news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-54088	File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)_CVE-2026-54088 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
HIGH 7.8	CVE-2026-53925	Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration_CVE-2026-53925 Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interpret...	nicolargo	glances >= 4.0.8, < 4.5.5	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-46611	Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack_CVE-2026-46611 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/ser...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
HIGH 7.4	CVE-2026-46608	Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)_CVE-2026-46608 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable ...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
HIGH 7.8	CVE-2026-46607	Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution_CVE-2026-46607 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cac...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
HIGH 7.8	CVE-2026-46606	Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py_CVE-2026-46606 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engine...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
HIGH 8.4	CVE-2026-12921	Use after free in AzeoTech DAQFactory_CVE-2026-12921 In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files w...	AzeoTech	DAQFactory	Jun 25, 2026	CVE
HIGH 8.4	CVE-2026-12897	Out-of-bounds read in Horner Automation Cscape_CVE-2026-12897 Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exp...	Horner Automation	Cscape	Jun 25, 2026	CVE
NONE	A34DF1A1-2F25-	pentest-agent-vs-llm-benchmark-effectiveness_A34DF1A1-2F25-5439-9D41-0DCBBBB34A45 Backbone or Backbone-Architecture? A controlled study of LLM agents on web-penetration-testing CTFs. The scaffold around the model often decides mo...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT
HIGH 8.5	BD307E81-25CC-	Exploit for OS Command Injection in Tp-Link Tl-Wr802N_Firmware_BD307E81-25CC-59FA-B6D0-3D9C36E25857 CVE-2026-3227: TP-Link Router OS Command Injection For more Information see https://vulners.com/cve/CVE-2026-3227 A persistent, authenticated OS Co...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT