packetstorm - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	PACKETSTORM:222045	📄 Windows Shell LNK Spoofing / NTLMv2 Hash Capture_PACKETSTORM:222045 A spoofing vulnerability in Windows Shell File Explorer allows an attacker to capture NTLMv2 hashes without user interaction. By crafting a malicio...	N/A	N/A	May 27, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:221985	📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection_PACKETSTORM:221985 This Metasploit module is for WordPress Supsystic Contact Form plugin versions 1.7.36 and below. The plugin suffers from a server-side template inj...	N/A	N/A	May 26, 2026	PACKETSTORM
MEDIUM 6.5	PACKETSTORM:221998	📄 ZTE ZXHN H168N 3.5 Credential Disclosure_PACKETSTORM:221998 The ZTE ZXHN H168N V3.5 firmware exposes quick-setup wizard endpoints that return PPPoE credentials ADUsername, VDUsername and the WLAN KeyPassphra...	N/A	N/A	May 26, 2026	PACKETSTORM
HIGH 7.1	PACKETSTORM:221996	📄 ZTE ZXHN H188A V6 Authentication Bypass_PACKETSTORM:221996 Unauthenticated requests to the root path of ZTE ZXHN H188A V6 firmware can reach pre-login wizard handlers and disclose WLAN PSKs, SSIDs, and PPPo...	N/A	N/A	May 26, 2026	PACKETSTORM
HIGH 7.5	PACKETSTORM:221997	📄 ZTE ZXHN H298A / H108N Credential Disclosure_PACKETSTORM:221997 A single unauthenticated HTTP GET to /getpage.lua?pid=1000&ETHCheat=1 on ZTE H298A or H108N routers returns the live administrator password OBJUSER...	N/A	N/A	May 26, 2026	PACKETSTORM
CRITICAL 9.3	PACKETSTORM:221993	📄 Sparx Pro Cloud Server 6.1 / Sparx Enterprise Architect 17.1 SQL Injection_PACKETSTORM:221993 Multiple vulnerabilities in Sparx Pro Cloud Server PCS versions 6.1 and below and Sparx Enterprise Architect versions 17.1 and below allow a remote...	N/A	N/A	May 26, 2026	PACKETSTORM
HIGH 7.5	PACKETSTORM:221995	📄 ZTE ZXHN Router Denial of Service_PACKETSTORM:221995 The CGILua post.lua parser used in ZTE ZXHN routers does not enforce an upper bound on the body size of application/x-www-form-urlencoded POST requ...	N/A	N/A	May 26, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:221743	📄 dompdf Remote Code Execution_PACKETSTORM:221743 This Metasploit module exploits CVE-2022-28368, a remote code execution vulnerability in dompdf versions prior to 1.2.1. The vulnerability exists b...	N/A	N/A	May 21, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:221753	📄 Cockpit 359 Remote Code Execution_PACKETSTORM:221753 Cockpit versions 357 through 359 suffer from a remote code execution vulnerability...	N/A	N/A	May 21, 2026	PACKETSTORM
NONE	PACKETSTORM:221751	📄 Lenovo LegionSpace 1.7.11.2 Unquoted Service Path_PACKETSTORM:221751 Lenovo LegionSpace version 1.7.11.2 suffers from an unquoted service path vulnerability...	N/A	N/A	May 21, 2026	PACKETSTORM