news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	B6A66232-7621-	Sql-injection-scanner_B6A66232-7621-5872-A51D-EDDA3F824073 Sql-injection-scanner Developing a security scanning tool that can quickly, reliably, and automatically detect SQL Injection vulnerabilities in web...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	THN:7A6FC6E72B7...	Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign_THN:7A6FC6E72B7906A66B33E84A6B61E75E ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHsYcZgd4WIkN0k-b4_j7JxBgi0R0dzj0jSwSWVgItyIy88VoZK5z8BAiwjmYnou7YLrNuckCgQvnHXV2KYH...	N/A	N/A	Jun 26, 2026	THN
NONE	H1:3823932	curl: CURLOPT_HAPROXY_CLIENT_IP lacks input validation, enabling HAProxy PROXY protocol injection_H1:3823932 Summary The CURLOPT_HAPROXY_CLIENT_IP option accepts an arbitrary string without validating that it is a valid IP address, and without stripping...	N/A	N/A	Jun 25, 2026	HACKERONE
NONE	H1:3826199	curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0_H1:3826199 ## Summary When an application sets `CURLOPT_SSL_VERIFYPEER=0` while keeping `CURLOPT_SSL_VERIFYHOST=2` (the default), the mbedTLS, wolfSSL, and r...	N/A	N/A	Jun 26, 2026	HACKERONE
MEDIUM 6.1	CVE-2025-60465	CVE-2025-60465_CVE-2025-60465 A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to caus...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 7.8	CVE-2025-60464	CVE-2025-60464_CVE-2025-60464 A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to ca...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-38640	CVE-2026-38640_CVE-2026-38640 A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a...	n/a	n/a n/a	Jun 25, 2026	CVE
HIGH 8.3	CVE-2026-13281	CVE-2026-13281_CVE-2026-13281 Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially...	Google	Chrome 149.0.7827.201	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-57914	Apache Kerby: StackOverflow on parsing deeply nested ASN1 structures_CVE-2026-57914 By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to...	Apache Software Foundation	Apache Kerby	Jun 26, 2026	CVE
LOW 2.1	CVE-2026-57940	CVE-2026-57940_CVE-2026-57940 HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/adm...	danpros	HTMLy 3.1.1	Jun 26, 2026	CVE