category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-35077	Arbitrary file delete vulnerability in method ugw-delete-file_CVE-2026-35077 The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-co...	MBS	Single-A V1_0_0_0	Jun 3, 2026	CVE
HIGH 7.2	CVE-2026-35076	Arbitrary file delete vulnerability in method bac-scanresult_CVE-2026-35076 The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-cont...	MBS	Single-A V1_0_0_0	Jun 3, 2026	CVE
CRITICAL 9.3	CVE-2026-35075	Hardcoded default Password for Service Account_CVE-2026-35075 An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.	MBS	Single-A V1_0_0_0	Jun 3, 2026	CVE
MEDIUM 4.8	CVE-2026-10722	cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow_CVE-2026-10722 A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadColle...	cilium	ebpf 0.1	Jun 3, 2026	CVE
HIGH 7.3	CVE-2025-41259	SWUpdate Untrusted Script Execution via Signed Update TOCTOU_CVE-2025-41259 SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate pri...	sbabic	SWUpdate	Jun 3, 2026	CVE
CRITICAL 9.1	CVE-2026-4035	Environment Variable Resolution Vulnerability in mlflow/mlflow_CVE-2026-4035 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be ex...	mlflow	mlflow/mlflow unspecified	Jun 3, 2026	CVE
HIGH 7.1	CVE-2025-15654	WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability_CVE-2025-15654 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This...	Fox-themes	Prague n/a	Jun 3, 2026	CVE
CRITICAL 9.8	CVE-2026-47065	Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass – ZDRES-232_CVE-2026-47065 ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the se...	Apache Software Foundation	Apache MINA 2.2.0, 2.1.0, 2.0.0	Jun 3, 2026	CVE
HIGH 7.5	CVE-2026-41032	Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers_CVE-2026-41032 It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.	Phoenix Contact	CHARX SEC-3150 1.0.0	Jun 3, 2026	CVE
HIGH 8.8	CVE-2025-15656	WordPress School Management plugin <= 93.2.0 - Privilege Escalation vulnerability_CVE-2025-15656 Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from...	Mojoomla	School Management n/a	Jun 3, 2026	CVE