CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	47950A77-F41D-	Exploit for CVE-2026-49869_47950A77-F41D-5310-A96F-B4B94D1E4D2F Kestra CVE-2026-49869 / CVE-2026-53576 Scanner Scans Kestra instances for the endsWith"/configs" authentication filter bypass. Kestra's Authenticat...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
CRITICAL 9.9	8F43F4B9-6528-	Exploit for Authorization Bypass Through User-Controlled Key in Langflow_8F43F4B9-6528-5606-8D84-E5AAE03367BB CVE-2026-55255 - Langflow IDOR in /api/v1/responses Executive Summary This repository contains a local Docker lab for reproducing and validating CV...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2026-43724	CVE-2026-43724_CVE-2026-43724 The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be ab...	Apple	iOS and iPadOS	Jun 29, 2026	CVE
CRITICAL 9.1	CVE-2026-55276	Apache Tomcat: Logged effective web.xml is incomplete_CVE-2026-55276 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not i...	Apache Software Foundation	Apache Tomcat 11.0.0-M1	Jun 29, 2026	CVE
CRITICAL 9.1	CVE-2026-39868	CVE-2026-39868_CVE-2026-39868 This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be abl...	Apple	iOS and iPadOS	Jun 29, 2026	CVE
CRITICAL 9.1	CVE-2026-53434	Apache Tomcat: Invalid CRL configuration doesn’t trigger failure for FFM Connector_CVE-2026-53434 Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apa...	Apache Software Foundation	Apache Tomcat 11.0.0-M1, 10.1.0-M7, 9.0.83	Jun 29, 2026	CVE
CRITICAL 9.1	CVE-2026-6556	@fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins_CVE-2026-6556 @fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-strin...	@fastify/express	@fastify/express	Jun 30, 2026	CVE
CRITICAL 9.3	CVE-2026-58116	LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path_CVE-2026-58116 LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code...	hiyouga	LlamaFactory 0.9.5	Jun 30, 2026	CVE
CRITICAL 9.4	B4B4CA7A-D754-	Exploit for OS Command Injection in Devcode Openstamanager_B4B4CA7A-D754-5C31-B526-5E199D0B91D5 CVE-2025-69212 OpenSTAManager --check Vulnerability Check bash Auto-detect plugin and verify vulnerability python3 exploit.py -t http://target.com ...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
CRITICAL 9.8	0EB7005F-1AF8-	Nessus-CVE-POC-Finder_0EB7005F-1AF8-5D82-BFB3-0885D0E7AA8B Nessus-CVE-POC-Finder Python script to parse .nessus file, extract CVE numbers, and search for exploits using "searchsploit". Usage usage: Nessus-C...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT