Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-9220	Setracker2 Children’s Smartwatch Ecosystem Use of hard-coded cryptographic key_CVE-2026-9220 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hard...	Shenzhen i365-Tech Co. Ltd.	Setracker2 Parental Control App (Android) package com.tgelec.setracker 3.1.5	Jun 25, 2026	CVE
HIGH 8.3	CVE-2026-9219	Setracker2 Children’s Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers_CVE-2026-9219 Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment...	Shenzhen i365-Tech Co. Ltd.	Setracker2 Parental Control App (Android) package com.tgelec.setracker	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-43920	FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution_CVE-2026-43920 FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in ...	FOSSBilling	FOSSBilling >= 0.5.4, < 0.8.0	Jun 25, 2026	CVE
MEDIUM 6.4	CVE-2026-13318	Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip_CVE-2026-13318 A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a Virtua...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 25, 2026	CVE
MEDIUM 4.2	CVE-2026-13218	Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher_CVE-2026-13218 A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.W...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-13083	Pen-drive: pen-drive: stored xss via unescaped cluster data in html report_CVE-2026-13083 A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An ...	Red Hat	Pen Drive Powered by Red Hat Lightspeed	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-12993	Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset_CVE-2026-12993 A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE dec...	Red Hat	Red Hat build of Apicurio Registry 3	Jun 25, 2026	CVE
LOW 3.8	CVE-2026-13322	Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service_CVE-2026-13322 A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buff...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 26, 2026	CVE
NONE	E07672B6-E349-	netproto_toolkit_E07672B6-E349-5FE5-953E-0A86375F7597 netprototoolkit Network protocol security research toolkit in Python, covering the full workflow from traffic capture through protocol fuzzing to e...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT
NONE	MSSECURE:A4C90F...	StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them_MSSECURE:A4C90F6D8F83B1BF96EC12CDFC5FC84E In this article 1. The role of infostealers: From credential theft to intrusion 2. StealC: Infostealer for rent 3. Amadey: Malware-as-a-serv...	N/A	N/A	Jun 24, 2026	MSSECURE