Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	HACKREAD:93DAA7...	macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools_HACKREAD:93DAA706F3622B28554D356980224D24 A macOS XPC flaw let regular users disable CrowdStrike and Kandji tools, exposing security gaps that vendors patched after XM Cyber reported the se...	N/A	N/A	Jun 26, 2026	HACKREAD
HIGH 8.5	THN:E8D8161AFE5...	Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs_THN:E8D8161AFE599365E1D9D2A719B2C65B ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEig3gygt20RdznayWN2yru6wSgNt8CSdr16F8I-naxtPn837cr6v0uV0bXdhz36P1XYrpnjmzDXTAtH0wa43M...	N/A	N/A	Jun 26, 2026	THN
MEDIUM 5.4	0D5ACD84-8796-	Exploit for Cross-site Scripting in Docmost_0D5ACD84-8796-5644-A05C-46FADC4B35D4 CVE-2026-34212 Docmost accepted a javascript: URL inside an attachment node, preserved it through storage and rendering, and turned it back into a ...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
MEDIUM 5.4	0A738D4C-E642-	Exploit for Authorization Bypass Through User-Controlled Key in Docmost_0A738D4C-E642-58D3-988B-4E964946EC66 CVE-2026-34213 A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored ...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
HIGH 7.6	E61DF141-B3A8-	Exploit for CVE-2026-34207_E61DF141-B3A8-537B-8845-233051D12F82 CVE-2026-34207 The SSRF filter checked hostname text, but the actual destination was decided later by DNS. That gap let attacker-controlled Webhook...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
HIGH 8.3	22CFEBF4-738A-	Exploit for Missing Authorization in Plane_22CFEBF4-738A-52AD-B1A9-E066D3D33C80 CVE-2026-46558 Plane’s V2 asset subsystem trusted workspace slugs and asset UUIDs without enforcing the right membership checks, which let one auth...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
NONE	THN:73F078ED386...	New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries_THN:73F078ED386CEDEB92973C14C2CA14DB ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0PC1aWOiorYx2AGD7fl-IVefJBKPJvjy7sMo5MURoMlaq492QcSdpSqqdGZRZk3u3e6BMS7qVzrJXBuWk-k...	N/A	N/A	Jun 26, 2026	THN
CRITICAL 9.3	THN:051D862466E...	CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue_THN:051D862466EBE7A5DE6BB7DD92EA2EA6 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzGOpsiL9b-uwhocEgzazTFR251KJL6pnZAVCmzty7Nx0uR-vZ9r2-WP95IrRaKJtFoUxmBFbqrkt31Yn2MT...	N/A	N/A	Jun 26, 2026	THN
HIGH 7.5	CVE-2026-13283	CVE-2026-13283_CVE-2026-13283 Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific...	Google	Chrome 149.0.7827.201	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-10823	YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure_CVE-2026-10823 The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supp...	Unknown	YMC Filter	Jun 26, 2026	CVE