news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-36608	CVE-2026-36608_CVE-2026-36608 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin inte...	Mercusys	Mercusys AC12G AC12G(EU)_V1_200909	Jun 3, 2026	CVE
HIGH 8.8	CVE-2026-36607	CVE-2026-36607_CVE-2026-36607 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (c...	Mercusys	Mercusys AC12G AC12G(EU)_V1_200909	Jun 3, 2026	CVE
HIGH 7.1	CVE-2026-36606	CVE-2026-36606_CVE-2026-36606 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mod...	n/a	n/a n/a	Jun 3, 2026	CVE
MEDIUM 6.5	CVE-2026-36605	CVE-2026-36605_CVE-2026-36605 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HT...	n/a	n/a n/a	Jun 3, 2026	CVE
MEDIUM 6.1	CVE-2026-20233	Cisco Webex Meetings Cross-Site Scripting Vulnerability_CVE-2026-20233 A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-s...	Cisco	Cisco Webex Meetings 39.7.7	Jun 3, 2026	CVE
HIGH 8.6	CVE-2026-20230	CVE-2026-20230_CVE-2026-20230 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified C...	Cisco	Cisco Unified Communications Manager N/A	Jun 3, 2026	CVE
MEDIUM 6.1	CVE-2026-20175	Cisco Finesse File Inclusion Vulnerability_CVE-2026-20175 A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user ...	Cisco	Cisco Finesse 11.0(1)ES_Rollback	Jun 3, 2026	CVE
HIGH 8.4	CVE-2026-7888	Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction._CVE-2026-7888 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that la...	Concrete CMS	Concrete CMS 5.0	Jun 3, 2026	CVE
MEDIUM 4.4	CVE-2026-45702	OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic_CVE-2026-45702 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZo...	OP-TEE	optee_os >= 4.3.0, < 4.11.0	Jun 3, 2026	CVE
MEDIUM 4.7	CVE-2026-45614	OP-TEE vulnerable to ECDH private key recovery_CVE-2026-45614 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZo...	OP-TEE	optee_os < 4.11.0	Jun 3, 2026	CVE