news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-42127	Grafana pre-auth DoS through arbitrarily large input to public dashboard query handler_CVE-2026-42127 The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive mem...	Grafana	Grafana Enterprise	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-12249	Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment_CVE-2026-12249 An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto...	N/A	N/A 0.13.0	Jun 22, 2026	CVE
MEDIUM 4.8	CVE-2026-11994	Akaunting 3.1.21 – Authenticated stored XSS in report description rendering_CVE-2026-11994 Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to c...	Akaunting	Akaunting 3.1.21	Jun 22, 2026	CVE
CRITICAL 9.6	CVE-2026-10789	MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop_CVE-2026-10789 A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerabili...	Autodesk	Fusion 2703.1.11	Jun 22, 2026	CVE
NONE	D6FF95FF-AB43-	Exploit for CVE-2026-39031_D6FF95FF-AB43-5C20-B2BF-73B8488C5B3D cve-2026-39031-lansweeper-lsrunase2-lsencrypt2 CVE-2026-39031 — offline plaintext password recovery for Lansweeper lsrunase 2.0 / lsencrypt 2.0 via...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
MEDIUM 5.9	A63E68C2-3F8F-	Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Trustwallet Trust_Wallet_Browser_Extension_A63E68C2-3F8F-5064-93CE-8E4051079D14 DONATE: bc1qps62cyk9f9unmdkc9k3ccj9e2h8ywfhg2j53ec Built with ❤️ for the crypto research community. 🚀 CVE-2023-31290 Scanner - Bitcoin & Ethereum ...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
NONE	MSSECURE:CF0DF7...	One intrusion, two cyberattackers: Uncovering parallel threat activity_MSSECURE:CF0DF7C3EB80152C88888F486283926B What began as a routine ransomware investigation quickly revealed something far more complex. In this ninth cyberattack series report, DART details...	N/A	N/A	Jun 22, 2026	MSSECURE
MEDIUM 4.2	MS:CVE-2026-12460	Chromium: CVE-2026-12460 Insufficient policy enforcement in File System Access_MS:CVE-2026-12460 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 7.5	MS:CVE-2026-12445	Chromium: CVE-2026-12445 Use after free in Extensions_MS:CVE-2026-12445 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 4.2	MS:CVE-2026-12457	Chromium: CVE-2026-12457 Insufficient data validation in Extensions_MS:CVE-2026-12457 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE