MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-42795	Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root_CVE-2026-42795 Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball...	Gleam	Gleam 0.10.0-rc1	Jun 2, 2026	CVE
MEDIUM 5.7	CVE-2026-41918	CVE-2026-41918_CVE-2026-41918 A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive informa...	Siemens	RUGGEDCOM RST2428P	Jun 2, 2026	CVE
MEDIUM 4.6	CVE-2026-32685	Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write_CVE-2026-32685 Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended docum...	Gleam	Gleam 1.16.0	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-32250	NamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/queries/user/_CVE-2026-32250 NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the i...	NamelessMC	Nameless = 2.2.4	Jun 2, 2026	CVE
MEDIUM 5.9	CVE-2026-28116	WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-28116 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emilia Projects Progress Planner allows Store...	Emilia Projects	Progress Planner n/a	Jun 2, 2026	CVE
MEDIUM 5.4	CVE-2026-27351	WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability_CVE-2026-27351 Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issu...	Sekander Badsha	Crew HRM n/a	Jun 2, 2026	CVE
MEDIUM 6.3	CVE-2026-7299	CVE-2026-7299_CVE-2026-7299 Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an au...	Appsmith	Appsmith	Jun 2, 2026	CVE
MEDIUM 6.3	CVE-2026-49753	HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing_CVE-2026-49753 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/...	elixir-mint	mint 0.1.0	Jun 2, 2026	CVE
MEDIUM 4.9	CVE-2026-45684	OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers_CVE-2026-45684 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, O...	open-telemetry	opentelemetry-ebpf-instrumentation >= 0.7.0, < 0.9.0	Jun 2, 2026	CVE
MEDIUM 5.1	CVE-2026-45682	OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals_CVE-2026-45682 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConc...	open-telemetry	opentelemetry-ebpf-instrumentation < 0.9.0	Jun 2, 2026	CVE