HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-55762	Rocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` Endpoint_CVE-2026-55762 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, ...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.1	Jun 24, 2026	CVE
HIGH 7.4	CVE-2026-55759	Rocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replay_CVE-2026-55759 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, ...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.1	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-54759	SiYuan: Lute HTML sanitizer allows `` tags in Bazaar package README, leading to arbitrary command execution via SiYuan Electron client_CVE-2026-54759</span> </h3> <p class="advisory-desc" title="SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious in a Bazaar package README that executes arbitrary commands on the victim's machine when the package details are viewed. No package installation is required. This vulnerability is fixed in 3.7.0."> <span class="desc-text">SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the S...</span> </p> </a> </td> <td class="col-vendor"> siyuan-note </td> <td class="col-product"> siyuan <span class="product-version">< 3.7.0</span> </td> <td class="col-date"> <time class="advisory-date">Jun 24, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="65524"> <td class="col-severity"> <span class="severity-badge severity-high"> HIGH <span class="cvss-score">7.1</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-54070"> CVE-2026-54070 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=65524" class="advisory-title-link"> <h3 class="advisory-title" title="SiYuan: Stored XSS in Bazaar marketplace via package README event handlers_CVE-2026-54070"> <span class="title-text">SiYuan: Stored XSS in Bazaar marketplace via package README event handlers_CVE-2026-54070</span> </h3> <p class="advisory-desc" title="SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitize(true). The lute sanitizer is an event-handler blocklist: allowAttr rejects only attribute names present in a fixed eventAttrs map copied from the w3schools legacy handler list. That map omits modern event handlers. onpointerover, onpointerdown, onauxclick, onbeforetoggle, onfocusin, onanimationstart, and ontransitionend are not in the list, so the sanitizer passes them through verbatim on any tag. The frontend assigns the rendered HTML to mdElement.innerHTML in app/src/config/bazaar.ts with no client-side DOMPurify on this path, into a normal element in the main document (no iframe, no sandbox). The kernel sends no Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options header on any response, so an inline handler runs when its event fires. The README is rendered when an Administrator opens a package in Settings → Marketplace, after the one-time marketplace trust consent. Install is not required. Result: a third-party Bazaar package author runs JavaScript in the Administrator's authenticated SiYuan origin when the Administrator views and interacts with the package listing, and gains full control of the workspace. This vulnerability is fixed in 3.7.0."> <span class="desc-text">SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar pack...</span> </p> </a> </td> <td class="col-vendor"> siyuan-note </td> <td class="col-product"> siyuan <span class="product-version">< 3.7.0</span> </td> <td class="col-date"> <time class="advisory-date">Jun 24, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="65520"> <td class="col-severity"> <span class="severity-badge severity-high"> HIGH <span class="cvss-score">7.5</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-54066"> CVE-2026-54066 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=65520" class="advisory-title-link"> <h3 class="advisory-title" title="SiYuan: Path Traversal via Double URL Encoding in /assets/path (publish mode arbitrary file─read)_CVE-2026-54066"> <span class="title-text">SiYuan: Path Traversal via Double URL Encoding in /assets/path (publish mode arbitrary file─read)_CVE-2026-54066</span> </h3> <p class="advisory-desc" title="SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Traversal via Double URL Encoding") sanitized the /export/ route but the identical root cause remains in the /assets/path route. In publish mode (anonymous read-only HTTP endpoint, default port 6808), an unauthenticated remote attacker can read arbitrary files inside WorkspaceDir — including conf/conf.json (which contains the AccessAuthCode SHA256 hash, API token, and sync keys), temp/siyuan.db, temp/blocktree.db, and siyuan.log — by double-URL-encoding .. segments. This vulnerability is fixed in 3.7.0."> <span class="desc-text">SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Traversal via Double URL Encodin...</span> </p> </a> </td> <td class="col-vendor"> siyuan-note </td> <td class="col-product"> siyuan <span class="product-version">< 3.7.0</span> </td> <td class="col-date"> <time class="advisory-date">Jun 24, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="65517"> <td class="col-severity"> <span class="severity-badge severity-high"> HIGH <span class="cvss-score">7.5</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-52794"> CVE-2026-52794 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=65517" class="advisory-title-link"> <h3 class="advisory-title" title="Sentry: Inefficient Regular Expression Complexity in sentry_CVE-2026-52794"> <span class="title-text">Sentry: Inefficient Regular Expression Complexity in sentry_CVE-2026-52794</span> </h3> <p class="advisory-desc" title="Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time. This vulnerability is fixed in 26.5.2."> <span class="desc-text">Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability...</span> </p> </a> </td> <td class="col-vendor"> getsentry </td> <td class="col-product"> sentry <span class="product-version">>= 24.4.0, < 26.5.2</span> </td> <td class="col-date"> <time class="advisory-date">Jun 24, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="65515"> <td class="col-severity"> <span class="severity-badge severity-high"> HIGH <span class="cvss-score">8.9</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-50189"> CVE-2026-50189 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=65515" class="advisory-title-link"> <h3 class="advisory-title" title="Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route_CVE-2026-50189"> <span class="title-text">Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route_CVE-2026-50189</span> </h3> <p class="advisory-desc" title="Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the APPSMITH_SUPERVISOR_PASSWORD exposed via GET /api/v1/admin/env, any authenticated administrator can send arbitrary XML-RPC calls to supervisord and execute OS commands inside the Docker container via twiddler.addProgramToGroup. This vulnerability is fixed in 2.1."> <span class="desc-text">Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC inter...</span> </p> </a> </td> <td class="col-vendor"> appsmithorg </td> <td class="col-product"> appsmith <span class="product-version">< 2.1</span> </td> <td class="col-date"> <time class="advisory-date">Jun 24, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="65514"> <td class="col-severity"> <span class="severity-badge severity-high"> HIGH <span class="cvss-score">7.1</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-47110"> CVE-2026-47110 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=65514" class="advisory-title-link"> <h3 class="advisory-title" title="Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute_CVE-2026-47110"> <span class="title-text">Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute_CVE-2026-47110</span> </h3> <p class="advisory-desc" title="Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri() function when passed to preg_match(). Attackers can persist malformed JSON records that permanently crash the server-side HTML rendering pipeline for all subsequent viewers of that record until the database entry is manually repaired."> <span class="desc-text">Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by ...</span> </p> </a> </td> <td class="col-vendor"> ueberdosis </td> <td class="col-product"> tiptap-php </td> <td class="col-date"> <time class="advisory-date">Jun 24, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="65512"> <td class="col-severity"> <span class="severity-badge severity-high"> HIGH <span class="cvss-score">7.8</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-10043"> CVE-2026-10043 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=65512" class="advisory-title-link"> <h3 class="advisory-title" title="MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability_CVE-2026-10043"> <span class="title-text">MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability_CVE-2026-10043</span> </h3> <p class="advisory-desc" title="MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27990."> <span class="desc-text">MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbi...</span> </p> </a> </td> <td class="col-vendor"> MosaicML </td> <td class="col-product"> Composer <span class="product-version">0.32.1</span> </td> <td class="col-date"> <time class="advisory-date">Jun 24, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="65508"> <td class="col-severity"> <span class="severity-badge severity-high"> HIGH <span class="cvss-score">8.8</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="MALWAREBYTES:EC34003352AA88477BAACCE9BF91A066"> MALWAREBYTES:EC... </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=65508" class="advisory-title-link"> <h3 class="advisory-title" title="PixelSmash flaw turns video files into attack tools_MALWAREBYTES:EC34003352AA88477BAACCE9BF91A066"> <span class="title-text">PixelSmash flaw turns video files into attack tools_MALWAREBYTES:EC34003352AA88477BAACCE9BF91A066</span> </h3> <p class="advisory-desc" title="A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have disclosed PixelSmash, a critical vulnerability tracked as CVE-2026-8461, in FFmpeg’s MagicYUV video decoder with a CVSS score of 8.8. By crafting a specially formatted AVI, MKV, or MOV file, an attacker can crash or potentially run code on any system that tries to generate a thumbnail, extract metadata, or play the file with a vulnerable version of FFmpeg. ## What is FFmpeg and is this serious? FFmpeg is an open‑source toolkit for recording, converting, and streaming audio and video, and its libavcodec library implements hundreds of audio and video decoders. One of those is MagicYUV, a lossless codec popular in video editing. A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have disclosed PixelSmash, a critical vulnerability tracked as CVE-2026-8461, in FFmpeg’s MagicYUV video decoder with a CVSS score of 8.8. By crafting a specially formatted AVI, MKV, or MOV file, an attacker can crash or potentially execute code on any system that tries to generate a thumbnail, extract metadata, or play the file with a vulnerable version of FFmpeg. ## What is FFmpeg and is this serious? FFmpeg is an open‑source toolkit for recording, converting, and streaming audio and video, and its libavcodec library implements hundreds of audio and video decoders. One of those is MagicYUV, a lossless codec popular in video editing. The researchers found it was enabled by default in upstream FFmpeg and every Linux distribution package they tested up to FFmpeg 9.0. The impact is more serious than you may think. If you run anything that touches video—from a Linux desktop to a Jellyfin or Nextcloud server, or even an AI model that ingests clips—you probably rely on FFmpeg under the hood. It’s hard to put an exact number on how many systems are affected, but it helps to know that: * Tens of millions of Linux systems rely on `ffmpegthumbnailer` and system `libavcodec` for thumbnails, meaning “just browsing a folder” can trigger the bug if a malicious file is present. * Jellyfin and Nextcloud, among the most popular self‑hosted media and file platforms globally, each have at least tens of thousands of active internet‑reachable servers. Almost all of those that did not update FFmpeg or disable MagicYUV are vulnerable to denial of service (DoS) and, in some configurations, targeted remote code execution (RCE) attacks. * A large fraction of consumer network attached storage (NAS) and smart TV platforms use FFmpeg for previews and thumbnails. These devices are sold in the millions. The most worrying part of PixelSmash is how little it takes to trigger it. All you need is an application that uses FFmpeg to process untrusted media and has the MagicYUV decoder compiled in. PixelSmash is a good illustration of a broader problem in the open‑source ecosystem: a bug in a deep dependency that silently propagates everywhere. ## How to protect yourself This vulnerability is not something most home users need to worry about. It needs to be taken care of upstream. Users of affected Linux distributions should keep an eye out for FFmpeg updates or security updates from their distro. But if you’re responsible for systems that handle video, you should assume you are affected until you prove otherwise. The main mitigation steps are: * Update FFmpeg. FFmpeg version 8.1.2, released on June 17, 2026, includes a fix for CVE‑2026‑8461. If your distribution or vendor provides an updated FFmpeg, install it across desktops, servers, and containers. * Check if MagicYUV is enabled and disable it or apply patches where possible. * Reduce automatic processing of untrusted video. Review which preview providers and thumbnailers are enabled, especially for rarely used formats. Finally, it is worth watching for abnormal crashes of media players, thumbnailers, or media servers, especially after opening or downloading a new video file. You should treat repeated crashes or missing thumbnails as potential indicators of malicious content until systems are patched. * * * We don’t just report on threats—we remove them Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today. The impact is more serious than you may think. If you run anything that touches video—from a Linux desktop to a Jellyfin or Nextcloud server, or even an AI model that ingests clips—you probably rely on FFmpeg under the hood. It’s hard to put an exact number on how many systems are affected, but it helps to know that: * Tens of millions of Linux systems rely on `ffmpegthumbnailer` and system `libavcodec` for thumbnails, meaning “just browsing a folder” can trigger the bug if a malicious file is present. * Jellyfin and Nextcloud, among the most popular self‑hosted media and file platforms globally, each have at least tens of thousands of active internet‑reachable servers. Almost all of those that did not update FFmpeg or disable MagicYUV are vulnerable to denial of service (DoS) and, in some configurations, targeted remote code execution (RCE) attacks. * A large fraction of consumer network attached storage (NAS) and smart TV platforms use FFmpeg for previews and thumbnails. These devices are sold in the millions. The most worrying part of PixelSmash is how little it takes to trigger it. All you need is an application that uses FFmpeg to process untrusted media and has the MagicYUV decoder compiled in. PixelSmash is a good illustration of a broader problem in the open‑source ecosystem: a bug in a deep dependency that silently propagates everywhere. ## How to protect yourself This vulnerability is not something most home users need to worry about. It needs to be taken care of upstream. Users of affected Linux distributions should keep an eye out for FFmpeg updates or security updates from their distro. But if you’re responsible for systems that handle video, you should assume you are affected until you prove otherwise. The main mitigation steps are: * Update FFmpeg. FFmpeg version 8.1.2, released on June 17, 2026, includes a fix for CVE‑2026‑8461. If your distribution or vendor provides an updated FFmpeg, install it across desktops, servers, and containers. * Check if MagicYUV is enabled and disable it or apply patches where possible. * Reduce automatic processing of untrusted video. Review which preview providers and thumbnailers are enabled, especially for rarely used formats. Finally, it is worth watching for abnormal crashes of media players, thumbnailers, or media servers, especially after opening or downloading a new video file. You should treat repeated crashes or missing thumbnails as potential indicators of malicious content until systems are patched. * * * We don’t just report on threats—we remove them Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today."