CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-44990	Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`_CVE-2026-44990 ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the d...	apostrophecms	sanitize-html < 2.17.4	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-53609	Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass_CVE-2026-53609 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation...	apostrophecms	apostrophe <= 4.30.0	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-53519	Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key_CVE-2026-53519 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the ...	nezhahq	nezha < 2.0.13	Jun 12, 2026	CVE
CRITICAL 9.9	CVE-2026-46716	Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron_CVE-2026-46716 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleM...	nezhahq	nezha >= 1.4.0, < 2.0.8	Jun 12, 2026	CVE
CRITICAL 9.8	F0C31C9B-0A65-	Exploit for CVE-2026-20253_F0C31C9B-0A65-5448-9175-384AF0B76ABF No description provided...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
CRITICAL 9.5	CVE-2026-48558	SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification_CVE-2026-48558 SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. W...	SimpleHelp	SimpleHelp 5.5.0	Jun 12, 2026	CVE
CRITICAL 9.2	CVE-2026-50101	Naxclow IoT Platform Not using password aging_CVE-2026-50101 Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credent...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
CRITICAL 9.2	CVE-2026-28742	Naxclow IoT Platform Use of hard-coded cryptographic key_CVE-2026-28742 Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is ...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
CRITICAL 10	MSF:EXPLOIT-LINUX-	Paperclip AI RCE using a chain of six API calls (CVE-2026-41679)._MSF:EXPLOIT-LINUX-HTTP-PAPERCLIPAI_UNAUTH_RCE_CVE_2026_41679- Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior ...	N/A	N/A	Jun 12, 2026	METASPLOIT
CRITICAL 9.1	PACKETSTORM:223334	📄 Palo Alto GlobalProtect Authentication Bypass_PACKETSTORM:223334 This Metasploit module exploits an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components. Th...	N/A	N/A	Jun 12, 2026	PACKETSTORM