CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	PACKETSTORM:222450	📄 Drupal core 10.5.5 SQL Injection_PACKETSTORM:222450 This proof of concept demonstrates an error-based remote SQL injection vulnerability in Drupal core version 10.5.5 PostgreSQL. User-controlled JSON...	N/A	N/A	Jun 2, 2026	PACKETSTORM
CRITICAL 9.8	AVLEONOV:68E701...	May Linux Patch Wednesday_AVLEONOV:68E7010A21B0F3420D3F6FE77C9479F4 ![May Linux Patch Wednesday](https://avleonov.com/wp-content/uploads/2026/06/[email protected]) May Linux Patch Wednesday. A total of 1,638 vu...	N/A	N/A	Jun 2, 2026	AVLEONOV
CRITICAL 9.1	CVE-2026-9098	CVE-2026-9098_CVE-2026-9098 In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs wit...	Casdoor	Casdoor	May 28, 2026	CVE
CRITICAL 9.8	CVE-2026-9097	CVE-2026-9097_CVE-2026-9097 Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in obje...	Casdoor	Casdoor 2.362.0 and earlier	May 28, 2026	CVE
CRITICAL 9.8	CVE-2026-9094	CVE-2026-9094_CVE-2026-9094 Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in obje...	Casdoor	Casdoor 2.362.0 and earlier	May 28, 2026	CVE
CRITICAL 9.8	CVE-2026-9093	CVE-2026-9093_CVE-2026-9093 In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML asserti...	Casdoor	Casdoor 2.362.0 and earlier	May 28, 2026	CVE
CRITICAL 9.1	CVE-2026-42252	Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern_CVE-2026-42252 Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator...	Apache Software Foundation	Apache Airflow 3.0.0	Jun 1, 2026	CVE
CRITICAL 9.3	CVE-2026-42074	OpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input_CVE-2026-42074 OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisabl...	Gitlawb	openclaude < 0.5.1	Jun 2, 2026	CVE
CRITICAL 9.2	CVE-2026-0611	Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting_CVE-2026-0611 Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability th...	Spacelabs Healthcare	Sentinel 10.5.0	Jun 2, 2026	CVE
CRITICAL 9.8	D99A0BB7-56FB-	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector_D99A0BB7-56FB-5C9E-A5E5-63F845A32F54 CVE-2026-23744 - MCPJam Inspector RCE PoC Proof of Concept exploit for CVE-2026-23744: Remote Code Execution vulnerability in MCPJam Inspector 1.4....	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT