news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-8888	CVE-2026-8888_CVE-2026-8888 Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressio...	Securly	Securly Chrome Extension	Jun 3, 2026	CVE
HIGH 7.5	CVE-2026-8881	CVE-2026-8881_CVE-2026-8881 Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been b...	Securly	Securly Chrome Extension	Jun 3, 2026	CVE
MEDIUM 6.5	CVE-2026-8722	Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections_CVE-2026-8722 Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes...	TEAM	Net::Async::Statsd::Client	Jun 3, 2026	CVE
CRITICAL 9.8	CVE-2025-67446	CVE-2025-67446_CVE-2025-67446 Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cook...	Neterbit	NW-431F Router 20241014-IR03 and before	Jun 4, 2026	CVE
HIGH 7.4	CVE-2026-50292	CVE-2026-50292_CVE-2026-50292 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary roo...	freedesktop	libinput	Jun 4, 2026	CVE
MEDIUM 6.8	CVE-2026-48040	netty-incubator-codec-ohttp’s Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access_CVE-2026-48040 The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C li...	netty	netty-incubator-codec-ohttp < 0.0.22.Final	Jun 4, 2026	CVE
MEDIUM 5.4	CVE-2026-42547	IRIS Alerts Can be Falsely Attributed to Customers_CVE-2026-42547 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, use...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 4.3	CVE-2026-42543	IRIS has a Cross-Site Request Forgery (CSRF) issue_CVE-2026-42543 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vul...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 4.3	CVE-2026-42540	IRIS has a Mass Assignment issue_CVE-2026-42540 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 6.5	CVE-2026-42539	IRIS has an Excessive Data Exposure issue_CVE-2026-42539 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return ...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE