Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-49340	gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host_CVE-2026-49340 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in `ServeCreateOrUpdat...	sentriz	gonic < 0.21.0	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49338	Subsonic API: any authenticated user can delete or read any other user’s playlist (IDOR)_CVE-2026-49338 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints `/rest/de...	sentriz	gonic < 0.21.0	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-27878	Tempo TraceQL query with exemplar hint could result in unbounded memory usage_CVE-2026-27878 A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resultin...	Grafana	Enterprise Traces (GET) 2.6.1	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-12726	Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential_CVE-2026-12726 A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.status...	Red Hat	Red Hat Ansible Automation Platform 2	Jun 19, 2026	CVE
NONE	EA26B6D2-E45A-	cortex-plugin-hexstrike_EA26B6D2-E45A-5D45-930B-37F1EE561AD6 Example Plugin Brief one-line description of what this plugin does. Installation bash From marketplace cortex plugin install marketplace:example-pl...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
CRITICAL 10	A52A5B67-31DB-	Exploit for SQL Injection in Sangoma Freepbx_A52A5B67-31DB-5B86-B528-C2F4F2A57FB3 FreePBX 16 — Unauthenticated SQLi to RCE Proof-of-concept exploit chaining two FreePBX vulnerabilities to go from zero access to remote code execut...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
CRITICAL 9.8	B7F3888A-67A2-	Exploit for OS Command Injection in Ray_Project Ray_B7F3888A-67A2-5DAE-904A-1F178F5B69DD CVE-2023-6019 - Anyscale Ray Dashboard Unauthenticated RCE PoC exploit for CVE-2023-6019 — Remote Code Execution via unauthenticated Ray Dashboard ...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
NONE	THN:E7B27AF7990...	Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain_THN:E7B27AF79906373961790705D467275B ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIM725Ni41-PBwM_6zXNdsydP1eZO7oSsWIlAqpwdOu9dOcZM6ZI1iaqwSsL3yZKT4lbFRM-eZVq3ARKDbLR...	N/A	N/A	Jun 19, 2026	THN
NONE	THN:0B57AAEC379...	The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes_THN:0B57AAEC379BB19269BA5F6FA540F390 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjNWtaK_WkFnKnaLTIwg043i_I6YVi5XuZGVzh30SGeK-iutwr6t2Ed3S6Qk0V9uykYueDD5WETtQ4sW1QwG...	N/A	N/A	Jun 19, 2026	THN
NONE	267A765B-AF6E-	PhantomCommits-CTF_267A765B-AF6E-5280-849A-0BDCD33EBD9F STS-PR-13: Code Review CTF — Writeups Writeups for STS-PR-13: Conduct Security-Focused Code Review with Justification, a 3-challenge CTF built arou...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT