packetstorm - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	PACKETSTORM:220753	📄 Contact Form by Supsystic 1.7.36 Server-Side Template Injection_PACKETSTORM:220753 Contact Form by Supsystic versions 1.7.36 and below server-side template injection exploit that achieves remote code execution...	N/A	N/A	May 11, 2026	PACKETSTORM
HIGH 7.5	PACKETSTORM:220741	📄 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution_PACKETSTORM:220741 This script is a Python-based proof of concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server's WLS-WSAT component. Th...	N/A	N/A	May 11, 2026	PACKETSTORM
HIGH 8.7	PACKETSTORM:220761	📄 strongSwan 4.5.0 EAP-TTLS Integer Underflow_PACKETSTORM:220761 This Metasploit auxiliary module is designed to detect a vulnerability in strongSwan's EAP-TTLS implementation, identified as CVE-2026-25075. The i...	N/A	N/A	May 11, 2026	PACKETSTORM
CRITICAL 9.1	PACKETSTORM:220574	📄 ThingsBoard IoT Platform 4.2.0 Server-Side Request Forgery_PACKETSTORM:220574 ThingsBoard IoT Platform version 4.2.0 suffers from a server-side request forgery vulnerability...	N/A	N/A	May 8, 2026	PACKETSTORM
CRITICAL 9.9	PACKETSTORM:220576	📄 NocoBase 2.0.27 VM Sandbox Escape_PACKETSTORM:220576 NocoBase versions 2.0.27 and below VM sandbox escape exploit...	N/A	N/A	May 8, 2026	PACKETSTORM
MEDIUM 5.3	PACKETSTORM:220609	📄 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609 The Chartify WordPress Chart plugin contains a missing authentication vulnerability in all versions up to and including 3.5.9. The plugin registers...	N/A	N/A	May 8, 2026	PACKETSTORM
HIGH 10	PACKETSTORM:220563	📄 Exim 4.91 Remote Command Execution_PACKETSTORM:220563 Exim versions 4.87 through 4.91 improper recipient-address validation remote command execution exploit...	N/A	N/A	May 8, 2026	PACKETSTORM
MEDIUM 4.8	PACKETSTORM:220578	📄 Apache Airflow Databricks Provider Certificate Verification Bypass_PACKETSTORM:220578 The Apache Airflow Databricks Provider package disables TLS certificate verification when communicating with the Kubernetes API server during feder...	N/A	N/A	May 8, 2026	PACKETSTORM
MEDIUM 6.5	PACKETSTORM:220601	📄 WordPress CatFolders 2.5.2 SQL Injection_PACKETSTORM:220601 WordPress CatFolders plugin versions 2.5.2 and below suffer from a remote SQL injection vulnerability...	N/A	N/A	May 8, 2026	PACKETSTORM
NONE	PACKETSTORM:220639	📄 Dash-Uploader 0.7.0a2 Path Traversal_PACKETSTORM:220639 There is an unauthenticated path traversal in dash-uploader versions 0.1.0 through 0.7.0a2 allowing arbitrary file write, leading to but not limite...	N/A	N/A	May 8, 2026	PACKETSTORM