CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-46496	HAX CMS: Stored XSS via ‘‘ component allows arbitrary JavaScript execution and token theft_CVE-2026-46496 HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to ...	haxtheweb	haxcms-nodejs < 26.0.0	Jun 5, 2026	CVE
CRITICAL 9.4	CVE-2026-46399	Authenticated Remote Code Execution via File Overwrite_CVE-2026-46399 HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file o...	haxtheweb	haxcms-nodejs < 26.0.0	Jun 5, 2026	CVE
CRITICAL 9.3	CVE-2026-46396	HAX CMS has a stored XSS via that allows access to sensitive client-side data and account takeover_CVE-2026-46396</span> </h3> <p class="advisory-desc" title="HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows `javascript:` URIs in the `src` attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the context of the victim’s browser and access sensitive data exposed to client-side scripts. Version 26.0.0 fixes the issue."> <span class="desc-text">HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to ...</span> </p> </a> </td> <td class="col-vendor"> haxtheweb </td> <td class="col-product"> haxcms-nodejs <span class="product-version">< 26.0.0</span> </td> <td class="col-date"> <time class="advisory-date">Jun 5, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="60227"> <td class="col-severity"> <span class="severity-badge severity-critical"> CRITICAL <span class="cvss-score">9.3</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-46395"> CVE-2026-46395 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=60227" class="advisory-title-link"> <h3 class="advisory-title" title="HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation_CVE-2026-46395"> <span class="title-text">HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation_CVE-2026-46395</span> </h3> <p class="advisory-desc" title="HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing key and forge arbitrary admin-level JSON Web Tokens (JWTs) allowing them to get full admin access with a single HTTP request. First, the function passes the literal string "0" as the HMAC signing key instead of the key parameter, making every HAXcms instance compute identical HMACs for the same input. Then, after computing the HMAC, the function concatenates the real key parameter which is "this.privateKey + this.salt", the system’s master signing secret is directly onto the output. The combined buffer is base64-encoded and returned as the token. Every base64url token produced has the same structure: 32 bytes HMAC keyed with "0" and N bytes of `privateKey+salt`. An attacker base64-decodes any token, discards the first 32 bytes, and reads the private key directly. The `/system/api/connectionSettings` endpoint is unauthenticated and returns multiple tokens generated by this function. A single GET request to this endpoint exposes the private key. The PHP backend implements this function correctly with the actual key and returns only the hash. The PHP version produces 44-character tokens whereas the broken Node.js version produces 139+ character tokens. Version 26.0.0 fixes the issue."> <span class="desc-text">HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js bac...</span> </p> </a> </td> <td class="col-vendor"> haxtheweb </td> <td class="col-product"> haxcms-nodejs <span class="product-version">< 26.0.0</span> </td> <td class="col-date"> <time class="advisory-date">Jun 5, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="60221"> <td class="col-severity"> <span class="severity-badge severity-critical"> CRITICAL <span class="cvss-score">10</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-46389"> CVE-2026-46389 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=60221" class="advisory-title-link"> <h3 class="advisory-title" title="UDS Identity Config has a client authentication bypass in `ClientIdAndKubernetesSecretAuthenticator`_CVE-2026-46389"> <span class="title-text">UDS Identity Config has a client authentication bypass in `ClientIdAndKubernetesSecretAuthenticator`_CVE-2026-46389</span> </h3> <p class="advisory-desc" title="UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the `client-kubernetes-secret` Keycloak client authenticator (shipped by `uds-identity-config` and consumed by UDS Core) causes the submitted `client_secret` to be overwritten with the mounted Kubernetes secret before comparison. An attacker who can reach the Keycloak token endpoint and knows a `client_id` using this authenticator can authenticate as that client with any `client_secret` value and obtain OAuth2 tokens scoped to the client's service account. In the case of the `uds-operator` client this token can be used to registry/modify other clients. Version 0.26.1 patches the issue."> <span class="desc-text">UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. I...</span> </p> </a> </td> <td class="col-vendor"> defenseunicorns </td> <td class="col-product"> uds-identity-config <span class="product-version">>= 0.11.0, < 0.26.1</span> </td> <td class="col-date"> <time class="advisory-date">Jun 5, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="60220"> <td class="col-severity"> <span class="severity-badge severity-critical"> CRITICAL <span class="cvss-score">9.8</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-10580"> CVE-2026-10580 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=60220" class="advisory-title-link"> <h3 class="advisory-title" title="Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API_CVE-2026-10580"> <span class="title-text">Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API_CVE-2026-10580</span> </h3> <p class="advisory-desc" title="The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::get_user_permissions(), which returns the same null sentinel for both administrators and unauthenticated visitors — a value that HippooPermissions::has_role_access() unconditionally interprets as full administrator access — causing override_extension_permission_callback() to assign __return_true as the permission callback for every WordPress and WooCommerce REST route cloned under /wc-hippoo/v1/ext/ by HippooControllerWithAuth::re_register_external_routes(), while the block_unauthorized_access() pre-dispatch guard fails to block unauthenticated users for the same reason. This makes it possible for unauthenticated attackers to invoke any core REST endpoint without credentials — most critically, sending a POST request to /wc-hippoo/v1/ext/wp/v2/users/ with a {"password":""} body to reset the password of any WordPress user, including the site administrator, and gain full administrative control of the site."> <span class="desc-text">The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all ...</span> </p> </a> </td> <td class="col-vendor"> hippooo </td> <td class="col-product"> Hippoo Mobile App for WooCommerce </td> <td class="col-date"> <time class="advisory-date">Jun 5, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="60210"> <td class="col-severity"> <span class="severity-badge severity-critical"> CRITICAL <span class="cvss-score">9.8</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="0C5B2896-9AE8-5699-A71E-66E4257B02BF"> 0C5B2896-9AE8- </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=60210" class="advisory-title-link"> <h3 class="advisory-title" title="root-ctf-2026_0C5B2896-9AE8-5699-A71E-66E4257B02BF"> <span class="title-text">root-ctf-2026_0C5B2896-9AE8-5699-A71E-66E4257B02BF</span> </h3> <p class="advisory-desc" title="Root- CTF 2026 - Date: 2026/06/05 - Location: NTUST National Taiwan University of Science and Technology - Organizer: OffSec OSCP+ Launch in Taiwan - Result: 4/4 – All Completed Score: 85 points Event Overview Root- is a 4-stage CTF competition held to..."> <span class="desc-text">Root- CTF 2026 - Date: 2026/06/05 - Location: NTUST National Taiwan University of Science and Technology - Organizer: OffSec OSCP+ Launch in Taiwan...</span> </p> </a> </td> <td class="col-vendor"> N/A </td> <td class="col-product"> N/A </td> <td class="col-date"> <time class="advisory-date">Jun 5, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-githubexploit">GITHUBEXPLOIT</span> </td> </tr> <tr class="advisory-row" data-post-id="60197"> <td class="col-severity"> <span class="severity-badge severity-critical"> CRITICAL <span class="cvss-score">9.6</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-11198"> CVE-2026-11198 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=60197" class="advisory-title-link"> <h3 class="advisory-title" title="CVE-2026-11198_CVE-2026-11198"> <span class="title-text">CVE-2026-11198_CVE-2026-11198</span> </h3> <p class="advisory-desc" title="Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)"> <span class="desc-text">Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a san...</span> </p> </a> </td> <td class="col-vendor"> Google </td> <td class="col-product"> Chrome <span class="product-version">149.0.7827.53</span> </td> <td class="col-date"> <time class="advisory-date">Jun 4, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="60182"> <td class="col-severity"> <span class="severity-badge severity-critical"> CRITICAL <span class="cvss-score">9.6</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-11095"> CVE-2026-11095 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=60182" class="advisory-title-link"> <h3 class="advisory-title" title="CVE-2026-11095_CVE-2026-11095"> <span class="title-text">CVE-2026-11095_CVE-2026-11095</span> </h3> <p class="advisory-desc" title="Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"> <span class="desc-text">Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the rend...</span> </p> </a> </td> <td class="col-vendor"> Google </td> <td class="col-product"> Chrome <span class="product-version">149.0.7827.53</span> </td> <td class="col-date"> <time class="advisory-date">Jun 4, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> <tr class="advisory-row" data-post-id="60181"> <td class="col-severity"> <span class="severity-badge severity-critical"> CRITICAL <span class="cvss-score">9.6</span> </span> </td> <td class="col-id"> <span class="advisory-id" title="CVE-2026-11094"> CVE-2026-11094 </span> </td> <td class="col-title"> <a href="https://zero.redgem.net/?p=60181" class="advisory-title-link"> <h3 class="advisory-title" title="CVE-2026-11094_CVE-2026-11094"> <span class="title-text">CVE-2026-11094_CVE-2026-11094</span> </h3> <p class="advisory-desc" title="Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"> <span class="desc-text">Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to p...</span> </p> </a> </td> <td class="col-vendor"> Google </td> <td class="col-product"> Chrome <span class="product-version">149.0.7827.53</span> </td> <td class="col-date"> <time class="advisory-date">Jun 4, 2026</time> </td> <td class="col-type"> <span class="advisory-type type-cve">CVE</span> </td> </tr> </tbody> </table> </div> <nav class="pagination" role="navigation" aria-label="Posts navigation"> <div class="pagination-links"> <a class="prev page-numbers" href="https://zero.redgem.net/?paged=6&page=715&tag=critical">← Prev</a> <a class="page-numbers" href="https://zero.redgem.net/?page=715&tag=critical">1</a> <span class="page-numbers dots">…</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=5&page=715&tag=critical">5</a> <a class="page-numbers" href="https://zero.redgem.net/?paged=6&page=715&tag=critical">6</a> <span aria-current="page" class="page-numbers current">7</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=8&page=715&tag=critical">8</a> <a class="page-numbers" href="https://zero.redgem.net/?paged=9&page=715&tag=critical">9</a> <span class="page-numbers dots">…</span> <a class="page-numbers" href="https://zero.redgem.net/?paged=733&page=715&tag=critical">733</a> <a class="next page-numbers" href="https://zero.redgem.net/?paged=8&page=715&tag=critical">Next →</a> </div> </nav> <div class="redgem-banner"> <div class="banner-content"> <div class="banner-icon"> <svg width="32" height="32" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/><path d="M9 12l2 2 4-4"/></svg> </div> <div class="banner-text"> <h3>Protect Your Attack Surface with RedGem</h3> <p>AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.</p> </div> <div class="banner-actions"> <a href="https://www.redgem.net" class="btn-primary" target="_blank" rel="noopener">Start Free Trial</a> <a href="https://www.redgem.net/demo" class="btn-secondary" target="_blank" rel="noopener">Request Demo</a> </div> </div> </div> </div> </div> </main><!-- #primary --> </div><!-- #content --> <footer id="colophon" class="site-footer"> <div class="footer-accent"></div> <div class="container"> <div class="footer-top"> <div class="footer-brand"> <div class="footer-logo"> <img src="https://www.redgem.net/logo.png" alt="zero redgem" width="100" height="80" class="footer-logo-img" /> </div> <p class="footer-tagline">Your trusted source for security vulnerabilities, exploits, and CVE intelligence. Part of the RedGem security platform.</p> <div class="footer-social"> <a href="#" aria-label="Twitter" title="Follow us on Twitter"> <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"/></svg> </a> <a href="#" aria-label="GitHub" title="View on GitHub"> <svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor"><path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23A11.509 11.509 0 0112 5.803c1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576C20.566 21.797 24 17.3 24 12c0-6.627-5.373-12-12-12z"/></svg> </a> <a href="https://zero.redgem.net/?feed=rss2" aria-label="RSS Feed" title="RSS Feed"> <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M4 11a9 9 0 0 1 9 9"/><path d="M4 4a16 16 0 0 1 16 16"/><circle cx="5" cy="19" r="1"/></svg> </a> </div> </div> <div class="footer-links-grid"> <div class="footer-section"> <h4>Quick Links</h4> <ul> <li><a href="https://zero.redgem.net/">Home</a></li> <li><a href="https://zero.redgem.net/?s=">Search</a></li> </ul> </div> <div class="footer-section"> <h4>RedGem Platform</h4> <ul> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Main Platform</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Asset Discovery</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Leakage Detection</a></li> <li><a href="https://www.redgem.net" target="_blank" rel="noopener">Vulnerability Scanners</a></li> </ul> </div> <div class="footer-section"> <h4>Security Resources</h4> <ul> <li><a href="https://cve.mitre.org/" target="_blank" rel="noopener">CVE Database</a></li> <li><a href="https://nvd.nist.gov/" target="_blank" rel="noopener">NVD</a></li> <li><a href="https://www.exploit-db.com/" target="_blank" rel="noopener">Exploit-DB</a></li> <li><a href="https://www.securityfocus.com/" target="_blank" rel="noopener">SecurityFocus</a></li> </ul> </div> </div> </div> <div class="footer-bottom"> <div class="footer-info"> <p>© 2026 zero redgem. All rights reserved.</p> <p>Powered by <a href="https://wordpress.org/" target="_blank" rel="noopener">WordPress</a> · RedGem Security Theme</p> </div> <div class="footer-badges"> <span class="footer-badge"> <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg> Secured </span> <span class="footer-badge"> <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 11.08V12a10 10 0 1 1-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg> Verified Data </span> </div> </div> </div> </footer> </div><!-- #page --> <script id="security-news-script-js-extra"> var securityNewsAjax = {"ajaxurl":"//zero.redgem.net/wp-admin/admin-ajax.php","nonce":"cc96d5207e"}; //# sourceURL=security-news-script-js-extra </script> <script src="https://zero.redgem.net/wp-content/themes/security-news/js/theme.js?ver=2.14.0" id="security-news-script-js"></script> <script id="wp-emoji-settings" type="application/json"> {"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://zero.redgem.net/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4"}} </script> <script type="module"> /! This file is auto-generated / const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything\|\|((t=a.source\|\|{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))}); //# sourceURL=https://zero.redgem.net/wp-includes/js/wp-emoji-loader.min.js </script> </body> </html>