news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-42895	Microsoft Copilot Tampering Vulnerability_CVE-2026-42895 {“lastseen”:””,”description”:””,”published”:”2026-06-19T20:27:46.785Z”,&#82...	Microsoft	Microsoft 365 Copilot -	Jun 19, 2026	CVE
HIGH 8.8	CVE-2026-32208	Microsoft Edge (Chromium-based) Spoofing Vulnerability_CVE-2026-32208 {“lastseen”:””,”description”:””,”published”:”2026-06-19T20:27:45.083Z”,&#82...	Microsoft	Microsoft Edge (Chromium-based) -	Jun 19, 2026	CVE
CRITICAL 9.9	44B81EDD-C298-	Exploit for Execution with Unnecessary Privileges in Percona Monitoring_And_Management_44B81EDD-C298-593E-9EA3-5225EF88AC36 CVE-2026-25212 POC for CVE-2026-25212...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
NONE	06A48C34-3736-	ARES_06A48C34-3736-5F41-A155-BAA9C3EE3639 Ares — AI Penetration Testing Engine Autonomous AI pentesting: recon → exploitation → structured report. Zero external dependencies. Zero cloud LLM...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
NONE	MSF:AUXILIARY-SERVER-	Quectel Cellular Modem Pivot (Serial AT)_MSF:AUXILIARY-SERVER-QUECTEL_MODEM- Opens a serial connection to a Quectel cellular modem and registers it as a 'modem' session capable of network pivoting. The Quectel modems have a ...	N/A	N/A	Jun 19, 2026	METASPLOIT
NONE	MSF:EXPLOIT-MULTI-	Joplin Plugin Persistence_MSF:EXPLOIT-MULTI-PERSISTENCE-JOPLIN_PLUGIN- This module installs a malicious Joplin plugin .jpl into the target's Joplin plugin directory. The plugin executes the payload each time Joplin is ...	N/A	N/A	Jun 19, 2026	METASPLOIT
CRITICAL 10	FF7344F1-411D-	Exploit for Deserialization of Untrusted Data in Facebook React_FF7344F1-411D-55F1-B276-7221215B98DB CVE-2025-55182 — React2Shell Unauthenticated RCE in React Server Components Author: TYehan --- TL;DR A single unauthenticated HTTP request can exec...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
CRITICAL 9.2	B132E072-36D8-	Exploit for CVE-2026-42530_B132E072-36D8-5390-949D-A06FA9ADC7B5 CVE-2026-42530 Scanner for CVE-2026-42530, a use-after-free in nginx's HTTP/3 module. Affected: nginx 1.31.0, 1.31.1 Fixed: nginx 1.31.2 Usage pip ...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
MEDIUM 6.5	CVE-2026-49359	PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option_CVE-2026-49359 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
HIGH 7.6	CVE-2026-49290	Slopsmith has path traversal in archive extractors that allows arbitrary file write → potential RCE_CVE-2026-49290 Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a pat...	byrongamatos	slopsmith < 0.2.9-alpha.5	Jun 19, 2026	CVE