CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-38329	CVE-2026-38329_CVE-2026-38329 Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin...	Bludit	Bludit CMS 3.18.4	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-36537	CVE-2026-36537_CVE-2026-36537 ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user...	ThingsBoard	ThingsBoard 4.3.0.1	Jun 15, 2026	CVE
CRITICAL 9.1	CVE-2026-30121	CVE-2026-30121_CVE-2026-30121 remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.	remotion-dev	remotion v4.0.409	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-30120	CVE-2026-30120_CVE-2026-30120 remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.	remotion-dev	remotion-dev v4.0.409	Jun 15, 2026	CVE
CRITICAL 9.2	CVE-2025-13036	Rockwell Automation FactoryTalk Historian Site Edition – Authentication Bypass_CVE-2025-13036 An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an...	Rockwell Automation	FactoryTalk Historian SE v11	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-50880	CVE-2026-50880_CVE-2026-50880 An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted r...	YouTransfer Team	YouTransfer v1.0.6	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-50873	CVE-2026-50873_CVE-2026-50873 An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uplo...	flatnotes	flatnotes v5.5.4	Jun 15, 2026	CVE
CRITICAL 9.8	THN:6B787AC9D1F...	Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week_THN:6B787AC9D1F1066F097548000F8A1B03 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisozpc0YfCvHjGAyEZf7c1G10iEOgszA-mkIIrhG3A4VYcq8_Hih8U0hO66iBoDPPJZhfq7Dc3fGTsMLDiFi...	N/A	N/A	Jun 16, 2026	THN
CRITICAL 9.9	0EC1604B-E72F-	Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Portainer_0EC1604B-E72F-5EC0-A160-6417C6A48750 CVE-2026-44881 — Portainer Git Symlink → Arbitrary Host File Read Single-script exploit for CVE-2026-44881, a Git symlink injection in Portainer's ...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT
CRITICAL 9.9	C39D709A-5707-	Exploit for Use After Free in Redis_C39D709A-5707-512E-A49D-440E35D65CDB CVE-2025-49844 - RediShell Use-after-free in Redis Lua scripting leading to remote code execution. Summary of the CVE Redis is an open source, in-m...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT