CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.2	CVE-2026-9222	Setracker2 Children’s Smartwatch Ecosystem Use of password hash instead of password for authentication_CVE-2026-9222 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend serv...	Shenzhen i365-Tech Co. Ltd.	Setracker2 Parental Control App (Android) package com.tgelec.setracker 3.1.5	Jun 25, 2026	CVE
CRITICAL 9.3	CF51C38E-52F7-	cve-research_CF51C38E-52F7-5CB5-9ACE-2BCD8F86C0BE CVE Research Notes and code from going through public CVEs that caught my attention. Each folder has a writeup of how the bug actually worked, a de...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT
CRITICAL 9.4	CVE-2026-40702	EVoke Systems EVoke CSMS Missing Authentication for Critical Function_CVE-2026-40702 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit ...	EVoke	EVoke CSMS All versions	Jun 25, 2026	CVE
CRITICAL 10	CVE-2025-71338	Flowise – Arbitrary File Write to Remote Code Execution via document-store API_CVE-2025-71338 Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to writ...	Flowise	Flowise	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2025-71336	Flowise – Unsandboxed Remote Code Execution via Custom MCP_CVE-2025-71336 Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP fe...	Flowise	Flowise	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2025-71334	Flowise – Arbitrary File Access via Missing Chat Flow ID Validation_CVE-2025-71334 Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatf...	Flowise	Flowise	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2025-71333	Flowise – Arbitrary File Upload via Unauthenticated /api/v1/attachments Endpoint_CVE-2025-71333 Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set t...	Flowise	Flowise	Jun 25, 2026	CVE
CRITICAL 9.3	CVE-2025-71327	Flowise – Authentication Bypass via Unprotected Registration Endpoint_CVE-2025-71327 Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers ...	Flowise	Flowise 3.0.1	Jun 25, 2026	CVE
CRITICAL 10	MSF:EXPLOIT-LINUX-	Dalfox Found-Action Deserialization RCE_MSF:EXPLOIT-LINUX-HTTP-DALFOX_SERVER_RCE_CVE_2026_45087- When dalfox version use exploit/linux/http/dalfoxserverrcecve202645087 msf exploitdalfoxserverrcecve202645087 show targets ...targets... msf exploi...	N/A	N/A	Jun 25, 2026	METASPLOIT
CRITICAL 9.3	CVE-2026-50549	Cursor Desktop sandbox escape via symlink and failed path canonicalization_CVE-2026-50549 Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, t...	cursor	cursor < 3.0	Jun 25, 2026	CVE