news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	MSF:AUXILIARY-SCANNER-	Audiobookshelf Unauthenticated API Authentication Bypass Scanner_MSF:AUXILIARY-SCANNER-HTTP-AUDIOBOOKSHELF_AUTH_BYPASS- This module detects Audiobookshelf servers affected by CVE-2025-25205, an unauthenticated authentication bypass. Affected versions 2.17.0 through 2...	N/A	N/A	Jun 23, 2026	METASPLOIT
NONE	D00ABD7F-A3B6-	web-exploitation-lab_D00ABD7F-A3B6-5F61-A944-65E5960AB87E 🌐 Web Exploitation Lab Payloads, techniques et cheatsheet web — SQLi, XSS, LFI, SSRF — by @ibramoha2 --- 💉 SQL Injection sql -- Test basique ' OR...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
NONE	HACKREAD:40BF5A...	LastPass Confirms Customer Data Breach After Klue OAuth Token Theft_HACKREAD:40BF5AE34923B51723CA316715EF181B LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen…	N/A	N/A	Jun 23, 2026	HACKREAD
CRITICAL 9.8	IMPERVABLOG:CC2...	CVE-2025-54068 Laravel Livewire Credential Theft Campaign: 6,000+ Applications Compromised_IMPERVABLOG:CC22F53AF67610E01435FC711BB2B03F ## Introduction On May 24, 2026, Imperva observed exploitation attempts against Laravel Livewire applications, blocked by the Imperva Cloud WA...	N/A	N/A	Jun 23, 2026	IMPERVABLOG
NONE	WIRED:97C27F256...	Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed_WIRED:97C27F256D0F2D95C8FBD8F9552B9208 The private events group, cofounded by Peter Thiel, says a “criminal” hacker is behind a breach that exposed members’ personal details. WIRED found...	N/A	N/A	Jun 23, 2026	WIRED
NONE	HACKREAD:B18ECD...	Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity_HACKREAD:B18ECD3BC16D6012AA85453F7891373F DC, United States, 23rd June 2026, CyberNewswire	N/A	N/A	Jun 23, 2026	HACKREAD
MEDIUM 5.9	CVE-2026-55736	Private action arguments can be set by user input in Ash_CVE-2026-55736 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a...	ash-project	ash 3.0.0	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-55249	@rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String_CVE-2026-55249 @rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rew...	rtk-ai	rtk 1.0.0	Jun 23, 2026	CVE
HIGH 7.7	CVE-2026-54322	Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org’s roles_CVE-2026-54322 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organizatio...	daytonaio	daytona < 0.185.0	Jun 23, 2026	CVE
HIGH 7	CVE-2026-54321	Daytona: Public sandbox previews remain accessible for up to one hour after being made private_CVE-2026-54321 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox pre...	daytonaio	daytona >= 0.101.0, < 0.184.0	Jun 23, 2026	CVE