news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	5ADF4FB7-C36C-	Exploit for CVE-2026-54597_5ADF4FB7-C36C-5BD4-B308-4478A6465507 CVE-2026-54597 — ITFlow Time-Based Blind SQL Injection Severity: High Advisory: GHSA-m63v-j7fw-hq2h Affected: ITFlow agent/ajax.php — expires param...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
NONE	BA5C381E-882D-	Exploit for CVE-2026-54596_BA5C381E-882D-5133-A105-3067A00C84CE CVE-2026-54596 - Authenticated SQL Injection via recurringinvoicefrequency Parameter Enables Full Database Exfiltration Severity: High Advisory: GH...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2026-50628	Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control_CVE-2026-50628 A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any oth...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-50627	Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator_CVE-2026-50627 The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issu...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-49875	Apache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils_CVE-2026-49875 Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurati...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
HIGH 7.8	CVE-2026-41158	GPU DDK – Backed sparse PMRs are not handled by deferred free mechanism after shrink_CVE-2026-41158 Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory all...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 12, 2026	CVE
MEDIUM 5.5	CVE-2026-41155	GPU DDK – SharedSecMem mapped into all GPU virtual address spaces_CVE-2026-41155 An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-34195	GPU DDK – Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes_CVE-2026-34195 Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel....	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 12, 2026	CVE
HIGH 7.8	CVE-2025-56814	CVE-2025-56814_CVE-2025-56814 A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metach...	n/a	n/a n/a	Jun 15, 2026	CVE
MEDIUM 5.5	CVE-2025-55663	CVE-2025-55663_CVE-2025-55663 A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Ser...	n/a	n/a n/a	Jun 15, 2026	CVE