news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-13498	yashpokharna2555 restaurent-management-system POST Parameter forgotpassword.php sql injection_CVE-2026-13498 A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unknown function of the file /forgotpassword.php o...	yashpokharna2555	restaurent-management-system 5f3eca87cb681366866a78038af17891c4c86612	Jun 28, 2026	CVE
MEDIUM 5.3	CVE-2026-13497	itsourcecode Hospital Management System appointment.php sql injection_CVE-2026-13497 A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment...	itsourcecode	Hospital Management System 1.0	Jun 28, 2026	CVE
MEDIUM 5.3	CVE-2026-13499	yashpokharna2555 restaurent-management-system Registration login_register.php cross site scripting_CVE-2026-13499 A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file login_register.p...	yashpokharna2555	restaurent-management-system 5f3eca87cb681366866a78038af17891c4c86612	Jun 28, 2026	CVE
MEDIUM 6.9	CVE-2026-13500	antlr ANTLR4 Grammar Action Block OutputFile.java code injection_CVE-2026-13500 A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/Output...	antlr	ANTLR4 4.13.0	Jun 28, 2026	CVE
HIGH 7.8	BB4649D8-A88F-	dirtyclone-exploit_BB4649D8-A88F-5CB7-A1EA-78182D4C96A8 DirtyClone Exploit Framework CVE-2026-46331 — Linux Kernel Local Privilege Escalation TC pedit + IPsec TEE Page Cache Corruption · Affected kernels...	N/A	N/A	Jun 28, 2026	GITHUBEXPLOIT
NONE	443EE359-CE13-	XFinder_443EE359-CE13-5055-94BC-ADC9E389907C XFinder External Attack Surface Management EASM — a lightweight, production-ready Python CLI that continuously discovers, monitors, enriches, and t...	N/A	N/A	Jun 28, 2026	GITHUBEXPLOIT
CRITICAL 9.8	9B9009B8-AC90-	Exploit for Missing Authentication for Critical Function in Rclone_9B9009B8-AC90-5EE8-BA73-9ADB1ADB091D CVE-2026-41179 — rclone RC API Unauthenticated RCE ⚠️ EDUCATIONAL PURPOSES ONLY This repository is intended strictly for security research, educati...	N/A	N/A	Jun 28, 2026	GITHUBEXPLOIT
MEDIUM 6.3	CVE-2026-13491	78 xiaozhi-esp32 MQTT Goodbye mqtt_protocol.cc GetInstance denial of service_CVE-2026-13491 A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/pro...	78	xiaozhi-esp32 2.2.0	Jun 28, 2026	CVE
MEDIUM 6.3	CVE-2026-13490	glpi-project glpi Document document.send.php canViewFile authorization_CVE-2026-13490 A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file f...	glpi-project	glpi 11.0.5	Jun 28, 2026	CVE
LOW 2.3	CVE-2026-13489	78 xiaozhi-esp32 MCP Response mcp_server.cc ParseMessage improper synchronization_CVE-2026-13489 A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc ...	78	xiaozhi-esp32 2.2.0	Jun 28, 2026	CVE