news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-12198	Microweber API Endpoint thumbnail_img userfiles_path path traversal_CVE-2026-12198 A weakness has been identified in Microweber up to 2.0.20. This affects the function userfiles_path of the file /api_nosession/thumbnail_img of the...	n/a	Microweber 2.0.0	Jun 15, 2026	CVE
HIGH 8.6	CVE-2026-12197	Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection_CVE-2026-12197 A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose ...	Ruijie	EG105G-P 2.340	Jun 14, 2026	CVE
MEDIUM 4.8	CVE-2026-12201	IObit Malware Fighter DLL permission_CVE-2026-12201 A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handle...	IObit	Malware Fighter 13.0	Jun 15, 2026	CVE
MEDIUM 6.9	CVE-2026-12200	Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow_CVE-2026-12200 A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32....	Ritlabs	TinyWeb Server 1.0	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-12207	medkey-org medkey HTTP REST API PatientController.php actionGetPatientById resource injection_CVE-2026-12207 A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientB...	medkey-org	medkey fc09b7ba9441ff590b72d428d5380834216b09ed	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-12206	Grit42 Grit data_table_entity.rb DataTableEntity sql injection_CVE-2026-12206 A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assay...	Grit42	Grit 0.1	Jun 15, 2026	CVE
MEDIUM 6.9	CVE-2026-12204	ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization_CVE-2026-12204 A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveInt...	n/a	ShopXO 6.7.0	Jun 15, 2026	CVE
MEDIUM 6.9	CVE-2026-12203	HKUDS AI-Trader Research Export agents.csv information disclosure_CVE-2026-12203 A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research...	HKUDS	AI-Trader 74caf996f78dcc0c657df8365c8544678a16e215	Jun 15, 2026	CVE
MEDIUM 4.8	CVE-2026-12202	Intelliants Subrion CMS Blocks Endpoint cross site scripting_CVE-2026-12202 A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks...	Intelliants	Subrion CMS 4.0.0	Jun 15, 2026	CVE
HIGH 8.7	CVE-2026-12187	GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection_CVE-2026-12187 A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file...	GL.iNet	GL-MT3000 4.4.0	Jun 14, 2026	CVE