Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.8	CVE-2026-39998	Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup_CVE-2026-39998 Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof...	Apache Software Foundation	Apache APISIX 2.12.0	Jun 19, 2026	CVE
HIGH 8.6	CVE-2026-12104	Authenticated OS Command Injection in Bondix_CVE-2026-12104 OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an auth...	SIMA GmbH	Bondix Server	Jun 19, 2026	CVE
LOW 3	CVE-2026-49358	PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles_CVE-2026-49358 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `AbstractGenerator::$temporaryFiles` is ...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-21768	HCL Verse for Android is susceptible to an injection vulnerability_CVE-2026-21768 The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input...	HCLSoftware	Verse for Android 14.5.10	Jun 19, 2026	CVE
HIGH 8.5	CVE-2025-71326	AVAST Antivirus 25.11 Unquoted Service Path Privilege Escalation_CVE-2025-71326 AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute c...	Avast	AVAST Antivirus 25.11	Jun 19, 2026	CVE
HIGH 8.8	MALWAREBYTES:43...	Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap_MALWAREBYTES:430DE23FF1022B331371E640A7316DE9 Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Blu...	N/A	N/A	Jun 19, 2026	MALWAREBYTES
NONE	HACKREAD:3035D5...	eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks_HACKREAD:3035D5C64C91E08AF4597F8366D055C7 New York, USA, 19th June 2026, CyberNewswire	N/A	N/A	Jun 19, 2026	HACKREAD
NONE	THN:2E7E41D5C87...	CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices_THN:2E7E41D5C87E7DF228150E7B33834759 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0NmhjowFYAIQws_hl2u1bMpkeyma6TUk8UumS90AdqbBjW_NJ5h97i1yV9uJ_GT6zT8A9jaruiGkhqvn0jb...	N/A	N/A	Jun 19, 2026	THN
NONE	ED3B68F9-73E1-	Exploit for CVE-2026-54761_ED3B68F9-73E1-5640-84E4-63E57CA2FFFC CVE-2026-54761: Traefik Kubernetes Gateway crossProviderNamespaces Bypass PoC Description This repository contains a local Proof of Concept PoC for...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
MEDIUM 4.3	A421CF0C-0048-	Exploit for CVE-2026-11784_A421CF0C-0048-58EE-A8C4-F3EBF49171F1 CVE-2026-11784: CSRF to Arbitrary File Overwrite in Optimole WordPress Plugin Summary A Cross-Site Request Forgery CSRF vulnerability in the Optimo...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT