Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-55196	Hermes WebUI < 0.51.409 - Unauthenticated Passkey Registration via Authentication Bypass_CVE-2026-55196 Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote a...	hermes-webui	hermes-webui	Jun 17, 2026	CVE
HIGH 8.6	CVE-2026-53871	Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie_CVE-2026-53871 Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profi...	nesquena	hermes-webui	Jun 17, 2026	CVE
MEDIUM 6.8	CVE-2026-53870	Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files_CVE-2026-53870 Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversa...	NousResearch	hermes-agent	Jun 17, 2026	CVE
HIGH 8.7	CVE-2026-53869	Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints_CVE-2026-53869 Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin val...	NousResearch	hermes-agent	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-48818	Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows_CVE-2026-48818 Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...	Kludex	starlette < 1.1.0	Jun 17, 2026	CVE
NONE	PACKETSTORM:223705	📄 D-Link DSL2600U rom-0 Admin Password Disclosure_PACKETSTORM:223705 Proof of concept that demonstrates a vulnerability in D-Link DSL2600U routers with firmware version 1.08 that allows unauthenticated attackers to d...	N/A	N/A	Jun 17, 2026	PACKETSTORM
MEDIUM 4.3	PACKETSTORM:223717	📄 EspoCRM 9.3.3 Server-Side Request Forgery_PACKETSTORM:223717 This Metasploit module exploits an authenticated server-side request forgery vulnerability in EspoCRM versions up to 9.3.3. The vulnerability exist...	N/A	N/A	Jun 17, 2026	PACKETSTORM
HIGH 9.3	PACKETSTORM:223724	📄 EternalBlue MS17-010 SMB Remote Code Execution_PACKETSTORM:223724 This Metasploit module exploits the SMBv1 vulnerability in Microsoft Windows MS17-010 known as EternalBlue...	N/A	N/A	Jun 17, 2026	PACKETSTORM
CRITICAL 9.1	PACKETSTORM:223728	📄 Grav CMS Remote Code Execution_PACKETSTORM:223728 This Python exploit targets a vulnerability in Grav CMS versions prior to 2.0.0-beta.2 by abusing the administrative Direct Install plugin feature ...	N/A	N/A	Jun 17, 2026	PACKETSTORM
NONE	PACKETSTORM:223751	📄 NTLM Relay to Self (HTTP to LDAP) Post Exploitation_PACKETSTORM:223751 This Metasploit module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, ...	N/A	N/A	Jun 17, 2026	PACKETSTORM