news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.7	CVE-2026-42329	Iris has an Open Redirect issue_CVE-2026-42329 Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-10870	Shibby Tomato Web UI rc start_dhcpc os command injection_CVE-2026-10870 A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipula...	Shibby	Tomato 1.28.0000	Jun 4, 2026	CVE
HIGH 8.2	CVE-2025-69755	CVE-2025-69755_CVE-2025-69755 An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via ...	n/a	n/a n/a	Jun 4, 2026	CVE
HIGH 7.1	CVE-2025-67448	CVE-2025-67448_CVE-2025-67448 The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user inp...	n/a	n/a n/a	Jun 4, 2026	CVE
CRITICAL 9.8	CVE-2025-67447	CVE-2025-67447_CVE-2025-67447 The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does...	Neterbit	Neterbit NW-431F Router 20241014-IR03 and before	Jun 4, 2026	CVE
MEDIUM 6.6	CVE-2026-48480	netty-incubator-codec-ohttp OHttpVersionChunkDraft’s Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation_CVE-2026-48480 The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-...	netty	netty-incubator-codec-ohttp < 0.0.22.Final	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-41237	Froxlor has an incomplete fix for CVE-2026-30932_CVE-2026-41237 Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowi...	froxlor	froxlor < 2.3.7	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-41236	Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path_CVE-2026-41236 Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization pa...	froxlor	froxlor = 2.3.6	Jun 4, 2026	CVE
HIGH 8.6	CVE-2026-41235	Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement_CVE-2026-41235 Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell ...	froxlor	froxlor = 2.3.6	Jun 4, 2026	CVE
HIGH 7.6	CVE-2026-41234	Froxlor: BIND Zone File Injection via TXT Record Content_CVE-2026-41234 Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline charact...	froxlor	froxlor < 2.3.7	Jun 4, 2026	CVE