CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	7FE5A510-990A-	Exploit for Prototype Pollution in Cure53 Dompurify_7FE5A510-990A-5CCB-9427-6AA5D7B10937 No description provided...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.8	393A755A-8E32-	Exploit for Stack-based Buffer Overflow in Microsoft_393A755A-8E32-59DA-B6AC-2DE1A68B3BB0 LongLogon · CVE-2026-41089 LongLogon is an unauthenticated, non-destructive precondition checker for CVE-2026-41089, a pre-auth stack buffer overfl...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.8	93EFFA1D-01DF-	Exploit for Eval Injection in Geoserver_93EFFA1D-01DF-57C9-9826-139DBF9FD985 CVE-2024-36401 — Unauthenticated RCE in GeoServer A complete, reproducible study of CVE-2024-36401, an unauthenticated remote code execution flaw i...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 10	93A59886-B99C-	Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware_93A59886-B99C-532C-9C2C-E718BDD5A455 No description provided...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-35075	Hardcoded default Password for Service Account_CVE-2026-35075 An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.	MBS	Single-A V1_0_0_0	Jun 3, 2026	CVE
CRITICAL 9.1	CVE-2026-4035	Environment Variable Resolution Vulnerability in mlflow/mlflow_CVE-2026-4035 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be ex...	mlflow	mlflow/mlflow unspecified	Jun 3, 2026	CVE
CRITICAL 9.8	CVE-2026-47065	Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass – ZDRES-232_CVE-2026-47065 ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the se...	Apache Software Foundation	Apache MINA 2.2.0, 2.1.0, 2.0.0	Jun 3, 2026	CVE
CRITICAL 9.9	CVE-2025-14771	File Disclosure in ABB T-MAC Plus web application and in ABB T-MAC plus Server – Default IIS Web Site_CVE-2025-14771 Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.	ABB	T-MAC Plus 4.0-24	Jun 3, 2026	CVE
CRITICAL 9.1	0FCEE4B1-32D3-	Exploit for Reliance on Cookies without Validation and Integrity Checking in Paloaltonetworks Pan-Os_0FCEE4B1-32D3-513A-A4F5-F36C896CDED8 CVE-2026-0257 Palo Alto Networks PAN-OS contains an authentication bypass caused by flaws in the GlobalProtect portal and gateway, letting attacker...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.8	903D328B-6435-	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector_903D328B-6435-59B6-B1CB-0ECF3BF14DB4 CVE-2026-23744 — MCPJam Unauthenticated Remote Code Execution Summary MCPJam is an open-source MCP Model Context Protocol inspector and proxy used ...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT