Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-10609	Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization_CVE-2026-10609 A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output...	Red Hat	Logging Subsystem for Red Hat OpenShift	Jun 23, 2026	CVE
HIGH 7.4	CVE-2026-56815	CVE-2026-56815_CVE-2026-56815 pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor.	rasta-mouse	pwnlift	Jun 23, 2026	CVE
CRITICAL 9.2	CVE-2026-35019	NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass_CVE-2026-35019 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers t...	NetComm Wireless Pty Ltd	NF20MESH	Jun 23, 2026	CVE
HIGH 8.7	CVE-2026-35018	NetComm NF20MESH < R6B032 Authenticated RCE via OS Command Injection_CVE-2026-35018 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated...	NetComm Wireless Pty Ltd	NF20MESH R6B031 and earlier	Jun 23, 2026	CVE
CRITICAL 9.4	CVE-2026-28496	FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE_CVE-2026-28496 FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulne...	FOSSBilling	FOSSBilling < 0.8.0	Jun 23, 2026	CVE
CRITICAL 10	CVE-2026-27604	FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions_CVE-2026-27604 FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization byp...	FOSSBilling	FOSSBilling >= 0.5.4, < 0.8.0	Jun 23, 2026	CVE
NONE	THN:70DA639E50D...	Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents_THN:70DA639E50D29B870448D12D6323F7DF ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb14v3ddlfpybc15jRbk-cwHI-0S8BAzdp8Ix83L5ZCZ4AB8gCySG7J4tZr4od9q3Jbuic1a4J29VAvRcdSQ...	N/A	N/A	Jun 23, 2026	THN
NONE	THN:5382CB6B456...	Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration_THN:5382CB6B456E3DF10A48275317E6FC76 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoC7KFWoDGkSi-UzAyKNUkw-Ogs4oy2tCOAYXiYAAkqEUC1WMotLAE1GUwoWApfXK3prWVctTP05aLGjru0h...	N/A	N/A	Jun 23, 2026	THN
MEDIUM 5.3	CVE-2026-56696	OpenHarness – Prompt Injection via /issue and /pr_comments Slash Commands_CVE-2026-56696 OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-contro...	HKUDS	OpenHarness	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56695	OpenHarness – Cross-Session Disclosure via /resume and /summary Commands_CVE-2026-56695 OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and lo...	HKUDS	OpenHarness	Jun 23, 2026	CVE