CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2026-10983	CVE-2026-10983_CVE-2026-10983 Insufficient validation of untrusted input in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandb...	Google	Chrome 149.0.7827.53	Jun 4, 2026	CVE
CRITICAL 9	CVE-2026-45750	Termix Vulnerable to Arbitrary Command Execution in File Manager_CVE-2026-45750 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/...	Termix-SSH	Termix < 2.3.2	Jun 5, 2026	CVE
CRITICAL 9.8	CVE-2026-45748	Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection_CVE-2026-45748 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoi...	Termix-SSH	Termix < 2.3.2	Jun 5, 2026	CVE
CRITICAL 9	CVE-2026-45746	Termix Vulnerable to Arbitrary Command Execution via Session Hijacking_CVE-2026-45746 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Mana...	Termix-SSH	Termix < 2.3.2	Jun 5, 2026	CVE
CRITICAL 9.9	CVE-2026-45744	Termix has an OS Command Injection in File Manager resolvePath endpoint_CVE-2026-45744 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/...	Termix-SSH	Termix < 2.3.2	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2025-71318	NetMan 204 Missing Authentication for Administrative Functions_CVE-2025-71318 NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly reque...	Riello UPS	NetMan 204	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2025-71317	NetMan 204 Hard-coded Backdoor Credentials_CVE-2025-71317 NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticat...	Riello UPS	NetMan 204	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2026-46496	HAX CMS: Stored XSS via ‘‘ component allows arbitrary JavaScript execution and token theft_CVE-2026-46496 HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to ...	haxtheweb	haxcms-nodejs < 26.0.0	Jun 5, 2026	CVE
CRITICAL 9.4	CVE-2026-46399	Authenticated Remote Code Execution via File Overwrite_CVE-2026-46399 HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file o...	haxtheweb	haxcms-nodejs < 26.0.0	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2026-46396	HAX CMS has a stored XSS via that allows access to sensitive client-side data and account takeover_CVE-2026-46396</span> </h3> <p class="advisory-desc" title="HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows `javascript:` URIs in the `src` attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the context of the victim’s browser and access sensitive data exposed to client-side scripts. Version 26.0.0 fixes the issue."> <span class="desc-text">HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to ...</span> </p> </a> </td> <td class="col-vendor"> haxtheweb </td> <td class="col-product"> haxcms-nodejs <span class="product-version">< 26.0.0</span> </td> <td class="col-date"> <time class="advisory-date">Jun 5, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> </tbody> </table> </div> <nav class="pagination" role="navigation" aria-label="Posts navigation"> <div class="pagination-links"> <a class="prev page-numbers" href="https://zero.redgem.net/?paged=5&page=706&tag=critical">← Prev</a> <a class="page-numbers" href="https://zero.redgem.net/?page=706&tag=critical">1</a> <span class="page-numbers dots">…</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=4&page=706&tag=critical">4</a> <a class="page-numbers" href="https://zero.redgem.net/?paged=5&page=706&tag=critical">5</a> <span aria-current="page" class="page-numbers current">6</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=7&page=706&tag=critical">7</a> <a class="page-numbers" href="https://zero.redgem.net/?paged=8&page=706&tag=critical">8</a> <span class="page-numbers dots">…</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=732&page=706&tag=critical">732</a> <a class="next page-numbers" href="https://zero.redgem.net/?paged=7&page=706&tag=critical">Next →</a> </div> </nav> <div class="redgem-banner"> <div class="banner-content"> <div class="banner-icon"> <svg width="32" height="32" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/><path d="M9 12l2 2 4-4"/></svg> </div> <div class="banner-text"> <h3>Protect Your Attack Surface with RedGem</h3> <p>AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.</p> </div> <div class="banner-actions"> <a href="https://www.redgem.net" class="btn-primary" target="_blank" rel="noopener">Start Free Trial</a> <a href="https://www.redgem.net/demo" class="btn-secondary" target="_blank" rel="noopener">Request Demo</a> </div> </div> </div> </div> </div> </main><!-- #primary --> </div><!-- #content --> <footer id="colophon" class="site-footer"> <div class="footer-accent"></div> <div class="container"> <div class="footer-top"> <div class="footer-brand"> <div class="footer-logo"> <img src="https://www.redgem.net/logo.png" alt="zero redgem" width="100" height="80" class="footer-logo-img" /> </div> <p class="footer-tagline">Your trusted source for security vulnerabilities, exploits, and CVE intelligence. Part of the RedGem security platform.</p> <div class="footer-social"> <a href="#" aria-label="Twitter" title="Follow us on Twitter"> <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"/></svg> </a> <a href="#" aria-label="GitHub" title="View on GitHub"> <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23A11.509 11.509 0 0112 5.803c1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576C20.566 21.797 24 17.3 24 12c0-6.627-5.373-12-12-12z"/></svg> </a> <a href="https://zero.redgem.net/?feed=rss2" aria-label="RSS Feed" title="RSS Feed"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M4 11a9 9 0 0 1 9 9"/><path d="M4 4a16 16 0 0 1 16 16"/><circle cx="5" cy="19" r="1"/></svg> </a> </div> </div> <div class="footer-links-grid"> <div class="footer-section"> <h4>Quick Links</h4> <ul> <li><a href="https://zero.redgem.net/">Home</a></li> <li><a href="https://zero.redgem.net/?s=">Search</a></li> </ul> </div> <div class="footer-section"> <h4>RedGem Platform</h4> <ul> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Main Platform</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Asset Discovery</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Leakage Detection</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Vulnerability Scanners</a></li> </ul> </div> <div class="footer-section"> <h4>Security Resources</h4> <ul> <li><a href="https://cve.mitre.org/" target="_blank" rel="noopener">CVE Database</a></li> <li><a href="https://nvd.nist.gov/" target="_blank" rel="noopener">NVD</a></li> <li><a href="https://www.exploit-db.com/" target="_blank" rel="noopener">Exploit-DB</a></li> <li><a href="https://www.securityfocus.com/" target="_blank" rel="noopener">SecurityFocus</a></li> </ul> </div> </div> </div> <div class="footer-bottom"> <div class="footer-info"> <p>© 2026 zero redgem. All rights reserved.</p> <p>Powered by <a href="https://wordpress.org/" target="_blank" rel="noopener">WordPress</a> · RedGem Security Theme</p> </div> <div class="footer-badges"> <span class="footer-badge"> <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg> Secured </span> <span class="footer-badge"> <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 11.08V12a10 10 0 1 1-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg> Verified Data </span> </div> </div> </div> </footer> </div><!-- #page --> <script id="security-news-script-js-extra"> var securityNewsAjax = {"ajaxurl":"//zero.redgem.net/wp-admin/admin-ajax.php","nonce":"5e13eecffd"}; //# sourceURL=security-news-script-js-extra </script> <script src="https://zero.redgem.net/wp-content/themes/security-news/js/theme.js?ver=2.14.0" id="security-news-script-js"></script> <script id="wp-emoji-settings" type="application/json"> {"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://zero.redgem.net/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4"}} </script> <script type="module"> /! This file is auto-generated / const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything\|\|((t=a.source\|\|{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))}); //# sourceURL=https://zero.redgem.net/wp-includes/js/wp-emoji-loader.min.js </script> </body> </html>