CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-5386	KMW CCTV Security Cameras Unverified Password Change_CVE-2026-5386 The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset ...	KMW	KM-IP521 4.04.91.230307	May 29, 2026	CVE
CRITICAL 9.3	CVE-2026-45668	Trilium Notes : Note Import to RCE via #docName Path Traversal (Safe Import Enabled)_CVE-2026-45668 Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a mal...	TriliumNext	Trilium < 0.102.2	May 29, 2026	CVE
CRITICAL 9.9	CVE-2026-45661	Dokploy: Remote Code Execution through Path Traversal_CVE-2026-45661 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0....	Dokploy	dokploy <= 0.26.5	May 29, 2026	CVE
CRITICAL 9.9	CVE-2026-45633	Dokploy: Command Injection in /docker-container-logs Endpoint_CVE-2026-45633 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /do...	Dokploy	dokploy <= 0.26.6	May 29, 2026	CVE
CRITICAL 9.9	CVE-2026-45632	Dokploy: Schedule Authorization Bypass Enables Host/Server Command Execution_CVE-2026-45632 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks...	Dokploy	dokploy <= 0.26.7	May 29, 2026	CVE
CRITICAL 10	CVE-2026-45631	Dokploy: Pre-Auth Admin Takeover via Hardcoded Authentication Secret_CVE-2026-45631 Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-...	Dokploy	dokploy >= 0.27.0, < 0.29.3	May 29, 2026	CVE
CRITICAL 9	CVE-2026-45630	Dokploy: Authenticated Remote Code Execution via Command Injection in updateTraefikConfig Echo Statement_CVE-2026-45630 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateT...	Dokploy	dokploy <= 0.28.8	May 29, 2026	CVE
CRITICAL 9.9	CVE-2026-45629	Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint_CVE-2026-45629 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment ...	Dokploy	dokploy <= 0.28.8	May 29, 2026	CVE
CRITICAL 9.6	CVE-2026-45628	Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline_CVE-2026-45628 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template l...	Dokploy	dokploy <= 0.29.2	May 29, 2026	CVE
CRITICAL 9.9	CVE-2026-45625	Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs_CVE-2026-45625 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine en...	getarcaneapp	arcane < 1.19.0	May 29, 2026	CVE