Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	CVE-2026-12505	Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall_CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user informati...	Red Hat	Red Hat Enterprise Linux 10	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-12407	E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter_CVE-2026-12407 The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. Th...	oleksandrz	E2Pdf – Export Pdf Tool for WordPress	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-10023	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers_CVE-2026-10023 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecu...	dokaninc	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy	Jun 18, 2026	CVE
NONE	2B2850BD-5CCC-	binary-exploitation-writeup_2B2850BD-5CCC-5FC9-BAFC-E1011A676871 Binary Exploitation — Buffer Overflow & Format String Attack Hands-on exploration of classic binary exploitation techniques on intentionally vulner...	N/A	N/A	Jun 18, 2026	GITHUBEXPLOIT
NONE	TRENDMICROBLOG:...	Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign_TRENDMICROBLOG:C4306C7FC6E583B0A1DD88D1E5A8F86D Cybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quie...	N/A	N/A	Jun 17, 2026	TRENDMICROBLOG
NONE	7ACCD3E9-A98E-	kali-pentest-trainer_7ACCD3E9-A98E-57F2-991A-E1BD086988D4 WIFI PENTEST TRAINER Step-by-step guided pentesting GUI for Kali Linux Software by BulletB8 & Jett For authorised educational/training use only. On...	N/A	N/A	Jun 18, 2026	GITHUBEXPLOIT
CRITICAL 9.8	63792567-6E10-	Exploit for Improper Input Validation in Hoverfly_63792567-6E10-52EB-9FBC-843EABF2AB52 No description provided...	N/A	N/A	Jun 18, 2026	GITHUBEXPLOIT
NONE	50F7E38D-1A97-	Exploit for CVE-2026-38165_50F7E38D-1A97-54AA-9C2E-F4BFDA13C9D3 CVE-2026-38165 SSTI Velocity Server-Side Template Injection SSTI in XDocReport allows Remote Code Execution via Apache Velocity engine Bug Definiti...	N/A	N/A	Jun 18, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-48768	TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName_CVE-2026-48768 TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses u...	baptisteArno	typebot.io < 3.17.0	Jun 17, 2026	CVE
HIGH 8.2	CVE-2026-48764	TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass_CVE-2026-48764 TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether th...	baptisteArno	typebot.io < 3.17.2	Jun 17, 2026	CVE