news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.8	CVE-2026-43924	FOSSBilling has an open redirect via administrator-configured redirect targets_CVE-2026-43924 FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL sche...	FOSSBilling	FOSSBilling < 0.8.0	Jun 3, 2026	CVE
HIGH 7.3	CVE-2026-42061	CVE-2026-42061_CVE-2026-42061 Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (W...	Acronis	Acronis DeviceLock DLP unspecified	Jun 3, 2026	CVE
MEDIUM 6.9	CVE-2026-40495	FOSSBilling version exposed via asset cache buster_CVE-2026-40495 FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache ...	FOSSBilling	FOSSBilling < 0.8.0	Jun 3, 2026	CVE
LOW 2	CVE-2026-10766	mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash_CVE-2026-10766 A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/...	n/a	mlrun 1.12.0-rc1	Jun 3, 2026	CVE
CRITICAL 9.8	3BCADBAC-E6C7-	Exploit for Prototype Pollution in Cure53 Dompurify_3BCADBAC-E6C7-5B3A-84E1-6938398220F9 DOMPurify re-clone bypass. Instead of relying on easily stripped source comments or version variables, this tool performs logic fingerprinting on m...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
NONE	MSF:EXPLOIT-MULTI-	Gogs Git Rebase Argument Injection RCE_MSF:EXPLOIT-MULTI-HTTP-GOGS_REBASE_RCE- This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a p...	N/A	N/A	Jun 3, 2026	METASPLOIT
CRITICAL 9.2	8AD1A192-E34A-	Exploit for CVE-2026-42945_8AD1A192-E34A-5E8C-A3B9-4AAECCED2A20 No description provided...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
MEDIUM 6.5	243CDB42-BE28-	Exploit for CVE-2026-2256_243CDB42-BE28-5810-BB45-078630950EB9 CVE-2026-2256-Threat-Model----ms-agent-Command-Injection...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
NONE	MALWAREBYTES:25...	We found this fake-invoice campaign while scammers were still building it_MALWAREBYTES:25837C9966B4BAC9D5751BE5031B9FC8 A new batch of fake payment invoices is being staged right now, and we caught the campaign while it was still being put together. The emails impers...	N/A	N/A	Jun 3, 2026	MALWAREBYTES
NONE	WIRED:1EAF5DF8A...	xAI Asks Court to Strip Alleged Grok Deepfake Nudes Victims of Anonymity_WIRED:1EAF5DF8A74C5E2543ACF401BFDFAF11 Four people suing Elon Musk's AI firm under pseudonyms due to the risks of being identified may face a difficult choice: Reveal your real names, or...	N/A	N/A	Jun 3, 2026	WIRED