news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-12891	Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parser_CVE-2026-12891 A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-12112	Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse_CVE-2026-12112 A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active ...	Red Hat	Red Hat Satellite 6	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-11820	Community.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query string_CVE-2026-11820 Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: api_key and api_secret are declared no_log=Tr...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 5.5	CVE-2026-11819	Community.general: community.general keyring_info — os keyring passphrase returned in plaintext_CVE-2026-11819 Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase fro...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-11807	Eda-server: websocket missing authorization allows credential theft via activation_id spoofing_CVE-2026-11807 A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not...	Red Hat	Red Hat Ansible Automation Platform 2.5 2.5	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2025-64105	FOSSBilling: IDOR Vulnerability in Support Ticket Creation_CVE-2025-64105 FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions...	FOSSBilling	FOSSBilling >= 0.6.21, < 0.8.0	Jun 23, 2026	CVE
HIGH 10	01330BA9-9AFB-	vulnerability-assessment-metasploitable2_01330BA9-9AFB-5AA8-A3E2-3AB2FE216993 Vulnerability Assessment — Metasploitable 2 A end-to-end vulnerability assessment conducted against a controlled lab environment, documented in con...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
NONE	CCBEE2BE-146B-	darknet-mcp-server_CCBEE2BE-146B-5FC0-952D-5C95B8EACFB0 English \| 简体中文 \| 繁體中文 \| 한국어 \| Deutsch \| Español \| Français \| Italiano \| Dansk \| 日本語 \| Polski \| Русский \| Bosanski \| العربية \| Norsk \|...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
HIGH 8.1	C0FC9086-8648-	Exploit for CVE-2026-45156_C0FC9086-8648-5BF4-BFEE-F541B2675907 CVE-2026-45156: Nextcloud useroidc ID4me JWT Signature Bypass This repository contains the Proof of Concept PoC exploit script for CVE-2026-45156, ...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
NONE	1575A355-8763-	CyberSentinel-Pro-Web-Vulnerability-Scanner_1575A355-8763-5E2E-A49C-1D91E96B1054 CyberSentinel Pro CyberSentinel Pro is a web vulnerability scanner designed to help identify common security weaknesses in web applications and ser...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT