packetstorm - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	PACKETSTORM:221283	📄 4D Server Server-Side Request Forgery / Arbitrary File Read_PACKETSTORM:221283 Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain rea...	N/A	N/A	May 18, 2026	PACKETSTORM
HIGH 7.7	PACKETSTORM:221284	📄 Lobster_pro Arbitrary File Read / Server-Side Request Forgery_PACKETSTORM:221284 Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obta...	N/A	N/A	May 18, 2026	PACKETSTORM
NONE	PACKETSTORM:221272	📄 Bichon 1.0.2 Bearer Access Token Disclosure_PACKETSTORM:221272 Bichon version 1.0.2 accepts Bearer access tokens via GET requests which has the negative side affect of being disclosed in logs, REFERER headers, ...	N/A	N/A	May 18, 2026	PACKETSTORM
NONE	PACKETSTORM:221274	📄 Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure_PACKETSTORM:221274 Bichon version 1.0.2 suffers from a SOCKS5 proxy topology disclosure vulnerability via /list-proxy...	N/A	N/A	May 18, 2026	PACKETSTORM
NONE	PACKETSTORM:221273	📄 Bichon 1.0.2 Privilege Escalation_PACKETSTORM:221273 Bichon version 1.0.2 suffers from a vertical privilege escalation vulnerability via the account role assignment functionality...	N/A	N/A	May 18, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:221269	📄 CPanel/WHM CRLF Injection / Authentication Bypass / Remote Code Execution_PACKETSTORM:221269 This Metasploit module exploits CVE-2026-41940, a CRLF injection in cPanel/WHMs cpsrvd daemon that allows unauthenticated remote code execution as ...	N/A	N/A	May 18, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:221161	📄 HUSTOJ Zip Slip / Remote Code Execution_PACKETSTORM:221161 This Metasploit module demonstrates a remote code execution vulnerability in HUSTOJ. A user with administrative privileges can abuse the problemimp...	N/A	N/A	May 15, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:221082	📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection_PACKETSTORM:221082 Proof of concept code execution exploit for a server-side template injection vulnerability in WordPress Supsystic Contact Form plugin versions 1.7....	N/A	N/A	May 14, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:221081	📄 ePati Antikor NGFW 2.0.1301 Authentication Bypass_PACKETSTORM:221081 ePati Antikor NGFW version 2.0.1301 suffers from an authentication bypass vulnerability...	N/A	N/A	May 14, 2026	PACKETSTORM
CRITICAL 9.8	PACKETSTORM:221080	📄 PJPROJECT 2.16 Buffer Overflow_PACKETSTORM:221080 PJPROJECT versions 2.16 and below suffer from a heap buffer overflow vulnerability...	N/A	N/A	May 14, 2026	PACKETSTORM