CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-45632	Dokploy: Schedule Authorization Bypass Enables Host/Server Command Execution_CVE-2026-45632 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks...	Dokploy	dokploy <= 0.26.7	May 29, 2026	CVE
CRITICAL 10	CVE-2026-45631	Dokploy: Pre-Auth Admin Takeover via Hardcoded Authentication Secret_CVE-2026-45631 Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-...	Dokploy	dokploy >= 0.27.0, < 0.29.3	May 29, 2026	CVE
CRITICAL 9	CVE-2026-45630	Dokploy: Authenticated Remote Code Execution via Command Injection in updateTraefikConfig Echo Statement_CVE-2026-45630 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateT...	Dokploy	dokploy <= 0.28.8	May 29, 2026	CVE
CRITICAL 9.9	CVE-2026-45629	Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint_CVE-2026-45629 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment ...	Dokploy	dokploy <= 0.28.8	May 29, 2026	CVE
CRITICAL 9.6	CVE-2026-45628	Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline_CVE-2026-45628 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template l...	Dokploy	dokploy <= 0.29.2	May 29, 2026	CVE
CRITICAL 9.9	CVE-2026-45625	Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs_CVE-2026-45625 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine en...	getarcaneapp	arcane < 1.19.0	May 29, 2026	CVE
CRITICAL 9.1	CVE-2026-9051	Authentication Bypass Vulnerability in NI SystemLink Enterprise_CVE-2026-9051 There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote atta...	NI	SystemLink Enterprise	May 29, 2026	CVE
CRITICAL 9.9	CVE-2026-47744	Shopper: Authorization bypass and RBAC privilege escalation in team settings_CVE-2026-47744 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated pan...	shopperlabs	shopper < 2.8.0	May 29, 2026	CVE
CRITICAL 9.1	CVE-2026-44650	SillyTavern: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)_CVE-2026-44650 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engine...	SillyTavern	SillyTavern < 1.18.0	May 29, 2026	CVE
CRITICAL 9.8	CVE-2026-44649	SillyTavern: Authentication Bypass via SSO Header Injection_CVE-2026-44649 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engine...	SillyTavern	SillyTavern < 1.18.0	May 29, 2026	CVE