news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2025-64215	WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability_CVE-2025-64215 Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This is...	StylemixThemes	MasterStudy LMS Pro n/a	Jun 15, 2026	CVE
NONE	ED7FF4D6-F1DB-	xss-bypass-tester_ED7FF4D6-F1DB-56E3-A075-203EB0FB79EB No description provided...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
NONE	SCHNEIER:7723BF...	The FCC Wants to Eliminate Burner Phones_SCHNEIER:7723BF6584DCFB55D5E28C8CAF2C800F A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. > The FCC plans to do this by legally...	N/A	N/A	Jun 15, 2026	SCHNEIER
NONE	THN:176069D623A...	The Onboarding Password Mistake That Creates Unnecessary Risk_THN:176069D623AC480202DBE3DCA4408A57 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDj2pDJr4F9HBYmRTjOtetTz0h0vViw1lMZp6N0YAS5bGKv8ELJ1hjEcSffQg4xCTqhpIEkLchZxDXn-JNCQ...	N/A	N/A	Jun 15, 2026	THN
NONE	HACKREAD:2B2E3B...	Handala Hacking Group Claims Breach of California Water Service_HACKREAD:2B2E3B629956731882741657A045407A The Handala hacking group claims it has targeted California Water Service, leaking 5GB of customer database and GPS network files in its latest inf...	N/A	N/A	Jun 15, 2026	HACKREAD
CRITICAL 9.3	CVE-2026-5482	Remote Code Execution via Unrestricted File Upload in Responsive FileManager_CVE-2026-5482 Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint...	Tecrail	Responsive FileManager 9.14.0	Jun 15, 2026	CVE
CRITICAL 9.2	CVE-2026-49757	OAuth2/OIDC account takeover in AshAuthentication via email-based user matching_CVE-2026-49757 Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. ...	team-alembic	ash_authentication 0.1.0	Jun 15, 2026	CVE
MEDIUM 6.9	CVE-2026-34030	Improper branch-code validation in Wertheim SafeController Software allows file path manipulation_CVE-2026-34030 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created....	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE
MEDIUM 6.8	CVE-2026-34029	Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sensitive configuration data_CVE-2026-34029 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Sec...	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE
MEDIUM 6.9	CVE-2026-34028	Unauthenticated direct access to web data in Wertheim SafeController Software exposes files_CVE-2026-34028 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization...	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE