news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	1875515F-1163-	Exploit for Unchecked Input for Loop Condition in Isc Bind_1875515F-1163-510B-A697-82A204A481CB CVE-2026-5950 - BIND 9 Resolver DoS Research notes and defensive guidance for CVE-2026-5950, an unbounded resend loop vulnerability in the BIND 9 r...	N/A	N/A	Jun 14, 2026	GITHUBEXPLOIT
MEDIUM 5.1	CVE-2026-12175	CodeAstro Student Attendance Management System createStudents.php sql injection_CVE-2026-12175 A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Adm...	CodeAstro	Student Attendance Management System 1.0	Jun 13, 2026	CVE
MEDIUM 5.3	CVE-2026-12176	SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting_CVE-2026-12176 A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown ...	SourceCodester	CET Automated Grading System with AI Predictive Analytics 1.0	Jun 13, 2026	CVE
NONE	82747345-EE8B-	OffSploit_82747345-EE8B-5EC0-928C-84E541E0C8DB OffSploit: Autonomous Exploit Adaptation & C2 Framework OffSploit is an advanced, autonomous Red Team and penetration testing framework designed to...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT
NONE	6D7408A2-2122-	POC_cve_2026_35273_6D7408A2-2122-5A74-A614-E322984ACCEE POCcve202635273 Universal Unauthenticated RCE via PeopleSoft SSRF Usage Examples : bash Basic command execution python3 exploit.py -u https://any-u...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT
NONE	H1:3795615	curl: Duplicate chunked Transfer-Encoding lets a malicious origin smuggle a response across reused HTTP proxy connections_H1:3795615 ## TL;DR A malicious HTTP origin can send `Transfer-Encoding: chunked, chunked, gzip` through a reusable HTTP proxy connection to bypass curl's "c...	N/A	N/A	Jun 11, 2026	HACKERONE
NONE	C59EAF7F-FEBE-	MeshCentral-RogueAgent_C59EAF7F-FEBE-5CF2-A77B-B0BEFA18269C MeshCentral RogueAgent A proof-of-concept exploit chain for a stored XSS vulnerability in MeshCentral that escalates to unauthenticated RCE across ...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT
HIGH 8.7	CVE-2026-12174	D-Link DCS-935L HTTP rhea snprintf format string_CVE-2026-12174 A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhe...	D-Link	DCS-935L 1.10.01	Jun 13, 2026	CVE
CRITICAL 10	D6099C25-1141-	Exploit for Deserialization of Untrusted Data in Facebook React_D6099C25-1141-56E6-8EF9-3CFD8897013F CVE-2025-55182 - React2Shell Pre-authentication RCE in React Server Components. Summary of the CVE A pre-authentication remote code execution vulne...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CDF7493E-7394-	Exploit for Authentication Bypass Using an Alternate Path or Channel in Gitlab_CDF7493E-7394-51A6-B8C6-ED65CE3C2ED6 CVE-2025-4524 WordPress Madara Theme 2.2.2.1 - Local File Inclusion ---...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT