HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-41236	Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path_CVE-2026-41236 Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization pa...	froxlor	froxlor = 2.3.6	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-41235	Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement_CVE-2026-41235 Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell ...	froxlor	froxlor = 2.3.6	Jun 4, 2026	CVE
HIGH 7.6	CVE-2026-41234	Froxlor: BIND Zone File Injection via TXT Record Content_CVE-2026-41234 Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline charact...	froxlor	froxlor < 2.3.7	Jun 4, 2026	CVE
HIGH 8.6	THN:3045B0C60DC...	Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public_THN:3045B0C60DCD251B7744C460F8FD4A2C ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6_xkmI_c8KreZ4cr2oC9gHJERU9xWsLGDrCNCaB11IQVGmJ-r0MYUjqGllvOFc0IVwGYBqnzLJl96WBTSVX...	N/A	N/A	Jun 4, 2026	THN
HIGH 7.1	CVE-2026-8874	CVE-2026-8874_CVE-2026-8874 Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via t...	Securly	Securly Chrome Extension	Jun 3, 2026	CVE
HIGH 7.1	CVE-2026-36176	CVE-2026-36176_CVE-2026-36176 GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physica...	n/a	n/a n/a	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-5228	Improper Access Control in Kurt Software Studio’s WriteUp Mobile App_CVE-2026-5228 Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly...	Kurt Software Studio	WriteUp Mobile App 1.3.0	Jun 4, 2026	CVE
HIGH 7.5	CVE-2026-8879	CVE-2026-8879_CVE-2026-8879 Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScript...	Securly	Securly Chrome Extension	Jun 3, 2026	CVE
HIGH 7.5	CVE-2026-8878	CVE-2026-8878_CVE-2026-8878 Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. T...	Securly	Securly Chrome Extension	Jun 3, 2026	CVE
HIGH 7.3	CVE-2026-8876	CVE-2026-8876_CVE-2026-8876 Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyw...	Securly	Securly Chrome Extension	Jun 3, 2026	CVE