CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2025-10560	Hardcoded cloud credentials in Worksnaps client application binaries expose production cloud resources_CVE-2025-10560 Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries...	Silver Leaf Technologies, Inc.	Worksnaps.net Worksnaps Worksnaps before 1.6.20260201	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-8024	Deserialization vulnerability in ibaPDA and ibaDatCoordinator_CVE-2026-8024 A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access...	iba	ibaPDA 1.0.0	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-54419	PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query_CVE-2026-54419 claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5) con...	claudiopizzillo	PIAF-HMS	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-11718	CVE-2026-11718_CVE-2026-11718 An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When th...	Google	MCP Toolbox for Databases (googleapis/mcp-toolbox) 1.0.0	Jun 18, 2026	CVE
CRITICAL 9.3	CVE-2026-11717	CVE-2026-11717_CVE-2026-11717 An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When ve...	Google	MCP Toolbox for Databases (googleapis/mcp-toolbox) 1.0.0	Jun 18, 2026	CVE
CRITICAL 9.8	63792567-6E10-	Exploit for Improper Input Validation in Hoverfly_63792567-6E10-52EB-9FBC-843EABF2AB52 No description provided...	N/A	N/A	Jun 18, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-48768	TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName_CVE-2026-48768 TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses u...	baptisteArno	typebot.io < 3.17.0	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-12569	Remote Code Execution (RCE) vulnerability in Windchill PDMlink_CVE-2026-12569 A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited...	PTC	Windchill PDMLink	Jun 18, 2026	CVE
CRITICAL 9.8	9FE6A20B-74FB-	Exploit for Unrestricted Upload of File with Dangerous Type in Eclipse Business_Intelligence_And_Reporting_Tools_9FE6A20B-74FB-5120-9B1F-6A63ED38C6E3 CVE-2021-34427 Windows POC for CVE-2021-34427 affecting Birt Viewer Tested on Birt 4.8.0 Built with Claude Based on research here: https://bugs.ecl...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
CRITICAL 9.8	AVLEONOV:CC3D65...	June “In the Trend of VM” (#28): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities_AVLEONOV:CC3D65635446B497749DDD41CFC7A7F3 ![June In the Trend of VM \(#28\): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities](https://avleonov.com/wp-content...	N/A	N/A	Jun 17, 2026	AVLEONOV