> <span class="desc-text">A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have dis...</span> </p> </a> </td> <td class="col-vendor"> N/A </td> <td class="col-product"> N/A </td> <td class="col-date"> <time class="advisory-date">Jun 24, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-malwarebytes">MALWAREBYTES</span> </td> </tr> </tbody> </table> </div> <nav class="pagination" role="navigation" aria-label="Posts navigation"> <div class="pagination-links"> <a class="prev page-numbers" href="https://zero.redgem.net/?paged=6&page=2052&tag=high">← Prev</a> <a class="page-numbers" href="https://zero.redgem.net/?page=2052&tag=high">1</a> <span class="page-numbers dots">…</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=5&page=2052&tag=high">5</a> <a class="page-numbers" href="https://zero.redgem.net/?paged=6&page=2052&tag=high">6</a> <span aria-current="page" class="page-numbers current">7</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=8&page=2052&tag=high">8</a> <a class="page-numbers" href="https://zero.redgem.net/?paged=9&page=2052&tag=high">9</a> <span class="page-numbers dots">…</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=2054&page=2052&tag=high">2,054</a> <a class="next page-numbers" href="https://zero.redgem.net/?paged=8&page=2052&tag=high">Next →</a> </div> </nav> <div class="redgem-banner"> <div class="banner-content"> <div class="banner-icon"> <svg width="32" height="32" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/><path d="M9 12l2 2 4-4"/></svg> </div> <div class="banner-text"> <h3>Protect Your Attack Surface with RedGem</h3> <p>AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.</p> </div> <div class="banner-actions"> <a href="https://www.redgem.net" class="btn-primary" target="_blank" rel="noopener">Start Free Trial</a> <a href="https://www.redgem.net/demo" class="btn-secondary" target="_blank" rel="noopener">Request Demo</a> </div> </div> </div> </div> </div> </main><!-- #primary --> </div><!-- #content --> <footer id="colophon" class="site-footer"> <div class="footer-accent"></div> <div class="container"> <div class="footer-top"> <div class="footer-brand"> <div class="footer-logo"> <img src="https://www.redgem.net/logo.png" alt="zero redgem" width="100" height="80" class="footer-logo-img" /> </div> <p class="footer-tagline">Your trusted source for security vulnerabilities, exploits, and CVE intelligence. Part of the RedGem security platform.</p> <div class="footer-social"> <a href="#" aria-label="Twitter" title="Follow us on Twitter"> <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"/></svg> </a> <a href="#" aria-label="GitHub" title="View on GitHub"> <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23A11.509 11.509 0 0112 5.803c1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576C20.566 21.797 24 17.3 24 12c0-6.627-5.373-12-12-12z"/></svg> </a> <a href="https://zero.redgem.net/?feed=rss2" aria-label="RSS Feed" title="RSS Feed"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M4 11a9 9 0 0 1 9 9"/><path d="M4 4a16 16 0 0 1 16 16"/><circle cx="5" cy="19" r="1"/></svg> </a> </div> </div> <div class="footer-links-grid"> <div class="footer-section"> <h4>Quick Links</h4> <ul> <li><a href="https://zero.redgem.net/">Home</a></li> <li><a href="https://zero.redgem.net/?s=">Search</a></li> </ul> </div> <div class="footer-section"> <h4>RedGem Platform</h4> <ul> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Main Platform</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Asset Discovery</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Leakage Detection</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Vulnerability Scanners</a></li> </ul> </div> <div class="footer-section"> <h4>Security Resources</h4> <ul> <li><a href="https://cve.mitre.org/" target="_blank" rel="noopener">CVE Database</a></li> <li><a href="https://nvd.nist.gov/" target="_blank" rel="noopener">NVD</a></li> <li><a href="https://www.exploit-db.com/" target="_blank" rel="noopener">Exploit-DB</a></li> <li><a href="https://www.securityfocus.com/" target="_blank" rel="noopener">SecurityFocus</a></li> </ul> </div> </div> </div> <div class="footer-bottom"> <div class="footer-info"> <p>© 2026 zero redgem. All rights reserved.</p> <p>Powered by <a href="https://wordpress.org/" target="_blank" rel="noopener">WordPress</a> · RedGem Security Theme</p> </div> <div class="footer-badges"> <span class="footer-badge"> <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg> Secured </span> <span class="footer-badge"> <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 11.08V12a10 10 0 1 1-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg> Verified Data </span> </div> </div> </div> </footer> </div><!-- #page --> <script id="security-news-script-js-extra"> var securityNewsAjax = {"ajaxurl":"//zero.redgem.net/wp-admin/admin-ajax.php","nonce":"3b97bd9f48"}; //# sourceURL=security-news-script-js-extra </script> <script src="https://zero.redgem.net/wp-content/themes/security-news/js/theme.js?ver=2.14.0" id="security-news-script-js"></script> <script id="wp-emoji-settings" type="application/json"> {"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://zero.redgem.net/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4"}} </script> <script type="module"> /! This file is auto-generated / const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything\|\|((t=a.source\|\|{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))}); //# sourceURL=https://zero.redgem.net/wp-includes/js/wp-emoji-loader.min.js </script> </body> </html>