CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	3DCD9D30-4F52-	Exploit for Deserialization of Untrusted Data in Facebook React_3DCD9D30-4F52-556E-8799-B5F055F48E4B React2Shell CVE-2025-55182 Next.js: CVE-2025-66478Unauthenticated RCE in React Server Components Flight Protocol - PoC Exploit Description React Se...	N/A	N/A	Jun 5, 2026	GITHUBEXPLOIT
HIGH 8.3	CVE-2026-11431	Path Traversal in Altium Projects Service Allows Arbitrary File Read_CVE-2026-11431 A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
CRITICAL 9.4	CVE-2026-11429	Path Traversal in Altium Git Service Allows Remote Code Execution_CVE-2026-11429 A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequenc...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
HIGH 8.3	CVE-2026-11424	Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information Disclosure_CVE-2026-11424 A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An auth...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
HIGH 8.1	CVE-2026-11416	MoviePilot Path Traversal via Cloud Storage Download Handlers_CVE-2026-11416 MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path...	jxxghp	MoviePilot	Jun 5, 2026	CVE
MEDIUM 6.9	CVE-2026-45409	Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix_CVE-2026-45409 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Uni...	kjd	idna < 3.15	Jun 5, 2026	CVE
HIGH 8.8	CVE-2026-7654	Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value_CVE-2026-7654 The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.1...	codepress	Admin Columns	Jun 5, 2026	CVE
MEDIUM 4.3	CVE-2026-7523	Alba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'card_id' Parameter_CVE-2026-7523 The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin no...	alejo30	Alba Board	Jun 5, 2026	CVE
NONE	C1A4B986-0659-	UPnPHostFileRead_C1A4B986-0659-5663-B5A2-7E1B10E6D9A2 Description Local arbitrary file read PoC exploit for the Windows UPnP Device Host service. Reads an arbitrary file in the context of LOCAL SERVICE...	N/A	N/A	Jun 5, 2026	GITHUBEXPLOIT
CRITICAL 9.6	B2320075-9374-	Exploit for CVE-2024-34070_B2320075-9374-5FD1-9A5C-1FB8B4C7FC00 CVE-2024-34070 Froxlor PoC Python proof of concept for CVE-2024-34070, a stored XSS issue in Froxlor before 2.1.9 through failed login attempts wri...	N/A	N/A	Jun 5, 2026	GITHUBEXPLOIT