news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-11335	tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation_CVE-2026-11335 A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. T...	tittuvarghese	CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3	Jun 5, 2026	CVE
MEDIUM 6.9	CVE-2026-11334	tittuvarghese CollegeManagementSystem fetch.php sql injection_CVE-2026-11334 A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8e...	tittuvarghese	CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3	Jun 5, 2026	CVE
MEDIUM 5.3	CVE-2026-11333	tittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted upload_CVE-2026-11333 A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610...	tittuvarghese	CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3	Jun 5, 2026	CVE
HIGH 7.1	CVE-2025-59174	CVE-2025-59174_CVE-2025-59174 Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted ...	Ericsson	Packet Core Controller	Jun 5, 2026	CVE
CRITICAL 9.6	D941C451-6928-	Exploit for CVE-2026-48866_D941C451-6928-596E-8F60-A1FA724CCF70 --- ┌───────────────────────────────────────────────────────────┐ │ │ │ C V E - 2 0 2 6 - 4 8 8 6 6 │ │ │ │ Gravity Forms Path Traversal → Arbitrar...	N/A	N/A	Jun 5, 2026	GITHUBEXPLOIT
NONE	QUALYSBLOG:60D1...	Advancing Cybersecurity in the Age of Frontier AI: Qualys Steps into Project Glasswing_QUALYSBLOG:60D16A3D311E41CF4392798E379C6F5B The cybersecurity industry has spent much of the last two years debating how attackers might use AI. That debate matters, but it misses a larger po...	N/A	N/A	Jun 5, 2026	QUALYSBLOG
NONE	HACKREAD:1D37B2...	Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords_HACKREAD:1D37B22B6A0B5E80724BF3D61C9DD448 Threat actors are deploying an updated SHub Stealer variant named Reaper that exploits the native macOS Script Editor to bypass OS-level protection...	N/A	N/A	Jun 5, 2026	HACKREAD
NONE	SCHNEIER:B1D260...	AI Worm_SCHNEIER:B1D2603916F84F7F7C9F6533DC094D65 Researchers have prototyped an AI-powered internet worm. The coolest thing about the prototype is that it carries its own LLM with it, and runs it...	N/A	N/A	Jun 5, 2026	SCHNEIER
NONE	THN:38B4A872A5C...	New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework_THN:38B4A872A5CA191303381BD0807C4FBB ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiab_7FEmO4woH_bG4spUNJRFCFvvmpF9ggnhOlkIf7f0Ma7z4oEwL0MxFSe4CstBBQRLFsYxObArJESQWOkw...	N/A	N/A	Jun 5, 2026	THN
NONE	EDB-ID:52609	WordPress Contest Gallery 28.1.4 – Unauthenticated Blind SQL Injection_EDB-ID:52609 Exploit Title: WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection Google Dork: N/A Date: 2026-06-02 Exploit Author: cardosource...	N/A	N/A	Jun 5, 2026	EXPLOITDB