MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-9307	Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities_CVE-2026-9307 A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Conn...	Rockwell Automation	CompactLogix 5370 V36	Jun 16, 2026	CVE
MEDIUM 6.9	CVE-2026-10831	Improper Authorization of Break Signal Commands in Devices_CVE-2026-10831 A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not pr...	Moxa	NPort 6000 Series 1.0	Jun 16, 2026	CVE
MEDIUM 4.2	CVE-2026-10640	Use-after-free reading `net_pkt` `iface` after send in IPv6 Neighbor Discovery (`ipv6_nbr.c`)_CVE-2026-10640 Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-inte...	zephyrproject	zephyr 3.3.0	Jun 16, 2026	CVE
MEDIUM 4.8	CVE-2026-10639	Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`_CVE-2026-10639 In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send...	zephyrproject	zephyr 1.14.0	Jun 16, 2026	CVE
MEDIUM 5.9	CVE-2026-10638	Use-after-free in Zephyr ICMPv6 RX path when updating statistics after sending an echo reply or error_CVE-2026-10638 subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_r...	zephyrproject	zephyr 4.2.0	Jun 16, 2026	CVE
MEDIUM 5.9	CVE-2026-10637	Use-after-free of net_pkt in IPv6 MLD send path triggerable by a link-local MLD Query_CVE-2026-10637 subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully. Per the networ...	zephyrproject	zephyr 1.12.0	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-12162	CVE-2026-12162_CVE-2026-12162 Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose store...	Devolutions	Remote Desktop Manager 2026.2.0	Jun 15, 2026	CVE
MEDIUM 5.1	CVE-2026-9507	Session fixation vulnerability in Enhancesoft’s osTicket_CVE-2026-9507 A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by kee...	Enhancesoft	osTicket 1.18.2	Jun 16, 2026	CVE
MEDIUM 6.7	THN:E4161CF0FE7...	China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth_THN:E4161CF0FE7CBFEDF9BA789D0C8137DE ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxym2hiE83TbiNOrIeH3s4QCF0wQ_BYcSYPKlC3m9LGSuJnH7UNicbkgIk4kQTbpPiLRul9dSxQ180XW656_...	N/A	N/A	Jun 16, 2026	THN
MEDIUM 6.3	CVE-2025-10262	An unsanitized format validation vulnerability in Nokia SR Linux_CVE-2025-10262 Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vuln...	Nokia	SR Linux < 23.10.8	Jun 16, 2026	CVE