CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2025-53209	WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability_CVE-2025-53209 Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: fro...	Themeisle	Masteriyo LMS PRO n/a	Jun 2, 2026	CVE
CRITICAL 9.8	ACB372C1-16C6-	Exploit for Missing Authentication for Critical Function in Coreweave Marimo_ACB372C1-16C6-5ED3-B493-7F4AE7C5E504 CVE-2026-39987 - a full PTY shell Unauthenticated Stored Cross-Site Scripting Severity: CRITICAL CVSS: 9.8 Impact: Confidentiality, Integrity, Avai...	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT
CRITICAL 9.9	92F10C51-99EC-	Exploit for Improper Control of Dynamically-Managed Code Resources in Nocobase_92F10C51-99EC-5FAC-AF95-11D0B6BFF73A CVE-2026-34156 – NocoBase Sandbox Escape RCE -orange Authenticated Remote Code Execution in NocoBase versions ≤ 2.0.26 via workflow sandbox escape....	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CC7CD69F-1974-	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector_CC7CD69F-1974-569F-950F-4CDEA50F0227 CVE-2026-23744 --- Description MCPJam inspector is a local-first development platform for MCP servers. The versions =1.4.2 are vulnerable to remote...	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2026-8206	Kirki 6.0.0 – 6.0.6 – Unauthenticated Privilege Escalation via ‘handle_forgot_password’_CVE-2026-8206 The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in ...	themeum	Kirki – Freeform Page Builder, Website Builder & Customizer 6.0.0	Jun 2, 2026	CVE
CRITICAL 9.8	966A6BD3-D47A-	Exploit for CVE-2026-8732_966A6BD3-D47A-5C10-8A7D-7EF9E9DA813A WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2026-8732 Overview A CRITICAL vulnerability, classified as CVE-2026-8732, has been iden...	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT
CRITICAL 9.8	6D8CA767-F358-	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector_6D8CA767-F358-5C56-BADD-6DFCD0A054E9 No description provided...	N/A	N/A	Jun 2, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2026-25879	Langroid has Prompt to SQL Injection, Leading to RCE_CVE-2026-25879 Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an L...	langroid	langroid < 0.63.0	Jun 1, 2026	CVE
CRITICAL 10	CVE-2026-40965	CVE-2026-40965_CVE-2026-40965 Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Ellipt...	Cloud Foundry Foundation	uaa_release 76.12.0	Jun 1, 2026	CVE
CRITICAL 9.1	CVE-2026-9092	CVE-2026-9092_CVE-2026-9092 Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserB...	Casdoor	Casdoor 2.362.0	May 28, 2026	CVE