exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-3820	Supermicro BMC’s SMTP service contains a command injection vulnerability_CVE-2026-3820 There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inje...	SMCI	AS-2115HS-TNR 01.08.01	Jun 4, 2026	CVE
CRITICAL 9.8	THN:E195CBEDCCA...	CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog_THN:E195CBEDCCA2595694FC42E56D695411 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8P5o_wfJsxsTaxY4OONIm2y5N5x9heoFeLchfLU13YA36tGQGJtu00tOCQSKhCTBFobAAWfhXLtNGMu8ZCG...	N/A	N/A	Jun 4, 2026	THN
MEDIUM 4.9	CVE-2026-50219	CVE-2026-50219_CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset ...	libexpat project	libexpat	Jun 4, 2026	CVE
HIGH 8.5	CVE-2026-49189	Broadcast Receiver Privilege Escalation_CVE-2026-49189 Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
HIGH 8.7	CVE-2026-49188	Elevated Root Command Execution via ai_cmd Sockets_CVE-2026-49188 The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to exe...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
HIGH 8.7	CVE-2026-49187	Hard-coded APK Resource Credentials & Scepters_CVE-2026-49187 The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
MEDIUM 6.7	CVE-2026-10805	Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend_CVE-2026-10805 A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malfo...	Red Hat	Multicluster Engine for Kubernetes	Jun 4, 2026	CVE
HIGH 8.5	CVE-2026-50206	VPN Command Injection Vulnerability_CVE-2026-50206 Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-50205	Plaintext Log Credential Leakage_CVE-2026-50205 System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
MEDIUM 6.9	CVE-2026-49204	Hard-coded AWS Cognito Testing Accounts_CVE-2026-49204 Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE