CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2025-71325	picklescan – Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw_CVE-2025-71325 picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track argument...	picklescan	picklescan	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2025-71323	picklescan – Remote Code Execution via Unblocked ctypes Module_CVE-2025-71323 picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and acce...	picklescan	picklescan	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2025-71321	picklescan – Arbitrary File Writing via distutils Module Bypass_CVE-2025-71321 picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutil...	picklescan	picklescan	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2025-71320	picklescan – Remote Code Execution via Incomplete Disallowed Inputs_CVE-2025-71320 picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers ...	picklescan	picklescan	Jun 17, 2026	CVE
CRITICAL 9.4	PACKETSTORM:223657	📄 dedoc/scramble 0.13.2 Remote Code Execution_PACKETSTORM:223657 This is a Metasploit exploit module for CVE-2026-44262, an unauthenticated remote code execution vulnerability in the Laravel-based tool dedoc/scra...	N/A	N/A	Jun 17, 2026	PACKETSTORM
CRITICAL 10	AE6219F6-F23B-	Exploit for CVE-2026-48907_AE6219F6-F23B-5FB3-886B-AFFE2FBDB4B1 CVE-2026-48907 CVE-2026-48907 is a critical improper access control vulnerability in the JCE editor extension for Joomla. It allows unauthenticated...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
CRITICAL 9.6	CVE-2026-55743	OpenHuman desktop agent shell tool sandbox bypass leads to arbitrary command execution_CVE-2026-55743 The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 (default Supervised security policy) can be bypass...	tinyhumansai	OpenHuman	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54812	WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability_CVE-2026-54812 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Inject...	StylemixThemes	Motors n/a	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-47103	Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection_CVE-2026-47103 Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by s...	fgmacedo	python-statemachine 3.0.0	Jun 17, 2026	CVE
CRITICAL 9.1	CVE-2026-50203	Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names_CVE-2026-50203 A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP se...	Apache Software Foundation	Apache Airflow SFTP provider	Jun 17, 2026	CVE