news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-45687	Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage_CVE-2026-45687 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-45677	Rocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoS_CVE-2026-45677 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-33543	FOSSBilling: Authentication bypass allows unauthenticated administrator creation_CVE-2026-33543 FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/cre...	FOSSBilling	FOSSBilling < 0.8.0	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-33235	AutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating features_CVE-2026-33235 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6...	Significant-Gravitas	AutoGPT >= 0.1.0, < 0.6.52	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-32315	motionEye: World-Readable Configuration File Exposes Admin Password Hash_CVE-2026-32315 motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create th...	motioneye-project	motioneye < 0.44.0	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-31978	motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint_CVE-2026-31978 motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 ...	motioneye-project	motioneye < 0.44.0	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-13208	Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body_CVE-2026-13208 A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identit...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 24, 2026	CVE
MEDIUM 5.2	CVE-2026-13201	Kubevirt: virt-handler-rhel9: kubevirt: safepath openatnofollow symlink following via /proc/self/fd allows host file metadata modification_CVE-2026-13201 A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses O_PATH\|O_NOFOLLOW to obtain a file descriptor to a path leaf, but...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 24, 2026	CVE
HIGH 7.6	CVE-2026-11998	AngularJS XSS via SCE resource URL sanitization bypass_CVE-2026-11998 A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaS...	Google	AngularJS >=1.2.0-rc.3	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-9779	ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability_CVE-2026-9779 ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows ...	ATEN	Unizon 2.6.253.001	Jun 24, 2026	CVE