news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.4	CVE-2026-49190	Missing Per-Instruction Authorization Checks_CVE-2026-49190 The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application instal...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
NONE	THN:1914490991B...	DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets_THN:1914490991B466716EED3AB4A2342670 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTf5wAHnoXtVauiln2MwlVvLc4LxcL8SBTLuW648LfFhUd8QyuOUfjmg0Hd91QlksmWF2u-PQhxHDTDmseMI...	N/A	N/A	Jun 4, 2026	THN
CRITICAL 9.8	021063E9-0EFC-	Exploit for SQL Injection in Wpdeveloper Notificationx_021063E9-0EFC-5BB3-A717-3C9223961E61 CVE-2024-1698 – NotificationX WordPress Plugin SQL Injection Time‑Based Blind Unauthenticated Time‑Based Blind SQL Injection → Extract admin userna...	N/A	N/A	Jun 4, 2026	GITHUBEXPLOIT
NONE	74A7BA4E-D496-	Exploit for CVE-2026-49975_74A7BA4E-D496-587B-A72A-FA0BE663F994 CVE-2026-49975 — HTTP/2 Bomb PoC Proof-of-concept exploit for CVE-2026-49975, a remote denial-of-service vulnerability in HTTP/2 server implementat...	N/A	N/A	Jun 4, 2026	GITHUBEXPLOIT
MEDIUM 5.8	CVE-2026-46447	CVE-2026-46447_CVE-2026-46447 OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.	OpenStack	Ironic 17.0.0	Jun 3, 2026	CVE
HIGH 8.6	CVE-2026-49186	Lack of MQTT Broker Topic Access Control Lists_CVE-2026-49186 The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
CRITICAL 10	CVE-2026-49185	Instruction Injection via FieldX MDM_CVE-2026-49185 The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
MEDIUM 5.9	CVE-2026-48681	CVE-2026-48681_CVE-2026-48681 OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.	OpenStack	Ironic 17.0.0	Jun 4, 2026	CVE
MEDIUM 4.9	CVE-2026-44917	CVE-2026-44917_CVE-2026-44917 OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_temp...	OpenStack	Ironic 17.0.0	Jun 4, 2026	CVE
CRITICAL 9.9	CVE-2026-41283	CVE-2026-41283_CVE-2026-41283 OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, whi...	OpenStack	Mistral 20.0.0	Jun 4, 2026	CVE