news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-49193	Publicly Readable AWS S3 Telemetry Buckets_CVE-2026-49193 Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-49192	Summary Service Insecure Direct Object Reference_CVE-2026-49192 The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
CRITICAL 9.3	CVE-2026-49191	Exposed Hard-coded M3WebServer Backend API Key_CVE-2026-49191 The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
CRITICAL 9.4	CVE-2026-49190	Missing Per-Instruction Authorization Checks_CVE-2026-49190 The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application instal...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
NONE	THN:1914490991B...	DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets_THN:1914490991B466716EED3AB4A2342670 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTf5wAHnoXtVauiln2MwlVvLc4LxcL8SBTLuW648LfFhUd8QyuOUfjmg0Hd91QlksmWF2u-PQhxHDTDmseMI...	N/A	N/A	Jun 4, 2026	THN
CRITICAL 9.8	021063E9-0EFC-	Exploit for SQL Injection in Wpdeveloper Notificationx_021063E9-0EFC-5BB3-A717-3C9223961E61 CVE-2024-1698 – NotificationX WordPress Plugin SQL Injection Time‑Based Blind Unauthenticated Time‑Based Blind SQL Injection → Extract admin userna...	N/A	N/A	Jun 4, 2026	GITHUBEXPLOIT
NONE	74A7BA4E-D496-	Exploit for CVE-2026-49975_74A7BA4E-D496-587B-A72A-FA0BE663F994 CVE-2026-49975 — HTTP/2 Bomb PoC Proof-of-concept exploit for CVE-2026-49975, a remote denial-of-service vulnerability in HTTP/2 server implementat...	N/A	N/A	Jun 4, 2026	GITHUBEXPLOIT
MEDIUM 5.8	CVE-2026-46447	CVE-2026-46447_CVE-2026-46447 OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.	OpenStack	Ironic 17.0.0	Jun 3, 2026	CVE
HIGH 8.6	CVE-2026-49186	Lack of MQTT Broker Topic Access Control Lists_CVE-2026-49186 The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
CRITICAL 10	CVE-2026-49185	Instruction Injection via FieldX MDM_CVE-2026-49185 The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE