news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-9595	webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies_CVE-2026-9595 Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR W...	webpack-dev-server	webpack-dev-server	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-8683	Overly long URLs crash the Mattermost Desktop App_CVE-2026-8683 Mattermost Desktop App versions	Mattermost	Mattermost	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-5038	multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads_CVE-2026-5038 Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malf...	multer	multer 2.0.0-alpha.1	Jun 15, 2026	CVE
MEDIUM 4.8	CVE-2026-10634	Use-after-free in Zephyr native TCP net_tcp_foreach() due to dropping tcp_lock during the callback_CVE-2026-10634 Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAF...	zephyrproject	zephyr 2.5.0	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2025-15659	WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability_CVE-2025-15659 Contributor Cross Site Scripting (XSS) in Elizaibots	liseperu	Elizaibots n/a	Jun 15, 2026	CVE
MEDIUM 5.9	CVE-2025-15658	WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability_CVE-2025-15658 Administrator Cross Site Scripting (XSS) in WP Emmet	rewish	WP Emmet n/a	Jun 15, 2026	CVE
HIGH 7.5	THN:0C053FA1B9E...	One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files_THN:0C053FA1B9E28CFF8B119BFB93E9A94A ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH3B8zgsVZmHEyLi8McE-eOrGvwf6Uh3zyqWrttvaEddXJCot7sybI1o-Ly5Q1TtuEJx9BzXol3oaXSFdzFi...	N/A	N/A	Jun 15, 2026	THN
CRITICAL 9.2	DE40BC6F-7F50-	Exploit for CVE-2026-9277_DE40BC6F-7F50-5F83-B654-AEE371F307C5 CVE-2026-9277 - Shell-Quote Command Injection Exploit A specialized Proof of Concept PoC exploit script designed to verify and demonstrate CVE-2026...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
NONE	IMPERVABLOG:250...	Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant._IMPERVABLOG:250A3AD5186A262EDA974E570969EADA There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what ju...	N/A	N/A	Jun 15, 2026	IMPERVABLOG
NONE	H1:3803415	curl: Secure cookies leaked to HTTP origins through HTTPS forwarding proxy_H1:3803415 ## Summary: When curl accesses an `http://` origin through an HTTPS forwarding proxy, it sends Secure cookies in the request. The cookies travel in...	N/A	N/A	Jun 15, 2026	HACKERONE