news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	AA94A761-B153-	Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager_AA94A761-B153-510F-9E5E-FF9EEAD8595B CVE-2026-38751 — OpenSTAManager Module Upload RCE Authenticated RCE via unvalidated ZIP upload in the module update endpoint. Affected: OpenSTAMana...	N/A	N/A	Jun 28, 2026	GITHUBEXPLOIT
NONE	53F5E36D-6808-	cudy-lt400-gcom-sms-rce_53F5E36D-6808-5272-9FCC-3FD96158324F Cudy LT400 — Authenticated Root OS Command Injection in luci-app-gcom SMS "send test" Class: CWE-78 — OS Command Injection Impact: Arbitrary comman...	N/A	N/A	Jun 28, 2026	GITHUBEXPLOIT
HIGH 10	4B37E2F7-AF8A-	Exploit for OS Command Injection in Openbsd Opensmtpd_4B37E2F7-AF8A-5A57-83D4-86CF8A47C6B9 OpenSMTPD 원격 명령 실행 취약점 CVE-2020-7247 개요 OpenSMTPD는 Unix 계열 운영체제에서 사용되는 SMTP 서버 프로그램이다. BSD, macOS, GNU/Linux 등에서...	N/A	N/A	Jun 28, 2026	GITHUBEXPLOIT
CRITICAL 10	D04820D4-9F40-	Exploit for Deserialization of Untrusted Data in Facebook React_D04820D4-9F40-5C85-B772-704D0DA3D09B react2shell-exploit React2Shell: CVE-2025-55182 POST / HTTP/1.1 Host: localhost:3000 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64 AppleWebKi...	N/A	N/A	Jun 28, 2026	GITHUBEXPLOIT
LOW 2	CVE-2026-13502	antlr ANTLR4 Maven Plugin GrammarDependencies.java ObjectInputStream.readObject toctou_CVE-2026-13502 A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main...	antlr	ANTLR4 4.13.0	Jun 28, 2026	CVE
MEDIUM 4.8	CVE-2026-13501	antlr ANTLR4 gofmt GoTarget.java GoTarget command injection_CVE-2026-13501 A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file tool/s...	antlr	ANTLR4 4.13.0	Jun 28, 2026	CVE
MEDIUM 6.9	CVE-2026-13498	yashpokharna2555 restaurent-management-system POST Parameter forgotpassword.php sql injection_CVE-2026-13498 A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unknown function of the file /forgotpassword.php o...	yashpokharna2555	restaurent-management-system 5f3eca87cb681366866a78038af17891c4c86612	Jun 28, 2026	CVE
MEDIUM 5.3	CVE-2026-13497	itsourcecode Hospital Management System appointment.php sql injection_CVE-2026-13497 A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment...	itsourcecode	Hospital Management System 1.0	Jun 28, 2026	CVE
MEDIUM 5.3	CVE-2026-13499	yashpokharna2555 restaurent-management-system Registration login_register.php cross site scripting_CVE-2026-13499 A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file login_register.p...	yashpokharna2555	restaurent-management-system 5f3eca87cb681366866a78038af17891c4c86612	Jun 28, 2026	CVE
MEDIUM 6.9	CVE-2026-13500	antlr ANTLR4 Grammar Action Block OutputFile.java code injection_CVE-2026-13500 A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/Output...	antlr	ANTLR4 4.13.0	Jun 28, 2026	CVE