CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	MS:CVE-2026-9875	Chromium: CVE-2026-9875 Out of bounds read in WebGL_MS:CVE-2026-9875 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	May 31, 2026	MSCVE
CRITICAL 9.6	MS:CVE-2026-9876	Chromium: CVE-2026-9876 Use after free in WebGL_MS:CVE-2026-9876 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	May 31, 2026	MSCVE
CRITICAL 10	CVE-2026-45132	CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling_CVE-2026-45132 CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) expo...	CloudPirates-io	helm-charts < fcf930211604652aec15085895b6457bc8b73b54	Jun 1, 2026	CVE
CRITICAL 10	CVE-2026-45131	CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests_CVE-2026-45131 CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) execute...	CloudPirates-io	helm-charts < fcf930211604652aec15085895b6457bc8b73b54	Jun 1, 2026	CVE
CRITICAL 9.6	CVE-2026-44211	Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability_CVE-2026-44211 Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hij...	cline	cline <= 2.13.0	Jun 1, 2026	CVE
CRITICAL 9.3	CVE-2026-42672	WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability_CVE-2026-42672 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blin...	Wp Directory Kit	WP Directory Kit n/a	Jun 1, 2026	CVE
CRITICAL 9.4	CVE-2026-8931	Critical RCE vulnerability in Disig Web Signer_CVE-2026-8931 A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.	Disig	Web Signer 2.0.3	Jun 1, 2026	CVE
CRITICAL 9.8	CVE-2026-48879	WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability_CVE-2026-48879 Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17.	Sergey	AIWU n/a	Jun 1, 2026	CVE
CRITICAL 9.6	CVE-2026-48866	WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability_CVE-2026-48866 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Travers...	Rocketgenius Inc.	Gravity Forms n/a	Jun 1, 2026	CVE
CRITICAL 9.1	CVE-2026-42682	WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability_CVE-2026-42682 Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue a...	Tomdever	wpForo Forum n/a	Jun 1, 2026	CVE