CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-53576	Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass_CVE-2026-53576 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/ap...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
CRITICAL 10	CVE-2026-49869	Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`_CVE-2026-49869 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath(...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2025-64152	Apache IoTDB: Path Traversal Vulnerability_CVE-2025-64152 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro...	Apache Software Foundation	Apache IoTDB 1.0.0	Jun 26, 2026	CVE
CRITICAL 9.1	CVE-2025-55017	Apache IoTDB: Path Traversal Vulnerability_CVE-2025-55017 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: fro...	Apache Software Foundation	Apache IoTDB 2.0.0	Jun 26, 2026	CVE
CRITICAL 9.8	CVE-2026-0685	Server side template inject (SSTI) in Edgewall Genshi Template Engine_CVE-2026-0685 Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achie...	Edgewall	Genshi 0.7.9	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2025-11919	Unprotected temporary directories in Wolfram Cloud may result in privilege escalation_CVE-2025-11919 The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp...	Wolfram Research Inc.	Cloud 14.2	Jun 26, 2026	CVE
CRITICAL 9.6	CVE-2026-33646	mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)_CVE-2026-33646 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template e...	jdx	mise < 2026.3.10	Jun 26, 2026	CVE
CRITICAL 9.8	C1779145-9574-	Exploit for OS Command Injection in Cacti_C1779145-9574-5457-B610-1891430BF6B2 CVE-2026-39938: Cacti " 3.2 Execute the Code by Including Log File bash curl -k -s "http://target-cacti/graphimage.php?action=view&localgraphid=1&g...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
CRITICAL 9.8	2A8C8CE0-592F-	Exploit for Missing Authentication for Critical Function in Splunk_2A8C8CE0-592F-566A-AD1D-9DB21DEE0C60 CVE-2026-20253 - Splunk Enterprise Pre-Auth RCE PoC ⚠️ ADVERTENCIA: Este script es solo para fines educativos y de prueba en entornos autorizados. ...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
CRITICAL 10	THN:7EF04AAF427...	New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks_THN:7EF04AAF4274557391FF629872DDC867 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsnAZNjHSEX7UtabbKNVn68uohH8pK5LKuU2CgckZTJowWHxYmEjx9ROquO9tFsThy-3_759_ko2TQEX4Wm3...	N/A	N/A	Jun 26, 2026	THN