITICAL 9.4	CVE-2026-46442	Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape_CVE-2026-46442 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function ...	FlowiseAI	Flowise < 3.1.2	Jun 8, 2026	CVE
CRITICAL 9.2	CVE-2026-41448	AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie_CVE-2026-41448 AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain fu...	AdguardTeam	AdGuardHome	Jun 8, 2026	CVE
CRITICAL 9.3	CVE-2026-39910	STACKIT IaaS API Privilege Escalation via Service Account Attachment_CVE-2026-39910 STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to...	STACKIT	IaaS API	Jun 8, 2026	CVE