CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-7312	CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity_CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.823...	Progress Software	Sitefinity 14.0.7700, 15.0.8200, 15.1.8300, 15.2.8400, 15.3.8500, 15.4.8600	Jun 2, 2026	CVE
CRITICAL 9.8	CVE-2026-7198	CWE-284: Improper Access Control in web services in Progress Sitefinity_CVE-2026-7198 CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to acce...	Progress Software	Sitefinity 15.4.8623	Jun 2, 2026	CVE
CRITICAL 9.3	CVE-2026-47117	OpenMed < 1.5.2 Remote Code Execution via PII Model Loading_CVE-2026-47117 OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher use...	maziyarpanahi	openmed	Jun 2, 2026	CVE
CRITICAL 9.8	87C9F950-698A-	Exploit for Stack-based Buffer Overflow in Microsoft_87C9F950-698A-5A31-A619-957FBA51CBE0 CVE-2026-41089 - Security Buffer Overflow Quick Usage bash python3 exploit.py -t "C:\\Path\\To\\Target" -o demo.zip --data-file payload.exe Exploit...	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT
CRITICAL 9.8	088050CB-EA94-	-CyberPentest-Plugin-Claude-Code_088050CB-EA94-5CF8-B3D0-6CAF60984803 🔐 CyberPentest Plugin — Claude Code Plugin de pentest offensif intégré à Claude Code. Lance nmap, sqlmap, nuclei, gobuster et recherche automatiqu...	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-42684	WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability_CVE-2026-42684 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injectio...	Ahmad	WP Job Portal n/a	Jun 2, 2026	CVE
CRITICAL 9.8	24F04D01-BD33-	Exploit for CVE-2026-8206_24F04D01-BD33-5E2E-AD1D-CA3966227567 CVE-2026-8206 - Kirki WordPress Plugin Mass Exploit Mass exploitation tool for CVE-2026-8206 – a critical vulnerability in the Kirki WordPress plug...	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-34906	Server-Side Template Injection (SSTI) in Wirtualna Uczelnia_CVE-2026-34906 Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpo...	Simple SA	Wirtualna Uczelnia	Jun 2, 2026	CVE
CRITICAL 9.8	CVE-2025-53209	WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability_CVE-2025-53209 Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: fro...	Themeisle	Masteriyo LMS PRO n/a	Jun 2, 2026	CVE
CRITICAL 9.8	ACB372C1-16C6-	Exploit for Missing Authentication for Critical Function in Coreweave Marimo_ACB372C1-16C6-5ED3-B493-7F4AE7C5E504 CVE-2026-39987 - a full PTY shell Unauthenticated Stored Cross-Site Scripting Severity: CRITICAL CVSS: 9.8 Impact: Confidentiality, Integrity, Avai...	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT