MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.9	CVE-2026-45681	OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size_CVE-2026-45681 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-b...	open-telemetry	opentelemetry-ebpf-instrumentation < 0.9.0	Jun 2, 2026	CVE
MEDIUM 5.9	CVE-2026-45680	OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU_CVE-2026-45680 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe...	open-telemetry	opentelemetry-ebpf-instrumentation < 0.9.0	Jun 2, 2026	CVE
MEDIUM 6.5	CVE-2026-45679	OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages_CVE-2026-45679 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis...	open-telemetry	opentelemetry-ebpf-instrumentation < 0.9.0	Jun 2, 2026	CVE
MEDIUM 5.5	CVE-2026-45676	OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent_CVE-2026-45676 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF...	open-telemetry	opentelemetry-ebpf-instrumentation < 0.9.0	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-45554	NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes_CVE-2026-45554 NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-...	zauberzeug	nicegui < 3.12.0	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-45080	Klaw: Improper Access Control Allows Disclosure of Password Hash_CVE-2026-45080 Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of ...	Aiven-Open	klaw < 2.10.4	Jun 2, 2026	CVE
MEDIUM 5.4	CVE-2026-34460	NamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swapping_CVE-2026-34460 NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state paramete...	NamelessMC	Nameless < 2.2.5	Jun 2, 2026	CVE
MEDIUM 4.3	H1:3775183	PortSwigger Web Security: Incomplete fix for CVE-2022-35406: meta-redirect content-type check bypassable via parameter injection_H1:3775183 The fix for CVE-2022-35406 (#1541301) stops Burp from following a redirect when the response Content-Type/Content-Disposition would prevent HTML r...	N/A	N/A	Jun 1, 2026	HACKERONE
MEDIUM 6.5	CVE-2026-8993	Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks_CVE-2026-8993 D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom...	Ditec a.s.	D.Launcher 2	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-9730	Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update_CVE-2026-9730 The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This ...	jamesmuga	Remove NoFollow Commenter URL	Jun 2, 2026	CVE