CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-46386	OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`_CVE-2026-46386 OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KE...	opf	openproject >= 8.3.0, < 17.2.4	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2026-54352	Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload_CVE-2026-54352 Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a...	Budibase	budibase < 3.39.9	Jun 26, 2026	CVE
CRITICAL 10	CVE-2026-54350	Budibase: Anonymous NoSQL operator injection via published-app query templates_CVE-2026-54350 Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of t...	Budibase	budibase < 3.39.12	Jun 26, 2026	CVE
CRITICAL 10	CVE-2026-53576	Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass_CVE-2026-53576 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/ap...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
CRITICAL 10	CVE-2026-49869	Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`_CVE-2026-49869 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath(...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2025-64152	Apache IoTDB: Path Traversal Vulnerability_CVE-2025-64152 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro...	Apache Software Foundation	Apache IoTDB 1.0.0	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2025-55017	Apache IoTDB: Path Traversal Vulnerability_CVE-2025-55017 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro...	Apache Software Foundation	Apache IoTDB 2.0.0	Jun 26, 2026	CVE
CRITICAL 9.8	CVE-2026-0685	Server side template inject (SSTI) in Edgewall Genshi Template Engine_CVE-2026-0685 Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achie...	Edgewall	Genshi 0.7.9	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2025-11919	Unprotected temporary directories in Wolfram Cloud may result in privilege escalation_CVE-2025-11919 The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp...	Wolfram Research Inc.	Cloud 14.2	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2026-33646	mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)_CVE-2026-33646 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template e...	jdx	mise < 2026.3.10	Jun 26, 2026	CVE