HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-10870	Shibby Tomato Web UI rc start_dhcpc os command injection_CVE-2026-10870 A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipula...	Shibby	Tomato 1.28.0000	Jun 4, 2026	CVE
HIGH 8.2	CVE-2025-69755	CVE-2025-69755_CVE-2025-69755 An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via ...	n/a	n/a n/a	Jun 4, 2026	CVE
HIGH 7.1	CVE-2025-67448	CVE-2025-67448_CVE-2025-67448 The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user inp...	n/a	n/a n/a	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-41237	Froxlor has an incomplete fix for CVE-2026-30932_CVE-2026-41237 Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowi...	froxlor	froxlor < 2.3.7	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-41236	Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path_CVE-2026-41236 Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization pa...	froxlor	froxlor = 2.3.6	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-41235	Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement_CVE-2026-41235 Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell ...	froxlor	froxlor = 2.3.6	Jun 4, 2026	CVE
HIGH 7.6	CVE-2026-41234	Froxlor: BIND Zone File Injection via TXT Record Content_CVE-2026-41234 Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline charact...	froxlor	froxlor < 2.3.7	Jun 4, 2026	CVE
HIGH 8.6	THN:3045B0C60DC...	Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public_THN:3045B0C60DCD251B7744C460F8FD4A2C ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6_xkmI_c8KreZ4cr2oC9gHJERU9xWsLGDrCNCaB11IQVGmJ-r0MYUjqGllvOFc0IVwGYBqnzLJl96WBTSVX...	N/A	N/A	Jun 4, 2026	THN
HIGH 7.1	CVE-2026-8874	CVE-2026-8874_CVE-2026-8874 Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via t...	Securly	Securly Chrome Extension	Jun 3, 2026	CVE
HIGH 7.1	CVE-2026-36176	CVE-2026-36176_CVE-2026-36176 GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physica...	n/a	n/a n/a	Jun 4, 2026	CVE