Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-56099	OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input_CVE-2026-56099 OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input...	openbsd	src	Jun 18, 2026	CVE
MEDIUM 5.8	CVE-2026-48983	pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution_CVE-2026-48983 pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in p...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE
MEDIUM 5.8	CVE-2026-48982	pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race_CVE-2026-48982 pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE
MEDIUM 6.7	CVE-2026-48981	pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c_CVE-2026-48981 pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pam_usb calls xmlReadFile() with fla...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE
MEDIUM 6.3	CVE-2026-48980	pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic_CVE-2026-48980 pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION,...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE
NONE	THN:61A3E81EE06...	Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites_THN:61A3E81EE060D294ED20FB1D0B47CAB5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1-D7cu6ZQpoZXfPa_eYHuQijjkt6mJRjmoIS9eSnCGPPgyXNz-AChti_zkCGmlefTdBm5bvbyxXbrJVbpVJ...	N/A	N/A	Jun 19, 2026	THN
HIGH 8.7	CVE-2026-48716	nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write_CVE-2026-48716 nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path u...	HKUDS	nanobot <= 0.1.5.post3	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-47847	CVE-2026-47847_CVE-2026-47847 Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication healt...	Bitnami	bitnami/mariadb-galera 10.6.0	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-47846	CVE-2026-47846_CVE-2026-47846 Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured vi...	Bitnami	bitnami/cassandra 4.0.0	Jun 18, 2026	CVE
MEDIUM 5.4	CVE-2026-43915	Coturn: Stored Cross-Site Scripting (XSS) in web-admin interface via TURN username_CVE-2026-43915 Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerabi...	coturn	coturn < 4.11.0	Jun 18, 2026	CVE