Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	MSF:EXPLOIT-MULTI-	Joplin Plugin Persistence_MSF:EXPLOIT-MULTI-PERSISTENCE-JOPLIN_PLUGIN- This module installs a malicious Joplin plugin .jpl into the target's Joplin plugin directory. The plugin executes the payload each time Joplin is ...	N/A	N/A	Jun 19, 2026	METASPLOIT
NONE	MSF:AUXILIARY-SERVER-	Quectel Cellular Modem Pivot (Serial AT)_MSF:AUXILIARY-SERVER-QUECTEL_MODEM- Opens a serial connection to a Quectel cellular modem and registers it as a 'modem' session capable of network pivoting. The Quectel modems have a ...	N/A	N/A	Jun 19, 2026	METASPLOIT
CRITICAL 10	FF7344F1-411D-	Exploit for Deserialization of Untrusted Data in Facebook React_FF7344F1-411D-55F1-B276-7221215B98DB CVE-2025-55182 — React2Shell Unauthenticated RCE in React Server Components Author: TYehan --- TL;DR A single unauthenticated HTTP request can exec...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
CRITICAL 9.2	B132E072-36D8-	Exploit for CVE-2026-42530_B132E072-36D8-5390-949D-A06FA9ADC7B5 CVE-2026-42530 Scanner for CVE-2026-42530, a use-after-free in nginx's HTTP/3 module. Affected: nginx 1.31.0, 1.31.1 Fixed: nginx 1.31.2 Usage pip ...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
MEDIUM 6.5	CVE-2026-49359	PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option_CVE-2026-49359 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
HIGH 7.6	CVE-2026-49290	Slopsmith has path traversal in archive extractors that allows arbitrary file write → potential RCE_CVE-2026-49290 Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a pat...	byrongamatos	slopsmith < 0.2.9-alpha.5	Jun 19, 2026	CVE
HIGH 7.4	CVE-2026-49287	Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction_CVE-2026-49287 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It a...	statamic	cms < 5.73.23	Jun 19, 2026	CVE
HIGH 8.1	CVE-2026-49286	PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)_CVE-2026-49286 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-49271	libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder_CVE-2026-49271 libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compress...	strukturag	libheif < 1.22.1	Jun 19, 2026	CVE
HIGH 7.1	CVE-2026-49339	Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user’s playlist_CVE-2026-49339 gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit `6dd71e6a3c966867ef8c900d359a...	sentriz	gonic < 0.21.0	Jun 19, 2026	CVE