Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-53870	Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files_CVE-2026-53870 Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversa...	NousResearch	hermes-agent	Jun 17, 2026	CVE
HIGH 8.7	CVE-2026-53869	Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints_CVE-2026-53869 Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin val...	NousResearch	hermes-agent	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-48818	Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows_CVE-2026-48818 Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...	Kludex	starlette < 1.1.0	Jun 17, 2026	CVE
NONE	PACKETSTORM:223705	📄 D-Link DSL2600U rom-0 Admin Password Disclosure_PACKETSTORM:223705 Proof of concept that demonstrates a vulnerability in D-Link DSL2600U routers with firmware version 1.08 that allows unauthenticated attackers to d...	N/A	N/A	Jun 17, 2026	PACKETSTORM
MEDIUM 4.3	PACKETSTORM:223717	📄 EspoCRM 9.3.3 Server-Side Request Forgery_PACKETSTORM:223717 This Metasploit module exploits an authenticated server-side request forgery vulnerability in EspoCRM versions up to 9.3.3. The vulnerability exist...	N/A	N/A	Jun 17, 2026	PACKETSTORM
HIGH 9.3	PACKETSTORM:223724	📄 EternalBlue MS17-010 SMB Remote Code Execution_PACKETSTORM:223724 This Metasploit module exploits the SMBv1 vulnerability in Microsoft Windows MS17-010 known as EternalBlue...	N/A	N/A	Jun 17, 2026	PACKETSTORM
CRITICAL 9.1	PACKETSTORM:223728	📄 Grav CMS Remote Code Execution_PACKETSTORM:223728 This Python exploit targets a vulnerability in Grav CMS versions prior to 2.0.0-beta.2 by abusing the administrative Direct Install plugin feature ...	N/A	N/A	Jun 17, 2026	PACKETSTORM
NONE	PACKETSTORM:223751	📄 NTLM Relay to Self (HTTP to LDAP) Post Exploitation_PACKETSTORM:223751 This Metasploit module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, ...	N/A	N/A	Jun 17, 2026	PACKETSTORM
NONE	MALWAREBYTES:CD...	Rokarolla Android malware can take over your phone and steal banking logins_MALWAREBYTES:CD281B5B1598DA4052FDC6530458FE99 Researchers have analyzed a new Android banking Trojan called Rokarolla. It can effectively take over a device, steal banking and crypto login deta...	N/A	N/A	Jun 17, 2026	MALWAREBYTES
NONE	HACKREAD:8A844D...	FortiBleed Attack Exposes Fortinet Firewall Credentials in 194 Countries_HACKREAD:8A844DC6166DBB721F4895462E523677 Researchers say FortiBleed used stolen and tested credentials to access exposed Fortinet firewalls, putting major organizations and public agencies...	N/A	N/A	Jun 17, 2026	HACKREAD