CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	B20223AD-B178-	Exploit for CVE-2026-6279_B20223AD-B178-5271-9BDA-0376DF827CFA CVE-2026-6279...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT
CRITICAL 10	9362E5FB-8A5E-	Exploit for CVE-2026-48907_9362E5FB-8A5E-5D90-AEE0-44FA2E7F560E CVE-2026-48907 Description هذا الملف CVE-2025-9209.py هو أداة استغلال جماعي تعمل على استهداف ثغرة CVE-2025-9209. الوظائف الأساسية: تفحص قائمة مواقع...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT
CRITICAL 9.8	1B1A3142-CD90-	Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin_1B1A3142-CD90-5BA0-A772-AC630842FD7C CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated Remote Code Execution exploit for GravCMS Custom command python3 exploit.py -t http://...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT
CRITICAL 9.8	A1D50DD6-435E-	Exploit for CVE-2026-6279_A1D50DD6-435E-5B9D-933B-23BDA38B2B7B Description This Python script is an exploit tool for CVE-2026-6279 targeting Avada Builder = 3.15.2. Key behavior: scans targets for fusionloadnon...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT
CRITICAL 9.4	CVE-2026-11624	CVE-2026-11624_CVE-2026-11624 The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebin...	Google	MCP Toolbox for Databases	Jun 13, 2026	CVE
CRITICAL 10	305568CC-85F7-	Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp_305568CC-85F7-5A1B-8FAE-834B17D0B008 Information Security Fundamentals — Spring 2026 Project Total Points: 20 \| Deadline: No late submissions accepted Overview This project simulates a...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-44990	Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`_CVE-2026-44990 ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the d...	apostrophecms	sanitize-html < 2.17.4	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-53609	Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass_CVE-2026-53609 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation...	apostrophecms	apostrophe <= 4.30.0	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-53519	Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key_CVE-2026-53519 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the ...	nezhahq	nezha < 2.0.13	Jun 12, 2026	CVE
CRITICAL 9.9	CVE-2026-46716	Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron_CVE-2026-46716 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleM...	nezhahq	nezha >= 1.4.0, < 2.0.8	Jun 12, 2026	CVE