CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-34901	WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability_CVE-2026-34901 Unauthenticated Privilege Escalation in iControlWP	Paul	iControlWP n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-27053	WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability_CVE-2026-27053 Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.	VideoWhisper.com	Broadcast Live Video n/a	Jun 15, 2026	CVE
CRITICAL 9.1	196189CB-E82D-	Exploit for CVE-2026-53519_196189CB-E82D-5E0B-BD79-68750009496C CVE-2026-53519-PoC PoC exploit for CVE-2026-53519...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-49952	Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle_CVE-2026-49952 Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gai...	Discuz!	Discuz! X5.0 20260320	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-48114	Metacat has an unauthenticated SQL injection vulnerability_CVE-2026-48114 Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthentica...	NCEAS	metacat >= 2.0.0, < 3.0.0	Jun 15, 2026	CVE
CRITICAL 10	PACKETSTORM:223388	📄 FreePBX SQL Injection / Shell Upload / Remote Root_PACKETSTORM:223388 This Python3 script exploits a remote SQL injection vulnerability in FreePBX and adds a remote shell that achieves root privileges. This issue has ...	N/A	N/A	Jun 15, 2026	PACKETSTORM
CRITICAL 9.8	CVE-2026-11526	GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle_CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::I...	RURBAN	GD	Jun 14, 2026	CVE
CRITICAL 9.8	CVE-2026-8935	Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation_CVE-2026-8935 The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any f...	Unknown	WP MAPS PRO	Jun 15, 2026	CVE
CRITICAL 9.3	13CA0CE8-12D1-	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering_Toolkits_13CA0CE8-12D1-54FC-9A7F-66AE9C6F4402 No description provided...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2026-41157	GPU DDK – OOB Write in CalculateNPOTTwiddleSparsePageMap3D_CVE-2026-41157 A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space...	Imagination Technologies	Graphics DDK 1.18 RTM, 23.2 RTM, 24.2 RTM, 25.1 RTM, 26.1 RTM	Jun 12, 2026	CVE