CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	MSF:AUXILIARY-SCANNER-	BerriAI LiteLLM Proxy Pre-Auth SQL Injection Scanner_MSF:AUXILIARY-SCANNER-HTTP-LITELLM_PROXY_SQLI- This module detects BerriAI LiteLLM proxy servers affected by CVE-2026-42208, an unauthenticated SQL injection. During API-key verification the pro...	N/A	N/A	Jun 24, 2026	METASPLOIT
CRITICAL 9.6	CVE-2026-53943	Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header_CVE-2026-53943 Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being ...	TryGhost	Ghost >= 4.0.0, < 6.37.0	Jun 24, 2026	CVE
CRITICAL 9.8	CVE-2026-49980	Rclone: Unauthenticated command execution in `rclone rcd –rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix_CVE-2026-49980 Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd ...	rclone	rclone >= 1.46.0, < 1.74.3	Jun 24, 2026	CVE
CRITICAL 9.6	CVE-2026-13032	CVE-2026-13032_CVE-2026-13032 Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
CRITICAL 9.6	CVE-2026-13028	CVE-2026-13028_CVE-2026-13028 Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
CRITICAL 10	THN:36AE22FA31D...	CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited_THN:36AE22FA31D6D2AC6781F7FB8DEED534 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjZtIkR9YS2fMY5MvIzgyEShmJAP1bgHqhBdU115iSY7WZ2EcBAbFKb1OQP6Nq8hoF4HlnRifxW890ztCcne...	N/A	N/A	Jun 24, 2026	THN
CRITICAL 9.3	CVE-2026-56121	Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization_CVE-2026-56121 Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code e...	feast-dev	feast	Jun 24, 2026	CVE
CRITICAL 9.8	9FE7E8BC-4FDD-	Exploit for Out-of-bounds Write in Fortinet Fortiproxy_9FE7E8BC-4FDD-5C40-A866-41D14FB4E0CD CVE-2024-21762 - FortiOS SSL VPN Out-of-Bounds Write Overview \| Field \| Value \| \|-------\|-------\| \| CVE \| CVE-2024-21762 \| \| Advisory \| FG-IR-24-01...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 9.8	313C0238-45FD-	Exploit for CVE-2026-12416_313C0238-45FD-59C7-9A09-F1668F7DFE47 CVE-2026-12416-CVE-2026-12417 Unauthenticated Account Takeover via Weak Password Reset Validation via 'resetuserid' Parameter \| Unauthenticated Pri...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-56237	Capgo – Unauthenticated API Key Generation via Client-Side Parameter Manipulation_CVE-2026-56237 Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests...	Capgo	Capgo	Jun 24, 2026	CVE