news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	THN:7B782DD6342...	Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries_THN:7B782DD6342D0803A9E4F4BA84097D55 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisV9q8kKe0eopbInTHgwScUvzjKlnPTpk74j7M6F-6BH46hVr9wcadvztA2RYJdKDQDzpV89bN4wH0hEL9qT...	N/A	N/A	Jun 22, 2026	THN
CRITICAL 9.3	CVE-2026-56447	MISP remote code execution via arbitrary rdkafka configuration path_CVE-2026-56447 MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary filesystem path. MISP subsequently parsed ...	misp	misp	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-56446	Authenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISP_CVE-2026-56446 MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can i...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.3	CVE-2026-56425	MISP AAD authentication plugin – Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection_CVE-2026-56425 The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow a...	misp	misp	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-56424	Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models_CVE-2026-56424 MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/edi...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.4	CVE-2026-56423	MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints_CVE-2026-56423 MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection hand...	misp	misp	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-54100	Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft_CVE-2026-54100 A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Window...	Red Hat	Red Hat OpenShift Container Platform 4	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-54099	Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters_CVE-2026-54099 A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that ...	Red Hat	Red Hat OpenShift Container Platform 4	Jun 22, 2026	CVE
HIGH 7.7	CVE-2026-42129	Path Traversal in Loki Datasource leads to Internal Information Disclosure_CVE-2026-42129 The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin'...	Grafana	Grafana OSS	Jun 22, 2026	CVE
CRITICAL 9.6	CVE-2026-28381	Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT_CVE-2026-28381 The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write fil...	Grafana	Snowflake Datasource 1.14.7	Jun 22, 2026	CVE