news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-6242	Authenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520WS_CVE-2026-6242 An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplie...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6241	Authenticated Format String Vulnerability in ONVIF AddScopes Method on TP-Link Tapo C520WS_CVE-2026-6241 An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6240	Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C520WS_CVE-2026-6240 A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when han...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6239	Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520WS_CVE-2026-6239 A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
HIGH 7	CVE-2026-34123	Whitelist Validation Bypass in TP-Link Tapo C520WS_CVE-2026-34123 On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
NONE	FC7A6C9A-3171-	ccdd-poc_FC7A6C9A-3171-59C6-9828-21470DFE1CF9 ccdd-poc — ¿Dónde está el límite de un solucionador de issues con modelo chico? Serie de POCs que miden no opinan la viabilidad de la arquitectura ...	N/A	N/A	Jun 6, 2026	GITHUBEXPLOIT
CRITICAL 10	3DCD9D30-4F52-	Exploit for Deserialization of Untrusted Data in Facebook React_3DCD9D30-4F52-556E-8799-B5F055F48E4B React2Shell CVE-2025-55182 Next.js: CVE-2025-66478Unauthenticated RCE in React Server Components Flight Protocol - PoC Exploit Description React Se...	N/A	N/A	Jun 5, 2026	GITHUBEXPLOIT
HIGH 8.3	CVE-2026-11431	Path Traversal in Altium Projects Service Allows Arbitrary File Read_CVE-2026-11431 A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
CRITICAL 9.4	CVE-2026-11429	Path Traversal in Altium Git Service Allows Remote Code Execution_CVE-2026-11429 A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequenc...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
HIGH 8.3	CVE-2026-11424	Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information Disclosure_CVE-2026-11424 A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An auth...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE