CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-38715	CVE-2026-38715_CVE-2026-38715 InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerabili...	n/a	n/a n/a	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-38714	CVE-2026-38714_CVE-2026-38714 InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerabili...	n/a	n/a n/a	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-54390	JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer_CVE-2026-54390 JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malic...	JTL Software	JTL Shop 5.0.0	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-47846	CVE-2026-47846_CVE-2026-47846 Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured vi...	Bitnami	bitnami/cassandra 4.0.0	Jun 18, 2026	CVE
CRITICAL 9.9	CVE-2026-49252	deepstream is vulnerable to prototype pollution_CVE-2026-49252 deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are v...	deepstreamIO	deepstream.io < 10.0.5	Jun 18, 2026	CVE
CRITICAL 9.1	CVE-2026-49454	Relyra SAML SignatureValue not cryptographically verified -> authentication bypass_CVE-2026-49454 Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures beca...	szTheory	relyra >= 1.0.0, < 1.2.0	Jun 18, 2026	CVE
CRITICAL 10	CVE-2026-49257	mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind_CVE-2026-49257 mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults ...	startreedata	mcp-pinot < 3.1.0	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-54130	M365 Copilot Information Disclosure Vulnerability_CVE-2026-54130 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:39.358Z”,&#82...	Microsoft	Microsoft 365 Copilot -	Jun 18, 2026	CVE
CRITICAL 9.9	CVE-2026-47647	Dynamics 365 Elevation of Privilege Vulnerability_CVE-2026-47647 {“lastseen”:””,”description”:””,”published”:”2026-06-18T21:42:40.084Z”,&#82...	Microsoft	Microsoft Dynamics 365 -	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-40624	AVer PTC cameras Files or Directories Accessible to External Parties_CVE-2026-40624 Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary...	AVer	PTC500S *	Jun 18, 2026	CVE