exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	CVE-2026-48618	CVE-2026-48618_CVE-2026-48618 A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due t...	nodejs	node 22.22.3	Jun 26, 2026	CVE
MEDIUM 5.9	CVE-2026-48615	CVE-2026-48615_CVE-2026-48615 A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are em...	nodejs	node 22.22.3	Jun 26, 2026	CVE
MEDIUM 4.8	CVE-2026-8661	Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin_CVE-2026-8661 Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plug...	Rapid7	InsightConnect Markdown Plugin	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-13226	Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter_CVE-2026-13226 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter i...	trainingbusinesspros	Groundhogg — CRM, Newsletters, and Marketing Automation	Jun 26, 2026	CVE
HIGH 8.8	921E88F8-3925-	Exploit for CVE-2026-43503_921E88F8-3925-519D-9067-4928D48E9B4D CVE-2026-43503 — DirtyClone Linux local privilege escalation. A cloned skbuff loses the SKBFLSHAREDFRAG flag, so ESP in-place decryption writes int...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	1BF0634C-CE51-	Binary-Exploitation-and-Reverse-Engineering_1BF0634C-CE51-5BC4-9278-E457B1143B09 Binary Exploitation & Reverse Engineering Lab Hands-on memory-corruption exploitation and reverse engineering. Three escalating exploitation challe...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	MSSECURE:AA575A...	Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access_MSSECURE:AA575A60004644ACAFBF2293B2100746 In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligen...	N/A	N/A	Jun 25, 2026	MSSECURE
HIGH 7.1	CVE-2026-40941	Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages_CVE-2026-40941 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass all...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-40084	Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter_CVE-2026-40084 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report ...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-40083	Cacti: SQL Injection in managers.php_CVE-2026-40083 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+im...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE