CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	9FE6A20B-74FB-	Exploit for Unrestricted Upload of File with Dangerous Type in Eclipse Business_Intelligence_And_Reporting_Tools_9FE6A20B-74FB-5120-9B1F-6A63ED38C6E3 CVE-2021-34427 Windows POC for CVE-2021-34427 affecting Birt Viewer Tested on Birt 4.8.0 Built with Claude Based on research here: https://bugs.ecl...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
CRITICAL 9.8	AVLEONOV:CC3D65...	June “In the Trend of VM” (#28): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities_AVLEONOV:CC3D65635446B497749DDD41CFC7A7F3 ![June In the Trend of VM \(#28\): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities](https://avleonov.com/wp-content...	N/A	N/A	Jun 17, 2026	AVLEONOV
CRITICAL 9.3	38CC0676-948A-	Exploit for Cross-site Scripting in Roundcube Webmail_38CC0676-948A-5269-9162-8B92F853D747 CVE-2024-42009 — Roundcube Webmail 1.6.6 Stored XSS PoC For authorised security testing, CTF environments, and educational research only. Using thi...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
CRITICAL 9.3	C5EFE23A-E7AE-	Exploit for CVE-2015-10141_C5EFE23A-E7AE-5AC1-BCD5-1817788E4C5B CVE-2015-10141...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
CRITICAL 9.2	CVE-2026-55200	libssh2 – Out-of-Bounds Write via Unchecked packet_length in transport.c_CVE-2026-55200 libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper ...	libssh2	libssh2	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54388	Tinyproxy – HTTP Request Smuggling via Duplicate Content-Length Headers_CVE-2026-54388 Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwa...	tinyproxy	tinyproxy	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54387	Tinyproxy – HTTP Request Smuggling via CL/TE Desynchronization_CVE-2026-54387 Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding...	tinyproxy	tinyproxy	Jun 17, 2026	CVE
CRITICAL 9.1	CVE-2026-48814	Network-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)_CVE-2026-48814 Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin ...	Jovancoding	Network-AI < 5.7.2	Jun 17, 2026	CVE
CRITICAL 9.8	4D212348-0CE4-	Exploit for Argument Injection in Gnu Inetutils_4D212348-0CE4-5BBD-86E0-05C3D2BF492E CVE-2026-24061 — Reproduction Lab ⚠️ For educational purposes only. Isolated lab environment. Français ci-dessous --- Summary Critical authenticati...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
CRITICAL 9.8	MSSECURE:00B5F0...	Beyond the benchmark: Advancing security at AI speed_MSSECURE:00B5F0DA128161763042D52D4210A2E0 In this article 1. From the lab into the pipeline 2. This month’s set of discoveries 3. Beyond the headline: What the engineering work taugh...	N/A	N/A	Jun 17, 2026	MSSECURE