Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.4	CVE-2026-7888	Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction._CVE-2026-7888 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that la...	Concrete CMS	Concrete CMS 5.0	Jun 3, 2026	CVE
MEDIUM 4.4	CVE-2026-45702	OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic_CVE-2026-45702 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZo...	OP-TEE	optee_os >= 4.3.0, < 4.11.0	Jun 3, 2026	CVE
MEDIUM 4.7	CVE-2026-45614	OP-TEE vulnerable to ECDH private key recovery_CVE-2026-45614 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZo...	OP-TEE	optee_os < 4.11.0	Jun 3, 2026	CVE
MEDIUM 5.1	CVE-2026-42840	ERPNext 16.16.0 – Stored XSS in POS customer section via unescaped template literals_CVE-2026-42840 An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped renderin...	Frappe	ERPNext 16.16.0	Jun 3, 2026	CVE
MEDIUM 4.8	CVE-2026-42839	ERPNext 16.16.0 – Stored XSS in POS cart item rendering_CVE-2026-42839 An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image field...	Frappe	ERPNext 16.16.0	Jun 3, 2026	CVE
CRITICAL 9.8	PACKETSTORM:222614	📄 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614 This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to re...	N/A	N/A	Jun 3, 2026	PACKETSTORM
CRITICAL 9.8	7FE5A510-990A-	Exploit for Prototype Pollution in Cure53 Dompurify_7FE5A510-990A-5CCB-9427-6AA5D7B10937 No description provided...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
CRITICAL 9.8	393A755A-8E32-	Exploit for Stack-based Buffer Overflow in Microsoft_393A755A-8E32-59DA-B6AC-2DE1A68B3BB0 LongLogon · CVE-2026-41089 LongLogon is an unauthenticated, non-destructive precondition checker for CVE-2026-41089, a pre-auth stack buffer overfl...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
HIGH 8.8	472EEC26-F9C7-	coruna_472EEC26-F9C7-50CA-A4D6-2E1879CAC2F3 iOS Orchestrator — Coruna Web server, C2 listener, and interactive shell for the Coruna exploit chain CVE-2024-23222. Targets Safari on iOS 13–17.2...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
NONE	PACKETSTORM:222620	📄 Gogs Git Rebase Argument Injection / Remote Code Execution_PACKETSTORM:222620 This Metasploit module exploits an argument injection vulnerability in the pull request merge flow of Gogs versions less than or equal to 0.14.2 an...	N/A	N/A	Jun 3, 2026	PACKETSTORM