CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-12849	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability_CVE-2026-12849 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted netwo...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
CRITICAL 10	CVE-2026-12848	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command_CVE-2026-12848 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service ...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
CRITICAL 10	CVE-2026-12847	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command_CVE-2026-12847 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service ...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
CRITICAL 10	CVE-2026-12846	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command_CVE-2026-12846 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service ...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
CRITICAL 9.1	CVE-2026-12486	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability_CVE-2026-12486 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted netwo...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
CRITICAL 10	CVE-2026-12485	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command_CVE-2026-12485 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service ...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
CRITICAL 9.8	EECE9D9F-6DA3-	Exploit for Path Traversal in Apache Http_Server_EECE9D9F-6DA3-5669-A840-4B74F51D2FBB CVE-2021-42013 — PoC: Path Traversal + RCE via modcgi bypass de parche Solo para uso en entornos controlados y propios. No usar contra sistemas sin...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 9.8	D76E3BC5-2C10-	Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin_D76E3BC5-2C10-52DE-8FE2-24C1C9C72D09 this is my version i found a lot in internet but those are too bad USAGE python3 exploit.py -u http://IP/grav-admin/ --lhost YOUR TUN0 IP --lport 4...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
CRITICAL 9.6	CVE-2026-54588	Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction._CVE-2026-54588 Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` re...	poweradmin	poweradmin < 4.2.4	Jun 23, 2026	CVE
CRITICAL 9.8	IMPERVABLOG:CC2...	CVE-2025-54068 Laravel Livewire Credential Theft Campaign: 6,000+ Applications Compromised_IMPERVABLOG:CC22F53AF67610E01435FC711BB2B03F ## Introduction On May 24, 2026, Imperva observed exploitation attempts against Laravel Livewire applications, blocked by the Imperva Cloud WA...	N/A	N/A	Jun 23, 2026	IMPERVABLOG