news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	7ACCD3E9-A98E-	kali-pentest-trainer_7ACCD3E9-A98E-57F2-991A-E1BD086988D4 WIFI PENTEST TRAINER Step-by-step guided pentesting GUI for Kali Linux Software by BulletB8 & Jett For authorised educational/training use only. On...	N/A	N/A	Jun 18, 2026	GITHUBEXPLOIT
CRITICAL 9.8	63792567-6E10-	Exploit for Improper Input Validation in Hoverfly_63792567-6E10-52EB-9FBC-843EABF2AB52 No description provided...	N/A	N/A	Jun 18, 2026	GITHUBEXPLOIT
NONE	50F7E38D-1A97-	Exploit for CVE-2026-38165_50F7E38D-1A97-54AA-9C2E-F4BFDA13C9D3 CVE-2026-38165 SSTI Velocity Server-Side Template Injection SSTI in XDocReport allows Remote Code Execution via Apache Velocity engine Bug Definiti...	N/A	N/A	Jun 18, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-48768	TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName_CVE-2026-48768 TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses u...	baptisteArno	typebot.io < 3.17.0	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-48764	TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass_CVE-2026-48764 TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether th...	baptisteArno	typebot.io < 3.17.2	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-12569	Remote Code Execution (RCE) vulnerability in Windchill PDMlink_CVE-2026-12569 A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited...	PTC	Windchill PDMLink	Jun 18, 2026	CVE
CRITICAL 9.8	9FE6A20B-74FB-	Exploit for Unrestricted Upload of File with Dangerous Type in Eclipse Business_Intelligence_And_Reporting_Tools_9FE6A20B-74FB-5120-9B1F-6A63ED38C6E3 CVE-2021-34427 Windows POC for CVE-2021-34427 affecting Birt Viewer Tested on Birt 4.8.0 Built with Claude Based on research here: https://bugs.ecl...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
NONE	MSSECURE:D54D5B...	Crypto Clipper uses Tor and worm-like propagation for persistence and control_MSSECURE:D54D5BE0EDA21A0BA0238706877C8E42 In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligen...	N/A	N/A	Jun 17, 2026	MSSECURE
NONE	MALWAREBYTES:3B...	Roblox developers are losing entire games to malware attacks_MALWAREBYTES:3B2D0E131B2A9A8F5DD26DF6F363AD38 Account theft usually ends with someone losing a password. This one ends with hackers walking off with the entire game. Developers behind some of ...	N/A	N/A	Jun 17, 2026	MALWAREBYTES
MEDIUM 5.1	CVE-2026-54386	marimo < 0.23.9 XSS via file Query Parameter in assets.py_CVE-2026-54386 marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject a...	marimo-team	marimo	Jun 17, 2026	CVE