CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-56121	Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization_CVE-2026-56121 Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code e...	feast-dev	feast	Jun 24, 2026	CVE
CRITICAL 9.8	9FE7E8BC-4FDD-	Exploit for Out-of-bounds Write in Fortinet Fortiproxy_9FE7E8BC-4FDD-5C40-A866-41D14FB4E0CD CVE-2024-21762 - FortiOS SSL VPN Out-of-Bounds Write Overview \| Field \| Value \| \|-------\|-------\| \| CVE \| CVE-2024-21762 \| \| Advisory \| FG-IR-24-01...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 9.8	313C0238-45FD-	Exploit for CVE-2026-12416_313C0238-45FD-59C7-9A09-F1668F7DFE47 CVE-2026-12416-CVE-2026-12417 Unauthenticated Account Takeover via Weak Password Reset Validation via 'resetuserid' Parameter \| Unauthenticated Pri...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-56237	Capgo – Unauthenticated API Key Generation via Client-Side Parameter Manipulation_CVE-2026-56237 Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests...	Capgo	Capgo	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-56223	Capgo – Account Takeover via Cross-Domain SSO Email Assertion in provision-user_CVE-2026-56223 Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbi...	Capgo	Capgo	Jun 24, 2026	CVE
CRITICAL 9.8	2DEFD2D9-CD2E-	Exploit for OS Command Injection in Fortinet Fortiweb_2DEFD2D9-CD2E-5E1B-BEAB-3A15FD3493B4 Mô phỏng khai thác FortiWeb CVE-2025-64446 & CVE-2025-58034 Lưu ý: - Tài liệu này chỉ phục vụ mục đích học tập và nghiên cứu bảo mật. - Không sử dụ...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 10	FC87C5D8-8FE4-	Exploit for Deserialization of Untrusted Data in Facebook React_FC87C5D8-8FE4-516F-8C86-FF2150B1A826 Mô phỏng khai thác React2Shell CVE-2025-55182 Lưu ý: - Tài liệu này chỉ phục vụ mục đích học tập và nghiên cứu bảo mật. - Không sử dụng để tấn công...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 10	CVE-2026-12537	Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows_CVE-2026-12537 Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub A...	Google Cloud	Gemini CLI	Jun 24, 2026	CVE
CRITICAL 10	SECURELIST:25DF...	StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader_SECURELIST:25DF27E139AF4557190EDA740DEAB957 ![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2026/06/24085803/SL-StrikeShark-featured-990x400.jpg) ## Introduction Durin...	N/A	N/A	Jun 24, 2026	SECURELIST
CRITICAL 10	776C9ED4-3841-	Exploit for Code Injection in Craftcms Craft_Cms_776C9ED4-3841-5FC1-B7D1-370CEAB62FAB PoCCVE-2025-32432 CraftCMS CVE-2025-32432 - Clean PoC Version nettoyée et améliorée du PoC original. Crédits - Recherche originale : Orange Cyberde...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT