CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2026-53471	Migration-planner: agent api ignores jwt source_id claim_CVE-2026-53471 A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory ...	Red Hat	migration-planner	Jun 10, 2026	CVE
CRITICAL 9.6	CVE-2026-53470	Migration-planner: getsourcedownloadurl missing organization check_CVE-2026-53470 A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id...	Red Hat	migration-planner	Jun 10, 2026	CVE
CRITICAL 9.1	CVE-2026-53469	Migration-planner: unprotected delete endpoint wipes all tenant data_CVE-2026-53469 A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources rout...	Red Hat	migration-planner	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-45558	Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save_CVE-2026-45558 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endp...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-45556	Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`_CVE-2026-45556 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accept...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-45552	Roxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered server_CVE-2026-45552 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declare...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.1	CVE-2026-45550	Roxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant’s monitoring URL/IP/body_CVE-2026-45550 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/s...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.3	E58673C7-8ED0-	Exploit for Improper Authentication in Checkpoint Gaia_Os_E58673C7-8ED0-562C-8B2F-1A682CF0C643 markdown CVE-2026-50751 - Check Point IKEv1 Authentication Bypass Exploit ⚠️ ADVERTENCIA IMPORTANTE Este código es SOLO para fines educativos y pru...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT
CRITICAL 9.8	9BC08ADB-8F4F-	Exploit for SQL Injection in Glpi-Project Glpi_9BC08ADB-8F4F-5010-BDA8-9F36150A79A7 CVE-2023-36808 - GLPI Unauthenticated SQL Injection Vulnerability GLPI versions field is injected directly into a SQL query without sanitisation: s...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT
CRITICAL 9.8	A471D383-7A66-	Exploit for Improper Input Validation in Drupal_A471D383-7A66-5507-AD3C-3606DC272DB9 drupalgeddon2-cli A command-line rewrite of the Drupalgeddon2 CVE-2018-7600 proof-of-concept, built as a study exercise while working through the H...	N/A	N/A	Jun 10, 2026	GITHUBEXPLOIT