CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-5366	Git Argument Injection in prefecthq/prefect_CVE-2026-5366 Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage clas...	prefecthq	prefecthq/prefect unspecified	Jun 20, 2026	CVE
CRITICAL 9.8	51654478-7539-	Exploit for OS Command Injection in Redhat Openshift_Container_Platform_51654478-7539-5748-ADF6-E1E5CD131F2F CVE-2026-4480-PoC...	N/A	N/A	Jun 20, 2026	GITHUBEXPLOIT
CRITICAL 10	CVE-2026-48939	Joomla Extension – icagenda.com – Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15_CVE-2026-48939 A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in P...	icagenda.com	iCagenda extension for Joomla 1.0.0-3.9.14	Jun 20, 2026	CVE
CRITICAL 9.5	CVE-2026-48909	Joomla Extension – joomshaper.com – PHP Object injection in SP LMS extension for Joomla < 4.1.4_CVE-2026-48909 SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker t...	joomshaper.net	SP LMS extension for Joomla 1.0.0-4.1.3	Jun 20, 2026	CVE
CRITICAL 10	CVE-2026-48908	Joomla Extension – joomshaper.com – Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.12_CVE-2026-48908 A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code ...	joomshaper.net	SP Page Builder extension for Joomla 1.0.0-6.6.1	Jun 20, 2026	CVE
CRITICAL 10	D4275D24-A482-	GumVulns_D4275D24-A482-561B-8402-1DE456184863 GumVulns A single-file PHP CLI that searches many vulnerability APIs in parallel and returns a normalized record for each hit: CVE id, description,...	N/A	N/A	Jun 20, 2026	GITHUBEXPLOIT
CRITICAL 9.2	PACKETSTORM:223892	📄 HP Poly Voice Unauthenticated Remote Code Execution_PACKETSTORM:223892 CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX ...	N/A	N/A	Jun 19, 2026	PACKETSTORM
CRITICAL 9.3	CVE-2026-56081	Cap-go – Account Lockout via 2FA Misconfiguration on Unverified Email_CVE-2026-56081 Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email addres...	Cap-go	capgo	Jun 19, 2026	CVE
CRITICAL 9.3	CVE-2026-56073	Cap-go – OTP Bypass via Response Manipulation in Email Verification_CVE-2026-56073 Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by mo...	Cap-go	capgo	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-11551	Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover_CVE-2026-11551 The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is du...	wpmudev	Branda – White Label & Branding, Free Login Page Customizer	Jun 19, 2026	CVE