MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-10662	ahujasid blender-mcp ZIP File server.py requests.get server-side request forgery_CVE-2026-10662 A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get...	ahujasid	blender-mcp 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b	Jun 2, 2026	CVE
MEDIUM 5.7	CVE-2026-44654	LibreChat: Shared-agent editor can globally delete owner’s file records — breaks owner’s other private agents_CVE-2026-44654 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete...	danny-avila	LibreChat < 0.8.5	Jun 2, 2026	CVE
MEDIUM 6.5	CVE-2026-44653	LibreChat Shared MCP Server View Leaks Decrypted Admin Secrets_CVE-2026-44653 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to...	danny-avila	LibreChat < 0.8.4	Jun 2, 2026	CVE
MEDIUM 4.9	CVE-2026-41412	alf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension Script_CVE-2026-41412 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io e...	alfio-event	alf.io < 2.0-M5-2606	Jun 2, 2026	CVE
MEDIUM 5.1	CVE-2026-10688	ahujasid blender-mcp server.py execute_blender_code code injection_CVE-2026-10688 A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute...	ahujasid	blender-mcp 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-9732	EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update_CVE-2026-9732 The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, an...	planetshaker	EmergencyWP – Dead Man's switch & legacy deliverance	Jun 2, 2026	CVE
MEDIUM 4.4	CVE-2026-7421	Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting_CVE-2026-7421 The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to t...	passeum	Passeum Ticketing	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10692	johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos_CVE-2026-10692 A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_...	johnhuang316	code-index-mcp 2.0	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10691	wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos_CVE-2026-10691 A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manag...	wonderwhy-er	DesktopCommanderMCP 0.2.0	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10690	wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery_CVE-2026-10690 A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesyst...	wonderwhy-er	DesktopCommanderMCP 0.2.37	Jun 2, 2026	CVE