MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-57946	Invidious – Private Playlist Disclosure via Unauthenticated RSS Feed Endpoint_CVE-2026-57946 Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private play...	iv-org	Invidious	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-57945	PhotoPrism – Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint_CVE-2026-57945 PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' ...	photoprism	photoprism	Jun 29, 2026	CVE
MEDIUM 6	CVE-2026-57943	LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint_CVE-2026-57943 LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users...	LibrePhotos	librephotos	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-57942	LibreTranslate – IP Spoofing via X-Forwarded-For Header_CVE-2026-57942 LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the get_remote_address() function that allows unaut...	LibreTranslate	LibreTranslate	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-56781	Teable – Unauthenticated Hidden Field Disclosure via Projection Parameter Override_CVE-2026-56781 Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field da...	teableio	teable	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-13592	liftoff-sr CIPster EtherNet IP Message append out-of-bounds write_CVE-2026-13592 A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter...	liftoff-sr	CIPster e8e9dba09bf56962807d3504b783ccdb6287f3e4	Jun 29, 2026	CVE
MEDIUM 6.8	CVE-2026-9105	Authenticated Stack-Based Buffer Overflow in TP-Link TL-WR841N Web Interface_CVE-2026-9105 An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated...	TP-Link Systems Inc.	TL-WR841N v14	Jun 29, 2026	CVE
MEDIUM 5.5	CVE-2026-13750	Snowflake CLI Sensitive Credential Exposure Through Debug Logging_CVE-2026-13750 Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent...	Snowflake	Snowflake CLI 3.0.0	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-13748	Snowflake CLI Arbitrary Local File Read and Exfiltration Through Improper File Path Restriction_CVE-2026-13748 Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitte...	Snowflake	Snowflake CLI 0.2.2	Jun 29, 2026	CVE
MEDIUM 5.9	CVE-2026-13742	Lack of signature verification before execution of downloaded content_CVE-2026-13742 Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An atta...	Honeywell Technologies	IQ MultiAccess IQ.v27	Jun 29, 2026	CVE