Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-47268	Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host_CVE-2026-47268 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an au...	nezhahq	nezha >= 0.20.0, < 2.0.10	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-47124	Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members_CVE-2026-47124 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any aut...	nezhahq	nezha >= 1.4.0, < 2.0.9	Jun 12, 2026	CVE
HIGH 7.1	CVE-2026-47120	Nezha Monitoring: RoleMember can fire other users’ cron tasks via AlertRule.FailTriggerTasks (no ownership check)_CVE-2026-47120 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleM...	nezhahq	nezha >= 1.4.0, < 2.0.8	Jun 12, 2026	CVE
HIGH 7.7	CVE-2026-46717	Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification_CVE-2026-46717 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's...	nezhahq	nezha >= 1.4.0, < 2.0.8	Jun 12, 2026	CVE
CRITICAL 9.9	CVE-2026-46716	Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron_CVE-2026-46716 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleM...	nezhahq	nezha >= 1.4.0, < 2.0.8	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-12131	CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection_CVE-2026-12131 A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \appl...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
NONE	484E67D2-FECD-	webstrike-framework_484E67D2-FECD-5024-AF09-510AF1A0AC36 WebStrike — Automated Web Pentesting Framework Created by NiMAA. A modular orchestration engine that conducts best-in-class Kali tools through a ph...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT
NONE	HACKREAD:B57203...	Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware_HACKREAD:B5720306F380B6EEC3BB344B8B5E795A Over 20 Linux packages were compromised in the Atomic Arch campaign, which abuses AUR ownership transfers to drop rootkit-like malware.	N/A	N/A	Jun 12, 2026	HACKREAD
NONE	THN:96229A308F6...	Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit_THN:96229A308F6E8434EB574698CBB95EB6 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoaB3XILLCN-oMr8vicgye6mcqKGYsgqgxPAGunmwASyrP3c7XgAxJTV8tsVPuRSmJ8ia7SZdS8hyphenhyp...	N/A	N/A	Jun 12, 2026	THN
CRITICAL 9.8	F0C31C9B-0A65-	Exploit for CVE-2026-20253_F0C31C9B-0A65-5448-9175-384AF0B76ABF No description provided...	N/A	N/A	Jun 12, 2026	GITHUBEXPLOIT