CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2026-10789	MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop_CVE-2026-10789 A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerabili...	Autodesk	Fusion 2703.1.11	Jun 22, 2026	CVE
CRITICAL 9.4	THN:A2D26AE6302...	Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants_THN:A2D26AE6302BAA068AA98AC6FA38A101 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrjCumekV1hjkgdgebp4RqfYc_Yt9Swv4lG7ds3XMDHG9f-JxSuJSWY3UcWIoivJoJkJjdlBvtiQAHKy7NNg...	N/A	N/A	Jun 22, 2026	THN
CRITICAL 9.8	6187732A-19DB-	Exploit for CVE-2026-54806_6187732A-19DB-57D3-B916-91087E253791 WP Activity Log PHP Object Injection CVE-2026-54806 PoC 📜 Description CVE-2026-54806 is a critical CVSS 9.8 unauthenticated PHP Object Injection v...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
CRITICAL 9.1	CVE-2026-9265	Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path_CVE-2026-9265 Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8ST...	JONASBN	Crypt::OpenSSL::PKCS12	Jun 20, 2026	CVE
CRITICAL 9.1	CVE-2026-11373	Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections_CVE-2026-11373 Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which ...	JASEI	Net::Statsite::Client	Jun 22, 2026	CVE
CRITICAL 9.8	CVE-2026-7664	Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS_CVE-2026-7664 IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due...	IBM	Langflow OSS 1.0.0	Jun 22, 2026	CVE
CRITICAL 9.1	CVE-2026-56104	Chainlit < 2.10.1 Session Hijacking via WebSocket Session Restoration_CVE-2026-56104 Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user s...	Chainlit	chainlit	Jun 22, 2026	CVE
CRITICAL 9.4	CVE-2026-56422	MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields_CVE-2026-56422 Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope fore...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.2	CVE-2026-7166	Multiple vulnerabilities in the Assassin game by Gaudire_CVE-2026-7166 Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘...	Gaudire	Assassin game last version	Jun 22, 2026	CVE
CRITICAL 9.4	CVE-2026-7165	Multiple vulnerabilities in the Assassin game by Gaudire_CVE-2026-7165 The vulnerability is present in the ‘/addJugador’ endpoint: * The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of ot...	Gaudire	Assassin game last version	Jun 22, 2026	CVE