CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	E7B8F6E4-E610-	0-day-PoC-Repo_E7B8F6E4-E610-5834-9597-E054A9B69439 If you wish to collaborate/discuss with me, contact me on discord @ashdfrkl Sharing this repo keeps me motivated to continue dropping 0-days for yo...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
CRITICAL 9.6	CVE-2026-57498	Coolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams’ Servers_CVE-2026-57498 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controll...	coollabsio	coolify < 4.0.0-beta.474	Jun 29, 2026	CVE
CRITICAL 9.8	CVE-2026-13763	HTTP/2 Stream Parser Confusion Body-Inspection Bypass in AWS Application Load Balancer with AWS WAF_CVE-2026-13763 Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF ma...	AWS	AWS Application Load Balancer	Jun 29, 2026	CVE
CRITICAL 9.8	CVE-2026-13762	HTTP/2 Stream Parser Confusion Body-Inspection Bypass in Amazon CloudFront with AWS WAF_CVE-2026-13762 Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule b...	AWS	Amazon CloudFront	Jun 29, 2026	CVE
CRITICAL 9.3	CVE-2026-56782	Gorse – Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints_CVE-2026-56782 Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attacke...	gorse-io	gorse	Jun 29, 2026	CVE
CRITICAL 9.3	CVE-2026-11720	Path Traversal in googleapis/mcp-toolbox HTTP Tool URL Builder_CVE-2026-11720 A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL b...	Google	MCP Toolbox for Databases (googleapis/mcp-toolbox)	Jun 29, 2026	CVE
CRITICAL 9.4	CVE-2026-41052	Rancher Privilege Escalation from Project Owner to Host_CVE-2026-41052 Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 bef...	SUSE	Rancher 2.12.0	Jun 29, 2026	CVE
CRITICAL 9.8	7494D4F4-A649-	Exploit for SQL Injection in Drupal_7494D4F4-A649-54A0-92A2-96DC1D8B29D1 CVE-2026-9082 Drupal PostgreSQL SQLi to RCE This repository contains a local lab and a short exploit for the Drupal JSON:API PostgreSQL SQL injecti...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
CRITICAL 9.8	THN:7CA247FF7A5...	⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More_THN:7CA247FF7A5A4532948A0B8472403FAD ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFXmUW2VYnBd5oSyq6V328rZOIdanacqm-k4Wae2x53iAvPb7YvO7rqDcfWTklR_skhgLDVTThASQvf4UATg...	N/A	N/A	Jun 29, 2026	THN
CRITICAL 9.4	AAF2A134-2B57-	Exploit for CVE-2026-28496_AAF2A134-2B57-5561-9F7C-FCB30165A305 CVE-2026-28496 - FOSSBilling Server-Side Template Injection in Twig Rendering Executive Summary This repository contains a local Docker lab for rep...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT